Add m.login.application_service registration procedure.

This allows known application services to register any user ID under their own user namespace(s).
2024-06-18 10:38:21 +02:00 · 2015-02-05 17:29:27 +00:00 · 2015-02-05 17:29:27 +00:00 · 0227618d3c
parent 11e6b3d18b
commit 0227618d3c
3 changed files with 44 additions and 1 deletions
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@ -59,6 +59,7 @@ class LoginType(object):
    EMAIL_URL = u"m.login.email.url"
    EMAIL_IDENTITY = u"m.login.email.identity"
    RECAPTCHA = u"m.login.recaptcha"
+    APPLICATION_SERVICE = u"m.login.application_service"


 class EventTypes(object):
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@ -105,6 +105,26 @@ class RegistrationHandler(BaseHandler):

        defer.returnValue((user_id, token))

+    @defer.inlineCallbacks
+    def appservice_register(self, user_localpart, as_token):
+        user = UserID(user_localpart, self.hs.hostname)
+        user_id = user.to_string()
+        service = yield self.store.get_app_service_by_token(as_token)
+        if not service:
+            raise SynapseError(403, "Invalid application service token.")
+        if not service.is_interested_in_user(user_id):
+            raise SynapseError(
+                400, "Invalid user localpart for this application service."
+            )
+        token = self._generate_token(user_id)
+        yield self.store.register(
+            user_id=user_id,
+            token=token,
+            password_hash=""
+        )
+        self.distributor.fire("registered_user", user)
+        defer.returnValue((user_id, token))
+
    @defer.inlineCallbacks
    def check_recaptcha(self, ip, private_key, challenge, response):
        """Checks a recaptcha is correct."""
--- a/synapse/rest/client/v1/register.py
+++ b/synapse/rest/client/v1/register.py
@ -110,7 +110,8 @@ class RegisterRestServlet(ClientV1RestServlet):
            stages = {
                LoginType.RECAPTCHA: self._do_recaptcha,
                LoginType.PASSWORD: self._do_password,
-                LoginType.EMAIL_IDENTITY: self._do_email_identity
+                LoginType.EMAIL_IDENTITY: self._do_email_identity,
+                LoginType.APPLICATION_SERVICE: self._do_app_service
            }

            session_info = self._get_session_info(request, session)
@ -276,6 +277,27 @@ class RegisterRestServlet(ClientV1RestServlet):
        self._remove_session(session)
        defer.returnValue(result)

+    @defer.inlineCallbacks
+    def _do_app_service(self, request, register_json, session):
+        if "access_token" not in request.args:
+            raise SynapseError(400, "Expected application service token.")
+        if "user" not in register_json:
+            raise SynapseError(400, "Expected 'user' key.")
+
+        as_token = request.args["access_token"][0]
+        user_localpart = register_json["user"].encode("utf-8")
+
+        handler = self.handlers.registration_handler
+        (user_id, token) = yield handler.appservice_register(
+            user_localpart, as_token
+        )
+        self._remove_session(session)
+        defer.returnValue({
+            "user_id": user_id,
+            "access_token": token,
+            "home_server": self.hs.hostname,
+        })
+

 def _parse_json(request):
    try: