remove undocumented jwt token login

2025-03-14 18:55:37 +00:00 · 2025-01-11 16:04:19 +00:00 · 2025-01-11 16:04:19 +00:00 · afe9e5536b
commit afe9e5536b
parent 9ebb39ca4f
8 changed files with 4 additions and 76 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -685,7 +685,6 @@ dependencies = [
 "http-body-util",
 "hyper",
 "ipaddress",
- "jsonwebtoken",
 "log",
 "rand",
 "reqwest",
@ -831,7 +830,6 @@ dependencies = [
 "image",
 "ipaddress",
 "itertools 0.13.0",
- "jsonwebtoken",
 "log",
 "loole",
 "lru-cache",
@ -2115,19 +2113,6 @@ dependencies = [
 "serde",
 ]

-[[package]]
-name = "jsonwebtoken"
-version = "9.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b9ae10193d25051e74945f1ea2d0b42e03cc3b890f7e4cc5faa44997d808193f"
-dependencies = [
- "base64 0.21.7",
- "js-sys",
- "ring",
- "serde",
- "serde_json",
-]
-
 [[package]]
 name = "konst"
 version = "0.3.16"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -58,10 +58,6 @@ features = ["parse"]
 [workspace.dependencies.sanitize-filename]
 version = "0.6.0"

-[workspace.dependencies.jsonwebtoken]
-version = "9.3.0"
-default-features = false
-
 [workspace.dependencies.base64]
 version = "0.22.1"
 default-features = false
--- a/conduwuit-example.toml
+++ b/conduwuit-example.toml
@ -563,10 +563,6 @@
 #
 #proxy = "none"

-# This item is undocumented. Please contribute documentation for it.
-#
-#jwt_secret =
-
 # Servers listed here will be used to gather public keys of other servers
 # (notary trusted key servers).
 #
--- a/src/api/Cargo.toml
+++ b/src/api/Cargo.toml
@ -50,7 +50,6 @@ http.workspace = true
 http-body-util.workspace = true
 hyper.workspace = true
 ipaddress.workspace = true
-jsonwebtoken.workspace = true
 log.workspace = true
 rand.workspace = true
 reqwest.workspace = true
--- a/src/api/client/session.rs
+++ b/src/api/client/session.rs
@ -20,17 +20,10 @@ use ruma::{
 	},
 	OwnedUserId, UserId,
 };
-use serde::Deserialize;

 use super::{DEVICE_ID_LENGTH, TOKEN_LENGTH};
 use crate::{utils, utils::hash, Error, Result, Ruma};

-#[derive(Debug, Deserialize)]
-struct Claims {
-	sub: String,
-	//exp: usize,
-}
-
 /// # `GET /_matrix/client/v3/login`
 ///
 /// Get the supported login types of this server. One of these should be used as
@ -106,34 +99,11 @@ pub(crate) async fn login_route(

 			user_id
 		},
-		| login::v3::LoginInfo::Token(login::v3::Token { token }) => {
+		| login::v3::LoginInfo::Token(login::v3::Token { token: _ }) => {
 			debug!("Got token login type");
-			if let Some(jwt_decoding_key) = services.globals.jwt_decoding_key() {
-				let token = jsonwebtoken::decode::<Claims>(
-					token,
-					jwt_decoding_key,
-					&jsonwebtoken::Validation::default(),
-				)
-				.map_err(|e| {
-					warn!("Failed to parse JWT token from user logging in: {e}");
-					Error::BadRequest(ErrorKind::InvalidUsername, "Token is invalid.")
-				})?;
-
-				let username = token.claims.sub.to_lowercase();
-
-				UserId::parse_with_server_name(username, services.globals.server_name()).map_err(
-					|e| {
-						err!(Request(InvalidUsername(debug_error!(
-							?e,
-							"Failed to parse login username"
-						))))
-					},
-				)?
-			} else {
-				return Err!(Request(Unknown(
-					"Token login is not supported (server has no jwt decoding key)."
-				)));
-			}
+			return Err!(Request(Unknown(
+				"Token login is not supported."
+			)));
 		},
 		#[allow(deprecated)]
 		| login::v3::LoginInfo::ApplicationService(login::v3::ApplicationService {
--- a/src/core/config/mod.rs
+++ b/src/core/config/mod.rs
@ -671,8 +671,6 @@ pub struct Config {
 	#[serde(default)]
 	pub proxy: ProxyConfig,

-	pub jwt_secret: Option<String>,
-
 	/// Servers listed here will be used to gather public keys of other servers
 	/// (notary trusted key servers).
 	///
@ -2005,10 +2003,6 @@ impl fmt::Display for Config {
 			"Lockdown public room directory (only allow admins to publish)",
 			&self.lockdown_public_room_directory.to_string(),
 		);
-		line("JWT secret", match self.jwt_secret {
-			| Some(_) => "set",
-			| None => "not set",
-		});
 		line(
 			"Trusted key servers",
 			&self
--- a/src/service/Cargo.toml
+++ b/src/service/Cargo.toml
@ -61,7 +61,6 @@ image.workspace = true
 image.optional = true
 ipaddress.workspace = true
 itertools.workspace = true
-jsonwebtoken.workspace = true
 log.workspace = true
 loole.workspace = true
 lru-cache.workspace = true
--- a/src/service/globals/mod.rs
+++ b/src/service/globals/mod.rs
@ -18,7 +18,6 @@ pub struct Service {
 	pub db: Data,

 	pub config: Config,
-	jwt_decoding_key: Option<jsonwebtoken::DecodingKey>,
 	pub bad_event_ratelimiter: Arc<RwLock<HashMap<OwnedEventId, RateLimitState>>>,
 	pub server_user: OwnedUserId,
 	pub admin_alias: OwnedRoomAliasId,
@ -33,11 +32,6 @@ impl crate::Service for Service {
 		let db = Data::new(&args);
 		let config = &args.server.config;

-		let jwt_decoding_key = config
-			.jwt_secret
-			.as_ref()
-			.map(|secret| jsonwebtoken::DecodingKey::from_secret(secret.as_bytes()));
-
 		let turn_secret =
 			config
 				.turn_secret_file
@ -66,7 +60,6 @@ impl crate::Service for Service {
 		let mut s = Self {
 			db,
 			config: config.clone(),
-			jwt_decoding_key,
 			bad_event_ratelimiter: Arc::new(RwLock::new(HashMap::new())),
 			admin_alias: OwnedRoomAliasId::try_from(format!("#admins:{}", &config.server_name))
 				.expect("#admins:server_name is valid alias name"),
@ -158,10 +151,6 @@ impl Service {

 	pub fn trusted_servers(&self) -> &[OwnedServerName] { &self.config.trusted_servers }

-	pub fn jwt_decoding_key(&self) -> Option<&jsonwebtoken::DecodingKey> {
-		self.jwt_decoding_key.as_ref()
-	}
-
 	pub fn turn_password(&self) -> &String { &self.config.turn_password }

 	pub fn turn_ttl(&self) -> u64 { self.config.turn_ttl }