matrix_sdk/authentication/matrix/mod.rs
1// Copyright 2020 Damir Jelić
2// Copyright 2020 The Matrix.org Foundation C.I.C.
3// Copyright 2022 Famedly GmbH
4//
5// Licensed under the Apache License, Version 2.0 (the "License");
6// you may not use this file except in compliance with the License.
7// You may obtain a copy of the License at
8//
9// http://www.apache.org/licenses/LICENSE-2.0
10//
11// Unless required by applicable law or agreed to in writing, software
12// distributed under the License is distributed on an "AS IS" BASIS,
13// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14// See the License for the specific language governing permissions and
15// limitations under the License.
16
17//! Types to interact with the native Matrix authentication API.
18
19#[cfg(feature = "sso-login")]
20use std::future::Future;
21use std::{borrow::Cow, fmt};
22
23use matrix_sdk_base::{SessionMeta, store::RoomLoadSettings};
24use ruma::{
25 api::{
26 OutgoingRequest,
27 auth_scheme::SendAccessToken,
28 client::{
29 account::register,
30 session::{
31 get_login_types, login, logout, refresh_token, sso_login, sso_login_with_provider,
32 },
33 uiaa::{MatrixUserIdentifier, UserIdentifier},
34 },
35 },
36 serde::JsonObject,
37};
38use serde::{Deserialize, Serialize};
39use thiserror::Error;
40use tracing::{debug, error, info, instrument};
41
42use crate::{
43 Client, Error, RefreshTokenError, Result,
44 authentication::AuthData,
45 client::SessionChange,
46 error::{HttpError, HttpResult},
47 utils::UrlOrQuery,
48};
49
50mod login_builder;
51
52pub use self::login_builder::LoginBuilder;
53#[cfg(feature = "sso-login")]
54pub use self::login_builder::SsoLoginBuilder;
55use super::SessionTokens;
56
57/// A high-level API to interact with the native Matrix authentication API.
58///
59/// To access this API, use [`Client::matrix_auth()`].
60#[derive(Debug, Clone)]
61pub struct MatrixAuth {
62 client: Client,
63}
64
65/// Errors that can occur when using the SSO API.
66#[derive(Debug, Error)]
67pub enum SsoError {
68 /// The supplied callback URL used to complete SSO is invalid.
69 #[error("callback URL invalid")]
70 CallbackUrlInvalid,
71}
72
73impl MatrixAuth {
74 pub(crate) fn new(client: Client) -> Self {
75 Self { client }
76 }
77
78 /// Gets the homeserver’s supported login types.
79 ///
80 /// This should be the first step when trying to log in so you can call the
81 /// appropriate method for the next step.
82 pub async fn get_login_types(&self) -> HttpResult<get_login_types::v3::Response> {
83 let request = get_login_types::v3::Request::new();
84 self.client.send(request).await
85 }
86
87 /// Get the URL to use to log in via Single Sign-On.
88 ///
89 /// Returns a URL that should be opened in a web browser to let the user
90 /// log in.
91 ///
92 /// After a successful login, the loginToken received at the redirect URL
93 /// should be used to log in with [`login_token`].
94 ///
95 /// # Arguments
96 ///
97 /// * `redirect_url` - The URL that will receive a `loginToken` after a
98 /// successful SSO login.
99 ///
100 /// * `idp_id` - The optional ID of the identity provider to log in with.
101 ///
102 /// [`login_token`]: #method.login_token
103 pub async fn get_sso_login_url(
104 &self,
105 redirect_url: &str,
106 idp_id: Option<&str>,
107 ) -> Result<String> {
108 let homeserver = self.client.homeserver();
109 let supported_versions = self.client.supported_versions().await?;
110
111 let request = if let Some(id) = idp_id {
112 sso_login_with_provider::v3::Request::new(id.to_owned(), redirect_url.to_owned())
113 .try_into_http_request::<Vec<u8>>(
114 homeserver.as_str(),
115 SendAccessToken::None,
116 Cow::Owned(supported_versions),
117 )
118 } else {
119 sso_login::v3::Request::new(redirect_url.to_owned()).try_into_http_request::<Vec<u8>>(
120 homeserver.as_str(),
121 SendAccessToken::None,
122 Cow::Owned(supported_versions),
123 )
124 };
125
126 match request {
127 Ok(req) => Ok(req.uri().to_string()),
128 Err(err) => Err(Error::from(HttpError::IntoHttp(err))),
129 }
130 }
131
132 /// Log into the server with a username and password.
133 ///
134 /// This can be used for the first login as well as for subsequent logins,
135 /// note that if the device ID isn't provided a new device will be created.
136 ///
137 /// If this isn't the first login, a device ID should be provided through
138 /// [`LoginBuilder::device_id`] to restore the correct stores.
139 ///
140 /// Alternatively the [`restore_session`] method can be used to restore a
141 /// logged-in client without the password.
142 ///
143 /// # Arguments
144 ///
145 /// * `user` - The user ID or user ID localpart of the user that should be
146 /// logged into the homeserver.
147 ///
148 /// * `password` - The password of the user.
149 ///
150 /// # Examples
151 ///
152 /// ```no_run
153 /// # use url::Url;
154 /// # let homeserver = Url::parse("http://example.com").unwrap();
155 /// # futures_executor::block_on(async {
156 /// use matrix_sdk::Client;
157 ///
158 /// let client = Client::new(homeserver).await?;
159 /// let user = "example";
160 ///
161 /// let response = client
162 /// .matrix_auth()
163 /// .login_username(user, "wordpass")
164 /// .initial_device_display_name("My bot")
165 /// .await?;
166 ///
167 /// println!(
168 /// "Logged in as {user}, got device_id {} and access_token {}",
169 /// response.device_id, response.access_token,
170 /// );
171 /// # anyhow::Ok(()) });
172 /// ```
173 ///
174 /// [`restore_session`]: #method.restore_session
175 pub fn login_username(&self, id: impl AsRef<str>, password: &str) -> LoginBuilder {
176 self.login_identifier(
177 UserIdentifier::Matrix(MatrixUserIdentifier::new(id.as_ref().to_owned())),
178 password,
179 )
180 }
181
182 /// Log into the server with a user identifier and password.
183 ///
184 /// This is a more general form of [`login_username`][Self::login_username]
185 /// that also accepts third-party identifiers instead of just the user ID or
186 /// its localpart.
187 pub fn login_identifier(&self, id: UserIdentifier, password: &str) -> LoginBuilder {
188 LoginBuilder::new_password(self.clone(), id, password.to_owned())
189 }
190
191 /// Log into the server with a custom login type.
192 ///
193 /// # Arguments
194 ///
195 /// * `login_type` - Identifier of the custom login type, e.g.
196 /// `org.matrix.login.jwt`
197 ///
198 /// * `data` - The additional data which should be attached to the login
199 /// request.
200 ///
201 /// # Examples
202 ///
203 /// ```no_run
204 /// # use url::Url;
205 /// # let homeserver = Url::parse("http://example.com").unwrap();
206 /// # async {
207 /// use matrix_sdk::Client;
208 ///
209 /// let client = Client::new(homeserver).await?;
210 /// let user = "example";
211 ///
212 /// let response = client
213 /// .matrix_auth()
214 /// .login_custom(
215 /// "org.matrix.login.jwt",
216 /// [("token".to_owned(), "jwt_token_content".into())]
217 /// .into_iter()
218 /// .collect(),
219 /// )?
220 /// .initial_device_display_name("My bot")
221 /// .await?;
222 ///
223 /// println!(
224 /// "Logged in as {user}, got device_id {} and access_token {}",
225 /// response.device_id, response.access_token,
226 /// );
227 /// # anyhow::Ok(()) };
228 /// ```
229 pub fn login_custom(
230 &self,
231 login_type: &str,
232 data: JsonObject,
233 ) -> serde_json::Result<LoginBuilder> {
234 LoginBuilder::new_custom(self.clone(), login_type, data)
235 }
236
237 /// Log into the server with a token.
238 ///
239 /// This token is usually received in the SSO flow after following the URL
240 /// provided by [`get_sso_login_url`], note that this is not the access
241 /// token of a session.
242 ///
243 /// This should only be used for the first login.
244 ///
245 /// The [`restore_session`] method should be used to restore a logged-in
246 /// client after the first login.
247 ///
248 /// A device ID should be provided through [`LoginBuilder::device_id`] to
249 /// restore the correct stores, if the device ID isn't provided a new
250 /// device will be created.
251 ///
252 /// # Arguments
253 ///
254 /// * `token` - A login token.
255 ///
256 /// # Examples
257 ///
258 /// ```no_run
259 /// use matrix_sdk::Client;
260 /// # use url::Url;
261 /// # let homeserver = Url::parse("https://example.com").unwrap();
262 /// # let redirect_url = "http://localhost:1234";
263 /// # let login_token = "token";
264 /// # async {
265 /// let client = Client::new(homeserver).await.unwrap();
266 /// let auth = client.matrix_auth();
267 /// let sso_url = auth.get_sso_login_url(redirect_url, None);
268 ///
269 /// // Let the user authenticate at the SSO URL.
270 /// // Receive the loginToken param at the redirect_url.
271 ///
272 /// let response = auth
273 /// .login_token(login_token)
274 /// .initial_device_display_name("My app")
275 /// .await
276 /// .unwrap();
277 ///
278 /// println!(
279 /// "Logged in as {}, got device_id {} and access_token {}",
280 /// response.user_id, response.device_id, response.access_token,
281 /// );
282 /// # };
283 /// ```
284 ///
285 /// [`get_sso_login_url`]: #method.get_sso_login_url
286 /// [`restore_session`]: #method.restore_session
287 pub fn login_token(&self, token: &str) -> LoginBuilder {
288 LoginBuilder::new_token(self.clone(), token.to_owned())
289 }
290
291 /// A higher level wrapper around the methods to complete an SSO login after
292 /// the user has logged in through a webview. This method should be used
293 /// in tandem with [`MatrixAuth::get_sso_login_url`].
294 ///
295 /// # Arguments
296 ///
297 /// * `url_or_query` - The full callback URL carrying the login token, or
298 /// only its query string.
299 ///
300 /// # Examples
301 ///
302 /// ```no_run
303 /// use matrix_sdk::Client;
304 /// # use matrix_sdk::utils::UrlOrQuery;
305 /// # use url::Url;
306 /// # let homeserver = Url::parse("https://example.com").unwrap();
307 /// # let redirect_url = "http://localhost:1234";
308 /// # let url_or_query = UrlOrQuery::Query("loginToken=token".to_owned());
309 /// # async {
310 /// let client = Client::new(homeserver).await.unwrap();
311 /// let auth = client.matrix_auth();
312 /// let sso_url = auth.get_sso_login_url(redirect_url, None);
313 ///
314 /// // Let the user authenticate at the SSO URL.
315 /// // Receive the callback url or query string.
316 ///
317 /// let response = auth
318 /// .login_with_sso_callback(url_or_query)
319 /// .unwrap()
320 /// .initial_device_display_name("My app")
321 /// .await
322 /// .unwrap();
323 ///
324 /// println!(
325 /// "Logged in as {}, got device_id {} and access_token {}",
326 /// response.user_id, response.device_id, response.access_token,
327 /// );
328 /// # };
329 /// ```
330 pub fn login_with_sso_callback(
331 &self,
332 url_or_query: UrlOrQuery,
333 ) -> Result<LoginBuilder, SsoError> {
334 #[derive(Deserialize)]
335 struct QueryParameters {
336 #[serde(rename = "loginToken")]
337 login_token: Option<String>,
338 }
339
340 let query_string = url_or_query.query().unwrap_or_default();
341 let query: QueryParameters =
342 serde_html_form::from_str(query_string).map_err(|_| SsoError::CallbackUrlInvalid)?;
343 let token = query.login_token.ok_or(SsoError::CallbackUrlInvalid)?;
344
345 Ok(self.login_token(token.as_str()))
346 }
347
348 /// Log into the server via Single Sign-On.
349 ///
350 /// This takes care of the whole SSO flow:
351 /// * Spawn a local http server
352 /// * Provide a callback to open the SSO login URL in a web browser
353 /// * Wait for the local http server to get the loginToken
354 /// * Call [`login_token`]
355 ///
356 /// If cancellation is needed the method should be wrapped in a cancellable
357 /// task. **Note** that users with root access to the system have the
358 /// ability to snoop in on the data/token that is passed to the local
359 /// HTTP server that will be spawned.
360 ///
361 /// If you need more control over the SSO login process, you should use
362 /// [`get_sso_login_url`] and [`login_token`] directly.
363 ///
364 /// This should only be used for the first login.
365 ///
366 /// The [`restore_session`] method should be used to restore a logged-in
367 /// client after the first login.
368 ///
369 /// # Arguments
370 ///
371 /// * `use_sso_login_url` - A callback that will receive the SSO Login URL.
372 /// It should usually be used to open the SSO URL in a browser and must
373 /// return `Ok(())` if the URL was successfully opened. If it returns
374 /// `Err`, the error will be forwarded.
375 ///
376 /// # Examples
377 ///
378 /// ```no_run
379 /// use matrix_sdk::Client;
380 /// # use url::Url;
381 /// # let homeserver = Url::parse("https://example.com").unwrap();
382 /// # async {
383 /// let client = Client::new(homeserver).await.unwrap();
384 ///
385 /// let response = client
386 /// .matrix_auth()
387 /// .login_sso(|sso_url| async move {
388 /// // Open sso_url
389 /// Ok(())
390 /// })
391 /// .initial_device_display_name("My app")
392 /// .await
393 /// .unwrap();
394 ///
395 /// println!(
396 /// "Logged in as {}, got device_id {} and access_token {}",
397 /// response.user_id, response.device_id, response.access_token
398 /// );
399 /// # };
400 /// ```
401 ///
402 /// [`get_sso_login_url`]: #method.get_sso_login_url
403 /// [`login_token`]: #method.login_token
404 /// [`restore_session`]: #method.restore_session
405 #[cfg(feature = "sso-login")]
406 pub fn login_sso<F, Fut>(&self, use_sso_login_url: F) -> SsoLoginBuilder<F>
407 where
408 F: FnOnce(String) -> Fut + Send,
409 Fut: Future<Output = Result<()>> + Send,
410 {
411 SsoLoginBuilder::new(self.clone(), use_sso_login_url)
412 }
413
414 /// Is the client logged in using the native Matrix authentication API.
415 pub fn logged_in(&self) -> bool {
416 self.client
417 .auth_ctx()
418 .auth_data
419 .get()
420 .is_some_and(|auth_data| matches!(auth_data, AuthData::Matrix))
421 }
422
423 /// Refresh the access token.
424 ///
425 /// When support for [refreshing access tokens] is activated on both the
426 /// homeserver and the client, access tokens have an expiration date and
427 /// need to be refreshed periodically. To activate support for refresh
428 /// tokens in the [`Client`], it needs to be done at login with the
429 /// [`LoginBuilder::request_refresh_token()`] method, or during account
430 /// registration.
431 ///
432 /// This method doesn't need to be called if
433 /// [`ClientBuilder::handle_refresh_tokens()`] is called during construction
434 /// of the `Client`. Otherwise, it should be called once when a refresh
435 /// token is available and an [`UnknownToken`] error is received.
436 /// If this call fails with another [`UnknownToken`] error, it means that
437 /// the session needs to be logged in again.
438 ///
439 /// It can also be called at any time when a refresh token is available, it
440 /// will invalidate the previous access token.
441 ///
442 /// The new tokens in the response will be used by the `Client` and should
443 /// be persisted to be able to [restore the session]. The response will
444 /// always contain an access token that replaces the previous one. It
445 /// can also contain a refresh token, in which case it will also replace
446 /// the previous one.
447 ///
448 /// This method is protected behind a lock, so calling this method several
449 /// times at once will only call the endpoint once and all subsequent calls
450 /// will wait for the result of the first call. The first call will
451 /// return `Ok(Some(response))` or the [`HttpError`] returned by the
452 /// endpoint, while the others will return `Ok(None)` if the token was
453 /// refreshed by the first call or a [`RefreshTokenError`] error, if it
454 /// failed.
455 ///
456 /// # Examples
457 ///
458 /// ```no_run
459 /// use matrix_sdk::{Client, Error};
460 /// use url::Url;
461 /// # async {
462 /// # fn get_credentials() -> (&'static str, &'static str) { ("", "") };
463 /// # fn persist_session(_: Option<matrix_sdk::AuthSession>) {};
464 ///
465 /// let homeserver = Url::parse("http://example.com")?;
466 /// let client = Client::new(homeserver).await?;
467 ///
468 /// let (user, password) = get_credentials();
469 /// let response = client
470 /// .matrix_auth()
471 /// .login_username(user, password)
472 /// .initial_device_display_name("My App")
473 /// .request_refresh_token()
474 /// .send()
475 /// .await?;
476 ///
477 /// persist_session(client.session());
478 ///
479 /// // Handle when an `M_UNKNOWN_TOKEN` error is encountered.
480 /// async fn on_unknown_token_err(client: &Client) -> Result<(), Error> {
481 /// let auth = client.matrix_auth();
482 ///
483 /// if client
484 /// .session_tokens()
485 /// .and_then(|tokens| tokens.refresh_token)
486 /// .is_some()
487 /// && auth.refresh_access_token().await.is_ok()
488 /// {
489 /// persist_session(client.session());
490 /// return Ok(());
491 /// }
492 ///
493 /// let (user, password) = get_credentials();
494 /// auth.login_username(user, password)
495 /// .request_refresh_token()
496 /// .send()
497 /// .await?;
498 ///
499 /// persist_session(client.session());
500 ///
501 /// Ok(())
502 /// }
503 /// # anyhow::Ok(()) };
504 /// ```
505 ///
506 /// [refreshing access tokens]: https://spec.matrix.org/v1.3/client-server-api/#refreshing-access-tokens
507 /// [`UnknownToken`]: ruma::api::error::ErrorKind::UnknownToken
508 /// [restore the session]: Client::restore_session
509 /// [`ClientBuilder::handle_refresh_tokens()`]: crate::ClientBuilder::handle_refresh_tokens
510 pub async fn refresh_access_token(&self) -> Result<(), RefreshTokenError> {
511 macro_rules! fail {
512 ($lock:expr, $err:expr) => {
513 let error = $err;
514 *$lock = Err(error.clone());
515 return Err(error);
516 };
517 }
518
519 let refresh_token_lock = &self.client.auth_ctx().refresh_token_lock;
520 let Ok(mut guard) = refresh_token_lock.try_lock() else {
521 // Somebody else is also doing a token refresh; wait for it to finish first.
522 return refresh_token_lock.lock().await.clone();
523 };
524
525 let Some(mut session_tokens) = self.client.session_tokens() else {
526 fail!(guard, RefreshTokenError::RefreshTokenRequired);
527 };
528 let Some(refresh_token) = session_tokens.refresh_token.clone() else {
529 fail!(guard, RefreshTokenError::RefreshTokenRequired);
530 };
531
532 let request = refresh_token::v3::Request::new(refresh_token);
533 let res = self.client.send_inner(request, None, Default::default()).await;
534
535 match res {
536 Ok(res) => {
537 *guard = Ok(());
538
539 session_tokens.access_token = res.access_token;
540 if let Some(refresh_token) = res.refresh_token {
541 session_tokens.refresh_token = Some(refresh_token);
542 }
543
544 self.client.auth_ctx().set_session_tokens(session_tokens);
545
546 if let Some(save_session_callback) =
547 self.client.inner.auth_ctx.save_session_callback.get()
548 && let Err(err) = save_session_callback(self.client.clone())
549 {
550 error!("when saving session after refresh: {err}");
551 }
552
553 _ = self
554 .client
555 .inner
556 .auth_ctx
557 .session_change_sender
558 .send(SessionChange::TokensRefreshed);
559
560 Ok(())
561 }
562 Err(error) => {
563 let error = RefreshTokenError::MatrixAuth(error.into());
564 fail!(guard, error);
565 }
566 }
567 }
568
569 /// Register a user to the server.
570 ///
571 /// If registration was successful and a session token was returned by the
572 /// server, the client session is set (the client is logged in).
573 ///
574 /// # Arguments
575 ///
576 /// * `registration` - The easiest way to create this request is using the
577 /// [`register::v3::Request`] itself.
578 ///
579 /// # Examples
580 ///
581 /// ```no_run
582 /// use matrix_sdk::{
583 /// Client,
584 /// ruma::api::client::{
585 /// account::register::v3::Request as RegistrationRequest, uiaa,
586 /// },
587 /// };
588 /// # use url::Url;
589 /// # let homeserver = Url::parse("http://example.com").unwrap();
590 /// # async {
591 ///
592 /// let mut request = RegistrationRequest::new();
593 /// request.username = Some("user".to_owned());
594 /// request.password = Some("password".to_owned());
595 /// request.auth = Some(uiaa::AuthData::FallbackAcknowledgement(
596 /// uiaa::FallbackAcknowledgement::new("foobar".to_owned()),
597 /// ));
598 ///
599 /// let client = Client::new(homeserver).await.unwrap();
600 /// client.matrix_auth().register(request).await;
601 /// # };
602 /// ```
603 #[instrument(skip_all)]
604 pub async fn register(&self, request: register::v3::Request) -> Result<register::v3::Response> {
605 let homeserver = self.client.homeserver();
606 info!("Registering to {homeserver}");
607
608 #[cfg(feature = "e2e-encryption")]
609 let login_info = match (&request.username, &request.password) {
610 (Some(u), Some(p)) => Some(login::v3::LoginInfo::Password(login::v3::Password::new(
611 UserIdentifier::Matrix(MatrixUserIdentifier::new(u.into())),
612 p.clone(),
613 ))),
614 _ => None,
615 };
616
617 let response = self.client.send(request).await?;
618 if let Some(session) = MatrixSession::from_register_response(&response) {
619 let _ = self
620 .set_session(
621 session,
622 RoomLoadSettings::default(),
623 #[cfg(feature = "e2e-encryption")]
624 login_info,
625 )
626 .await;
627 }
628 Ok(response)
629 }
630 /// Log out the current user.
631 pub async fn logout(&self) -> HttpResult<logout::v3::Response> {
632 let request = logout::v3::Request::new();
633 self.client.send(request).await
634 }
635
636 /// Get the whole native Matrix authentication session info of this client.
637 ///
638 /// Will be `None` if the client has not been logged in with the native
639 /// Matrix Authentication API.
640 ///
641 /// Can be used with [`MatrixAuth::restore_session`] to restore a previously
642 /// logged-in session.
643 pub fn session(&self) -> Option<MatrixSession> {
644 let meta = self.client.session_meta()?;
645 let tokens = self.client.session_tokens()?;
646 Some(MatrixSession { meta: meta.to_owned(), tokens })
647 }
648
649 /// Restore a previously logged in session.
650 ///
651 /// This can be used to restore the client to a logged in state, loading all
652 /// the stored state and encryption keys.
653 ///
654 /// Alternatively, if the whole session isn't stored the [`login`] method
655 /// can be used with a device ID.
656 ///
657 /// # Arguments
658 ///
659 /// * `session` - A session that the user already has from a previous login
660 /// call.
661 ///
662 /// * `room_load_settings` — Specify how many rooms must be restored; use
663 /// `::default()` if you don't know which value to pick.
664 ///
665 /// # Panics
666 ///
667 /// Panics if a session was already restored or logged in.
668 ///
669 /// # Examples
670 ///
671 /// ```no_run
672 /// use matrix_sdk::{
673 /// Client, SessionMeta, SessionTokens,
674 /// authentication::matrix::MatrixSession,
675 /// ruma::{owned_device_id, owned_user_id},
676 /// };
677 /// # use url::Url;
678 /// # async {
679 ///
680 /// let homeserver = Url::parse("http://example.com")?;
681 /// let client = Client::new(homeserver).await?;
682 ///
683 /// let session = MatrixSession {
684 /// meta: SessionMeta {
685 /// user_id: owned_user_id!("@example:localhost"),
686 /// device_id: owned_device_id!("MYDEVICEID"),
687 /// },
688 /// tokens: SessionTokens {
689 /// access_token: "My-Token".to_owned(),
690 /// refresh_token: None,
691 /// },
692 /// };
693 ///
694 /// client.restore_session(session).await?;
695 /// # anyhow::Ok(()) };
696 /// ```
697 ///
698 /// The `MatrixSession` object can also be created from the response the
699 /// [`LoginBuilder::send()`] method returns:
700 ///
701 /// ```no_run
702 /// use matrix_sdk::{Client, store::RoomLoadSettings};
703 /// use url::Url;
704 /// # async {
705 ///
706 /// let homeserver = Url::parse("http://example.com")?;
707 /// let client = Client::new(homeserver).await?;
708 /// let auth = client.matrix_auth();
709 ///
710 /// let response = auth.login_username("example", "my-password").send().await?;
711 ///
712 /// // Persist the `MatrixSession` so it can later be used to restore the login.
713 ///
714 /// auth.restore_session((&response).into(), RoomLoadSettings::default())
715 /// .await?;
716 /// # anyhow::Ok(()) };
717 /// ```
718 ///
719 /// [`login`]: #method.login
720 /// [`LoginBuilder::send()`]: crate::authentication::matrix::LoginBuilder::send
721 #[instrument(skip_all)]
722 pub async fn restore_session(
723 &self,
724 session: MatrixSession,
725 room_load_settings: RoomLoadSettings,
726 ) -> Result<()> {
727 debug!("Restoring Matrix auth session");
728 self.set_session(
729 session,
730 room_load_settings,
731 #[cfg(feature = "e2e-encryption")]
732 None,
733 )
734 .await?;
735 debug!("Done restoring Matrix auth session");
736 Ok(())
737 }
738
739 /// Receive a login response and update the homeserver and the base client
740 /// if needed.
741 ///
742 /// # Arguments
743 ///
744 /// * `response` - A successful login response.
745 pub(crate) async fn receive_login_response(
746 &self,
747 response: &login::v3::Response,
748 #[cfg(feature = "e2e-encryption")] login_info: Option<login::v3::LoginInfo>,
749 ) -> Result<()> {
750 self.client.maybe_update_login_well_known(response.well_known.as_ref());
751
752 self.set_session(
753 response.into(),
754 RoomLoadSettings::default(),
755 #[cfg(feature = "e2e-encryption")]
756 login_info,
757 )
758 .await?;
759
760 Ok(())
761 }
762
763 /// Set the Matrix authentication session.
764 ///
765 /// # Arguments
766 ///
767 /// * `session` — The session being opened.
768 ///
769 /// * `room_load_settings` — Specify how much rooms must be restored; use
770 /// `::default()` if you don't know which value to pick.
771 ///
772 /// # Panic
773 ///
774 /// Panics if authentication data was already set.
775 async fn set_session(
776 &self,
777 session: MatrixSession,
778 room_load_settings: RoomLoadSettings,
779 #[cfg(feature = "e2e-encryption")] login_info: Option<login::v3::LoginInfo>,
780 ) -> Result<()> {
781 // This API doesn't have any data but by setting this variant we protect the
782 // user from using both authentication APIs at once.
783 self.client
784 .auth_ctx()
785 .auth_data
786 .set(AuthData::Matrix)
787 .expect("Client authentication data was already set");
788 self.client.auth_ctx().set_session_tokens(session.tokens);
789 self.client
790 .base_client()
791 .activate(
792 session.meta,
793 room_load_settings,
794 #[cfg(feature = "e2e-encryption")]
795 None,
796 )
797 .await?;
798
799 #[cfg(feature = "e2e-encryption")]
800 {
801 use ruma::api::client::uiaa::{AuthData, Password};
802
803 let auth_data = match login_info {
804 Some(login::v3::LoginInfo::Password(login::v3::Password {
805 identifier: Some(identifier),
806 password,
807 ..
808 })) => Some(AuthData::Password(Password::new(identifier, password))),
809 // Other methods can't be immediately translated to an auth.
810 _ => None,
811 };
812
813 self.client.encryption().spawn_initialization_task(auth_data).await;
814 }
815
816 Ok(())
817 }
818}
819
820/// A user session using the native Matrix authentication API.
821///
822/// # Examples
823///
824/// ```
825/// use matrix_sdk::{
826/// SessionMeta, SessionTokens, authentication::matrix::MatrixSession,
827/// };
828/// use ruma::{owned_device_id, owned_user_id};
829///
830/// let session = MatrixSession {
831/// meta: SessionMeta {
832/// user_id: owned_user_id!("@example:localhost"),
833/// device_id: owned_device_id!("MYDEVICEID"),
834/// },
835/// tokens: SessionTokens {
836/// access_token: "My-Token".to_owned(),
837/// refresh_token: None,
838/// },
839/// };
840///
841/// assert_eq!(session.meta.device_id, "MYDEVICEID");
842/// ```
843#[derive(Clone, Eq, Hash, PartialEq, Serialize, Deserialize)]
844pub struct MatrixSession {
845 /// The Matrix user session info.
846 #[serde(flatten)]
847 pub meta: SessionMeta,
848
849 /// The tokens used for authentication.
850 #[serde(flatten)]
851 pub tokens: SessionTokens,
852}
853
854#[cfg(not(tarpaulin_include))]
855impl fmt::Debug for MatrixSession {
856 fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
857 f.debug_struct("MatrixSession").field("meta", &self.meta).finish_non_exhaustive()
858 }
859}
860
861impl From<&login::v3::Response> for MatrixSession {
862 fn from(response: &login::v3::Response) -> Self {
863 let login::v3::Response { user_id, access_token, device_id, refresh_token, .. } = response;
864 Self {
865 meta: SessionMeta { user_id: user_id.clone(), device_id: device_id.clone() },
866 tokens: SessionTokens {
867 access_token: access_token.clone(),
868 refresh_token: refresh_token.clone(),
869 },
870 }
871 }
872}
873
874impl MatrixSession {
875 #[allow(clippy::question_mark)] // clippy falsely complains about the let-unpacking
876 fn from_register_response(response: ®ister::v3::Response) -> Option<Self> {
877 let register::v3::Response { user_id, access_token, device_id, refresh_token, .. } =
878 response;
879 Some(Self {
880 meta: SessionMeta { user_id: user_id.clone(), device_id: device_id.clone()? },
881 tokens: SessionTokens {
882 access_token: access_token.clone()?,
883 refresh_token: refresh_token.clone(),
884 },
885 })
886 }
887}