Skip to main content

tuwunel_api/oidc/account/
cross_signing_reset.rs

1use const_str::format as const_format;
2use ruma::UserId;
3use tuwunel_core::{Result, info, utils::html::escape as html_escape};
4use tuwunel_service::Services;
5
6use super::{ACCOUNT_HEAD, url_encode};
7
8/// Shows a POST confirmation form for a cross-signing reset. The `login_token`
9/// is peeked by the GET handler and embedded here; submitting the form consumes
10/// it and opens the replacement window.
11pub(super) async fn cross_signing_reset_confirm_html(
12	user_id: &UserId,
13	login_token: &str,
14) -> Result<String> {
15	let uid = html_escape(user_id.as_str());
16	let tok = html_escape(login_token);
17	let tok_enc = url_encode(login_token);
18
19	Ok(CONFIRM_HTML
20		.replace("{uid}", &uid)
21		.replace("{tok}", &tok)
22		.replace("{tok_enc}", &tok_enc))
23}
24
25/// Opens the ten-minute window during which the user's client may upload a new
26/// cross-signing identity without further interactive authentication (MSC4312).
27pub(super) async fn cross_signing_reset_execute_html(
28	services: &Services,
29	user_id: &UserId,
30) -> Result<String> {
31	services
32		.users
33		.allow_cross_signing_replacement(user_id);
34
35	info!(?user_id, "Cross-signing reset approved via account management page");
36
37	Ok(EXECUTE_HTML.replace("{uid}", &html_escape(user_id.as_str())))
38}
39
40static CONFIRM_HTML: &str = const_format!(
41	r#"
42<!DOCTYPE html>
43<html lang="en">
44	<head>
45		{ACCOUNT_HEAD}
46		<title>Reset Cross-Signing</title>
47	</head>
48	<body>
49		<h1>Reset Cross-Signing</h1>
50		<p>
51			Signed in as <strong>{{uid}}</strong>.
52		</p>
53		<p class="warn">
54			Reset your cross-signing identity? After you approve, your client can
55			upload a new identity for the next ten minutes. Other users and your
56			other sessions will need to verify you again.
57		</p>
58		<form method="POST" action="/_tuwunel/oidc/account_callback">
59			<input type="hidden" name="action" value="org.matrix.cross_signing_reset">
60			<input type="hidden" name="loginToken" value="{{tok}}">
61			<button type="submit" class="danger">Reset cross-signing</button>
62			<a
63				class="cancel"
64				href="/_tuwunel/oidc/account_callback?action=org.matrix.sessions_list&loginToken={{tok_enc}}"
65			>
66				Cancel
67			</a>
68		</form>
69	</body>
70</html>"#
71);
72
73static EXECUTE_HTML: &str = const_format!(
74	r#"
75<!DOCTYPE html>
76<html lang="en">
77	<head>
78		{ACCOUNT_HEAD}
79		<title>Cross-Signing Reset Approved</title>
80	</head>
81	<body>
82		<h1 class="ok">Cross-Signing Reset Approved</h1>
83		<p>
84			You can now upload a new cross-signing identity for
85			<strong>{{uid}}</strong> from your Matrix client. This approval expires
86			in ten minutes.
87		</p>
88		<div class="nav">
89			<a href="/_tuwunel/oidc/account?action=org.matrix.sessions_list">
90				Back to sessions
91			</a>
92		</div>
93	</body>
94</html>"#
95);