Login form: support .well-known delegation for homeserver url

Author: aine-etke

src/pages/LoginPage.tsx

@@ -41,6 +41,7 @@ import {
   splitMxid,
   getSupportedLoginFlows,
   getAuthMetadata,
+  resolveBaseUrlWithWellKnown,
 } from "../synapse/matrix";
 import { SetExternalAuthProvider } from "../utils/config";
 
@@ -119,14 +120,15 @@ const LoginPage = () => {
   const [oidcUrl, setOIDCUrl] = useState("");
   const [ssoBaseUrl, setSSOBaseUrl] = useState("");
   const [baseUrl, setBaseUrl] = useState(base_url || "");
+  const [resolvedBaseUrl, setResolvedBaseUrl] = useState(base_url || "");
   const loginToken = new URLSearchParams(window.location.search).get("loginToken");
   const [loginMethod, setLoginMethod] = useState<LoginMethod>("credentials");
   const [serverVersion, setServerVersion] = useState("");
   const [matrixVersions, setMatrixVersions] = useState("");
 
   useEffect(() => {
     if (base_url) {
-      checkServerInfo(base_url as string);
+      resolveAndCheckServerInfo(base_url as string);
     }
     // eslint-disable-next-line react-hooks/exhaustive-deps
   }, []);
@@ -177,7 +179,12 @@ const LoginPage = () => {
     const cleanUrl = window.location.href.replace(window.location.search, "");
     window.history.replaceState({}, "", cleanUrl);
 
-    login(auth).catch(error => {
+    const authWithResolved = {
+      ...auth,
+      base_url: resolvedBaseUrl || auth.base_url,
+    };
+
+    login(authWithResolved).catch(error => {
       setLoading(false);
       notify(
         typeof error === "string"
@@ -213,6 +220,7 @@ const LoginPage = () => {
       setMatrixVersions("");
       setOIDCUrl("");
       setBaseUrl("");
+      setResolvedBaseUrl("");
       setSupportPassAuth(false);
       return;
     }
@@ -237,6 +245,7 @@ const LoginPage = () => {
       const supportPass = loginFlows.find(f => f.type === "m.login.password") !== undefined;
       const supportSSO = loginFlows.find(f => f.type === "m.login.sso") !== undefined;
       setBaseUrl(url);
+      setResolvedBaseUrl(url);
       setSupportPassAuth(supportPass);
       setSSOBaseUrl(supportSSO ? url : "");
 
@@ -267,7 +276,25 @@ const LoginPage = () => {
       setSSOBaseUrl("");
       setOIDCUrl("");
       setBaseUrl("");
+      setResolvedBaseUrl("");
+    }
+  };
+
+  const resolveAndCheckServerInfo = async (url: string, updateFormValue?: (nextUrl: string) => void) => {
+    if (!url) {
+      return;
+    }
+
+    if (!isValidBaseUrl(url)) {
+      checkServerInfo(url);
+      return;
+    }
+
+    const resolvedUrl = await resolveBaseUrlWithWellKnown(url);
+    if (resolvedUrl !== url && updateFormValue) {
+      updateFormValue(resolvedUrl);
     }
+    checkServerInfo(resolvedUrl);
   };
 
   const icfg = useInstanceConfig();
@@ -300,6 +327,7 @@ const LoginPage = () => {
             shouldValidate: true,
             shouldDirty: true,
           });
+          setResolvedBaseUrl(url);
           checkServerInfo(url);
         }
       }
@@ -315,7 +343,15 @@ const LoginPage = () => {
 
       // Trigger validation only when user finishes typing/selecting
       form.trigger("base_url");
-      checkServerInfo(value);
+      const updateFormValue =
+        restrictBaseUrlMultiple || restrictBaseUrlSingle
+          ? undefined
+          : (nextUrl: string) =>
+              form.setValue("base_url", nextUrl, {
+                shouldValidate: true,
+                shouldDirty: true,
+              });
+      resolveAndCheckServerInfo(value, updateFormValue);
     };
 
     useEffect(() => {
@@ -355,7 +391,15 @@ const LoginPage = () => {
             shouldValidate: true,
             shouldDirty: true,
           });
-          checkServerInfo(serverURL);
+          const updateFormValue =
+            restrictBaseUrlMultiple || restrictBaseUrlSingle
+              ? undefined
+              : (nextUrl: string) =>
+                  form.setValue("base_url", nextUrl, {
+                    shouldValidate: true,
+                    shouldDirty: true,
+                  });
+          resolveAndCheckServerInfo(serverURL, updateFormValue);
         }
       }, 0);
 

src/synapse/matrix.test.ts

@@ -1,4 +1,12 @@
-import { isValidBaseUrl, splitMxid } from "./matrix";
+import { fetchUtils } from "react-admin";
+
+import { isValidBaseUrl, splitMxid, resolveBaseUrlWithWellKnown } from "./matrix";
+
+jest.mock("react-admin", () => ({
+  fetchUtils: {
+    fetchJson: jest.fn(),
+  },
+}));
 
 describe("splitMxid", () => {
   it("splits valid MXIDs", () =>
@@ -21,3 +29,28 @@ describe("isValidBaseUrl", () => {
   it("rejects base URLs with path", () => expect(isValidBaseUrl("http://foo.bar/path")).toBeFalsy());
   it("rejects invalid base URLs", () => expect(isValidBaseUrl("http:/foo.bar")).toBeFalsy());
 });
+
+describe("resolveBaseUrlWithWellKnown", () => {
+  const fetchJsonMock = fetchUtils.fetchJson as jest.Mock;
+
+  afterEach(() => {
+    fetchJsonMock.mockReset();
+  });
+
+  it("returns well-known base_url when present", async () => {
+    fetchJsonMock.mockResolvedValueOnce({
+      json: {
+        "m.homeserver": { base_url: "https://api.example.com" },
+      },
+    });
+
+    await expect(resolveBaseUrlWithWellKnown("https://example.com")).resolves.toBe("https://api.example.com");
+    expect(fetchJsonMock).toHaveBeenCalledWith("https://example.com/.well-known/matrix/client", { method: "GET" });
+  });
+
+  it("falls back to provided URL when well-known fails", async () => {
+    fetchJsonMock.mockRejectedValueOnce(new Error("nope"));
+
+    await expect(resolveBaseUrlWithWellKnown("https://example.com/")).resolves.toBe("https://example.com");
+  });
+});

src/synapse/matrix.ts

@@ -10,6 +10,34 @@ export const splitMxid = mxid => {
 
 export const isValidBaseUrl = baseUrl => /^(http|https):\/\/[a-zA-Z0-9\-.]+(:\d{1,5})?\/?$/.test(baseUrl);
 
+/**
+ * Resolve a base URL using /.well-known/matrix/client if present.
+ * Falls back to the provided URL if lookup fails or is invalid.
+ */
+export const resolveBaseUrlWithWellKnown = async (baseUrl: string): Promise<string> => {
+  if (!baseUrl) return baseUrl;
+  const cleaned = baseUrl.replace(/\/+$/g, "");
+  let origin: string;
+  try {
+    origin = new URL(cleaned).origin;
+  } catch {
+    return cleaned;
+  }
+
+  const wellKnownUrl = `${origin}/.well-known/matrix/client`;
+  try {
+    const response = await fetchUtils.fetchJson(wellKnownUrl, { method: "GET" });
+    const wkBaseUrl = response.json?.["m.homeserver"]?.base_url;
+    if (typeof wkBaseUrl === "string" && wkBaseUrl.trim() !== "") {
+      return wkBaseUrl.replace(/\/+$/g, "");
+    }
+  } catch {
+    // ignore and fall back to the provided URL
+  }
+
+  return cleaned;
+};
+
 /**
  * Resolve the homeserver URL using the well-known lookup
  * @param domain  the domain part of an MXID