java source code of SessionValidationPostHandler

mxisd-master
- src
  - main
    - resources
      - simplelogger.properties
      - templates
        session
        tokenSubmitSuccess.html
        tokenSubmitFailure.html
      - META-INF
        services
        io.kamax.mxisd.threepid.connector.email.EmailConnectorSupplier
        io.kamax.mxisd.threepid.generator.phone.PhoneGeneratorSupplier
        io.kamax.mxisd.threepid.generator.email.EmailGeneratorSupplier
        io.kamax.mxisd.threepid.connector.phone.PhoneConnectorSupplier
        io.kamax.mxisd.backend.sql.DriverLoader
        io.kamax.mxisd.notification.NotificationHandlerSupplier
        io.kamax.mxisd.backend.IdentityStoreSupplier
      - threepids
        email
        validate-template.eml
        unbind-fraudulent.eml
        invite-template.eml
        mxid-template.eml
        sms
        unbind-fraudulent.txt
        validate-template.txt
        invite-template.txt
    - java
      - edazdarevic
        commons
        net
        CIDRUtils.java
      - io
        kamax
        mxisd
        MxisdStandaloneExec.java
        crypto
        GenericKeyIdentifier.java
        SignatureManager.java
        KeyType.java
        KeyAlgorithm.java
        KeyManager.java
        GenericKey.java
        ed25519
        Ed25519SignatureManager.java
        Ed25519KeyManager.java
        Ed25519RegularKeyIdentifier.java
        Ed25519Key.java
        RegularKeyIdentifier.java
        CryptoFactory.java
        Key.java
        KeyIdentifier.java
        Signature.java
        lookup
        SingleLookupReply.java
        provider
        ForwarderProvider.java
        RemoteIdentityServerFetcher.java
        RemoteLookupProviderSupplier.java
        DnsLookupProvider.java
        BridgeFetcher.java
        IThreePidProvider.java
        ThreePidMapping.java
        SingleLookupRequest.java
        BulkLookupRequest.java
        ThreePidProviders.java
        ThreePidValidation.java
        ALookupRequest.java
        strategy
        RecursivePriorityLookupStrategy.java
        LookupStrategy.java
        fetcher
        IRemoteIdentityServerFetcher.java
        IBridgeFetcher.java
        storage
        dao
        IThreePidSessionDao.java
        crypto
        MemoryKeyStore.java
        KeyStore.java
        FileKeyJson.java
        FileKeyStore.java
        IStorage.java
        ormlite
        dao
        HistoricalThreePidInviteIO.java
        ASTransactionDao.java
        ThreePidInviteIO.java
        ThreePidSessionDao.java
        OrmLiteSqlStorage.java
        Mxisd.java
        proxy
        Response.java
        HttpMxisd.java
        backend
        sql
        DriverLoader.java
        Drivers.java
        synapse
        SynapseSqlStoreSupplier.java
        Synapse.java
        SynapseSqlProfileProvider.java
        SynapseSqlThreePidProvider.java
        SynapseQueries.java
        SynapseSqlDirectoryProvider.java
        SqlProfileProvider.java
        generic
        GenericSqlStoreSupplier.java
        GenericSqlProfileProvider.java
        GenericSqlAuthProvider.java
        GenericSqlDirectoryProvider.java
        GenericSqlThreePidProvider.java
        BuiltInDriverLoader.java
        SqlConnectionPool.java
        SqlThreePidProvider.java
        ldap
        LdapThreePidProvider.java
        LdapAuthProvider.java
        LdapStoreSupplier.java
        LdapBackend.java
        LdapDirectoryProvider.java
        LdapProfileProvider.java
        netiq
        NetIqLdapProfileProvider.java
        NetIqLdapThreePidProvider.java
        NetIqLdapStoreSupplier.java
        NetIqLdapAuthProvider.java
        NetIqLdapDirectoryProvider.java
        firebase
        GoogleFirebaseProvider.java
        GoogleFirebaseBackend.java
        GoogleFirebaseStoreSupplier.java
        GoogleFirebaseAuthenticator.java
        wordpress
        WordressSqlBackend.java
        WordpressAuthProvider.java
        WordpressAuthData.java
        WordpressRestBackend.java
        WordpressStoreSupplier.java
        WordpressThreePidProvider.java
        WordpressDirectoryProvider.java
        rest
        LookupSingleRequestJson.java
        RestProvider.java
        RestStoreSupplier.java
        RestAuthRequestJson.java
        RestAuthProvider.java
        RestDirectoryProvider.java
        LookupBulkResponseJson.java
        RestThreePidProvider.java
        LookupSingleResponseJson.java
        RestProfileProvider.java
        IdentityStoreSupplier.java
        exec
        ExecIdentityStoreSupplier.java
        ExecAuthResult.java
        ExecAuthStore.java
        ExecProfileStore.java
        ExecIdentityStore.java
        ExecStore.java
        ExecDirectoryStore.java
        memory
        MemoryIdentityStoreSupplier.java
        MemoryIdentityStore.java
        UserIdType.java
        util
        GsonUtil.java
        JsonUtils.java
        OptionalUtil.java
        RestClientUtils.java
        GsonParser.java
        FileUtil.java
        TriFunction.java
        registration
        RegistrationReply.java
        RegistrationManager.java
        threepid
        connector
        email
        EmailSmtpConnector.java
        EmailConnectorSupplier.java
        BuiltInEmailConnectorSupplier.java
        BlackholeEmailConnector.java
        EmailConnector.java
        ThreePidConnector.java
        phone
        BlackholePhoneConnector.java
        PhoneConnector.java
        PhoneConnectorSupplier.java
        BuiltInPhoneConnectorSupplier.java
        PhoneSmsTwilioConnector.java
        generator
        PlaceholderNotificationGenerator.java
        GenericTemplateNotificationGenerator.java
        email
        GenericEmailNotificationGenerator.java
        BuiltInEmailGeneratorSupplier.java
        EmailGeneratorSupplier.java
        EmailGenerator.java
        phone
        SmsNotificationGenerator.java
        PhoneGenerator.java
        PhoneGeneratorSupplier.java
        BuiltInPhoneGeneratorSupplier.java
        NotificationGenerator.java
        notification
        email
        EmailSendGridNotificationHandler.java
        EmailRawNotificationHandler.java
        phone
        PhoneNotificationHandler.java
        GenericNotificationHandler.java
        BuiltInNotificationHandlerSupplier.java
        session
        ThreePidSession.java
        IThreePidSession.java
        config
        sql
        SqlConfig.java
        synapse
        SynapseSqlProviderConfig.java
        generic
        GenericSqlProviderConfig.java
        AuthenticationConfig.java
        ldap
        LdapConfig.java
        generic
        GenericLdapConfig.java
        netiq
        NetIqLdapConfig.java
        KeyConfig.java
        MatrixConfig.java
        RecursiveLookupConfig.java
        DirectoryConfig.java
        InvitationConfig.java
        ViewConfig.java
        RegisterConfig.java
        threepid
        connector
        PhoneTwilioConfig.java
        EmailSendGridConfig.java
        EmailSmtpConfig.java
        ThreePidConfig.java
        medium
        EmailConfig.java
        PhoneSmsTemplateConfig.java
        EmailTemplateConfig.java
        PhoneConfig.java
        GenericTemplateConfig.java
        MediumConfig.java
        notification
        NotificationConfig.java
        DnsOverwriteConfig.java
        BulkLookupConfig.java
        wordpress
        WordpressConfig.java
        MxisdConfig.java
        RecursiveLookupBridgeConfig.java
        ExecConfig.java
        YamlConfigLoader.java
        rest
        RestBackendConfig.java
        ForwardConfig.java
        FirebaseConfig.java
        SQLiteStorageConfig.java
        AppServiceConfig.java
        SessionConfig.java
        ServerConfig.java
        StorageConfig.java
        memory
        MemoryStoreConfig.java
        MemoryThreePid.java
        MemoryIdentityConfig.java
        exception
        HttpMatrixException.java
        RemoteHomeServerException.java
        NotAllowedException.java
        InvalidCredentialsException.java
        ConfigurationException.java
        SessionNotValidatedException.java
        NotImplementedException.java
        ObjectNotFoundException.java
        RemoteIdentityServerException.java
        RemoteLoginException.java
        AccessTokenNotFoundException.java
        JsonMemberNotFoundException.java
        BadRequestException.java
        FeatureNotAvailable.java
        InvalidResponseJsonException.java
        MessageForClientException.java
        MxisdException.java
        InternalServerError.java
        MappingAlreadyExistsException.java
        SessionUnknownException.java
        NotFoundException.java
        UserID.java
        http
        undertow
        handler
        InternalInfoHandler.java
        invite
        v1
        RoomInviteHandler.java
        HomeserverProxyHandler.java
        BasicHttpHandler.java
        OptionsHandler.java
        identity
        v1
        SignEd25519Handler.java
        KeyIsValidHandler.java
        SingleLookupHandler.java
        SessionValidationPostHandler.java
        EphemeralKeyIsValidHandler.java
        StoreInviteHandler.java
        SessionStartHandler.java
        SessionTpidUnbindHandler.java
        SessionTpidGetValidatedHandler.java
        SessionValidationGetHandler.java
        SessionValidateHandler.java
        HelloHandler.java
        RegularKeyIsValidHandler.java
        SessionTpidBindHandler.java
        LookupHandler.java
        KeyGetHandler.java
        BulkLookupHandler.java
        SaneHandler.java
        register
        v1
        Register3pidRequestTokenHandler.java
        profile
        v1
        ProfileHandler.java
        InternalProfileHandler.java
        auth
        v1
        LoginGetHandler.java
        LoginHandler.java
        LoginPostHandler.java
        RestAuthHandler.java
        directory
        v1
        UserDirectorySearchHandler.java
        as
        v1
        ApplicationServiceHandler.java
        AsTransactionHandler.java
        AsNotFoundHandler.java
        AsUserHandler.java
        status
        StatusHandler.java
        VersionHandler.java
        io
        UserDirectorySearchResult.java
        UserDirectorySearchRequest.java
        identity
        SuccessStatusJson.java
        ClientBulkLookupRequest.java
        SingeLookupReplyJson.java
        ThreePidInviteReplyIO.java
        GenericTokenRequestJson.java
        StoreInviteRequest.java
        SessionEmailTokenRequestJson.java
        ClientBulkLookupAnswer.java
        BindRequest.java
        SessionPhoneTokenRequestJson.java
        RequestTokenResponse.java
        KeyValidityJson.java
        CredentialsValidationResponse.java
        IsAPIv1.java
        dns
        ClientDnsOverwrite.java
        FederationDnsOverwrite.java
        notification
        NotificationManager.java
        NotificationHandlerSupplier.java
        NotificationHandler.java
        NotificationHandlers.java
        profile
        ProfileProviders.java
        JsonProfileRequest.java
        JsonProfileResult.java
        ProfileProvider.java
        ProfileManager.java
        auth
        provider
        AuthenticatorProvider.java
        BackendAuthResult.java
        AuthManager.java
        AuthProviders.java
        UserAuthResult.java
        matrix
        HomeserverFederationResolver.java
        IdentityServerUtils.java
        invitation
        IThreePidInvite.java
        InvitationManager.java
        ThreePidInviteReply.java
        IMatrixIdInvite.java
        IThreePidInviteReply.java
        ThreePidInvite.java
        MatrixIdInvite.java
        session
        SessionManager.java
        ValidationResult.java
        directory
        DirectoryProvider.java
        DirectoryProviders.java
        DirectoryManager.java
        as
        AppSvcManager.java
        processor
        event
        EventTypeProcessor.java
        MembershipEventProcessor.java
        MessageEventProcessor.java
        command
        LookupCommandProcessor.java
        CommandProcessor.java
        PingCommandProcessor.java
        InviteCommandProcessor.java
        registration
        SynapseRegistrationYaml.java
  - script
    - mxisd
  - test
    - resources
      - store
        exec
        input
        envTest.sh
        argsTest.sh
        multilinesTest.sh
    - java
      - io
        kamax
        mxisd
        test
        MxisdTest.java
        crypto
        SignatureManagerTest.java
        KeyTest.java
        storage
        crypto
        MemoryKeyStoreTest.java
        FileKeyStoreTest.java
        KeyStoreTest.java
        OrmLiteSqlStorageTest.java
        backend
        ldap
        LdapAuthTest.java
        rest
        RestProfileProviderTest.java
        RestThreePidProviderTest.java
        RestDirectoryProviderTest.java
        exec
        ExecStoreTest.java
        auth
        input
        ExecAuthEnvTest.java
        ExecAuthInputMultilinesTest.java
        ExecAuthArgsTest.java
        ExecProfileStoreTest.java
        ExecAuthStoreTest.java
        ExecDirectoryStoreTest.java
        ExecIdentityStoreTest.java
        util
        RestClientUtilsTest.java
        MxisdDefaultTest.java
        notification
        EmailNotificationTest.java
        auth
        AuthManagerTest.java
        matrix
        HomeserverFederationResolverTest.java
  - systemd
    - mxisd.service
  - debian
    - postinst
    - control
    - prerm
  - docker
    - start.sh
- gradle
  - wrapper
    - gradle-wrapper.properties
    - gradle-wrapper.jar
- gradlew.bat
- LICENSE
- gradlew
- media
- EOL.md
- build.gradle
- .travis.yml
- README.md
- Dockerfile
- .gitignore
- docs
  - operations.md
  - getting-started.md
  - faq.md
  - build.md
  - _config.yml
  - stores
    - rest.md
    - sql.md
    - exec.md
    - wordpress.md
    - firebase.md
    - synapse.md
    - ldap.md
    - README.md
  - architecture.md
  - concepts.md
  - install
    - docker.md
    - debian.md
    - archlinux.md
    - security.md
    - source.md
    - nixos.md
  - configure.md
  - threepids
    - medium
      - email
        smtp-connector.md
      - msisdn
        twilio-connector.md
    - notification
      - template-generator.md
      - sendgrid-handler.md
      - basic-handler.md
    - session
      - session-views.md
      - session.md
  - README.md
  - features
    - bridge-integration.md
    - federation.md
    - experimental
      - application-service.md
      - profile.md
    - directory.md
    - profile.md
    - authentication.md
    - registration.md
    - identity.md
  - troubleshooting.md
- mxisd.example.yaml

/*
 * mxisd - Matrix Identity Server Daemon
 * Copyright (C) 2019 Kamax Sarl
 *
 * https://www.kamax.io/
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

package io.kamax.mxisd.http.undertow.handler.identity.v1;

import com.google.gson.JsonObject;
import io.kamax.matrix.json.GsonUtil;
import io.kamax.mxisd.http.io.identity.SuccessStatusJson;
import io.kamax.mxisd.session.SessionManager;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormData;
import io.undertow.server.handlers.form.FormParserFactory;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.IOException;

public class SessionValidationPostHandler extends SessionValidateHandler {

    private transient final Logger log = LoggerFactory.getLogger(SessionValidationPostHandler.class);

    private FormParserFactory factory;

    public SessionValidationPostHandler(SessionManager mgr) {
        super(mgr);
        factory = FormParserFactory.builder().build();
    }


    @Override
    public void handleRequest(HttpServerExchange exchange) throws IOException {
        log.info("Handling POST request to validate session");

        String sid;
        String secret;
        String token;

        String contentType = getContentType(exchange).orElseThrow(() -> new IllegalArgumentException("Content type header is not set"));
        if (StringUtils.equals(contentType, "application/json")) { // FIXME use MIME parsing tools
            log.info("Parsing as JSON data");

            JsonObject body = parseJsonObject(exchange);
            sid = GsonUtil.getStringOrThrow(body, "sid");
            secret = GsonUtil.getStringOrThrow(body, "client_secret");
            token = GsonUtil.getStringOrThrow(body, "token");
        } else if (StringUtils.equals(contentType, "application/x-www-form-urlencoded")) { // FIXME use MIME parsing tools
            log.info("Parsing as Form data");

            FormData data = factory.createParser(exchange).parseBlocking();
            sid = getOrThrow(data, "sid");
            secret = getOrThrow(data, "client_secret");
            token = getOrThrow(data, "token");
        } else {
            log.info("Unsupported Content type: {}", contentType);
            throw new IllegalArgumentException("Unsupported Content type: " + contentType);
        }

        handleRequest(sid, secret, token);
        respondJson(exchange, new SuccessStatusJson(true));
    }

}