mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-16 13:33:53 +01:00
Dummy login so we can do the first POST request to get login flows without it just succeeding
This commit is contained in:
parent
a19b739909
commit
766bd8e880
4 changed files with 24 additions and 7 deletions
|
@ -59,6 +59,7 @@ class LoginType(object):
|
||||||
EMAIL_URL = u"m.login.email.url"
|
EMAIL_URL = u"m.login.email.url"
|
||||||
EMAIL_IDENTITY = u"m.login.email.identity"
|
EMAIL_IDENTITY = u"m.login.email.identity"
|
||||||
RECAPTCHA = u"m.login.recaptcha"
|
RECAPTCHA = u"m.login.recaptcha"
|
||||||
|
DUMMY = u"m.login.dummy"
|
||||||
|
|
||||||
# Only for C/S API v1
|
# Only for C/S API v1
|
||||||
APPLICATION_SERVICE = u"m.login.application_service"
|
APPLICATION_SERVICE = u"m.login.application_service"
|
||||||
|
|
|
@ -42,6 +42,7 @@ class AuthHandler(BaseHandler):
|
||||||
LoginType.PASSWORD: self._check_password_auth,
|
LoginType.PASSWORD: self._check_password_auth,
|
||||||
LoginType.RECAPTCHA: self._check_recaptcha,
|
LoginType.RECAPTCHA: self._check_recaptcha,
|
||||||
LoginType.EMAIL_IDENTITY: self._check_email_identity,
|
LoginType.EMAIL_IDENTITY: self._check_email_identity,
|
||||||
|
LoginType.DUMMY: self._check_dummy_auth,
|
||||||
}
|
}
|
||||||
self.sessions = {}
|
self.sessions = {}
|
||||||
|
|
||||||
|
@ -202,6 +203,11 @@ class AuthHandler(BaseHandler):
|
||||||
|
|
||||||
defer.returnValue(threepid)
|
defer.returnValue(threepid)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def _check_dummy_auth(self, authdict, _):
|
||||||
|
yield run_on_reactor()
|
||||||
|
defer.returnValue(True)
|
||||||
|
|
||||||
def _get_params_recaptcha(self):
|
def _get_params_recaptcha(self):
|
||||||
return {"public_key": self.hs.config.recaptcha_public_key}
|
return {"public_key": self.hs.config.recaptcha_public_key}
|
||||||
|
|
||||||
|
|
|
@ -42,8 +42,8 @@ class IdentityHandler(BaseHandler):
|
||||||
# each request
|
# each request
|
||||||
http_client = SimpleHttpClient(self.hs)
|
http_client = SimpleHttpClient(self.hs)
|
||||||
# XXX: make this configurable!
|
# XXX: make this configurable!
|
||||||
#trustedIdServers = ['matrix.org', 'localhost:8090']
|
trustedIdServers = ['matrix.org', 'localhost:8090']
|
||||||
trustedIdServers = ['matrix.org']
|
#trustedIdServers = ['matrix.org']
|
||||||
if not creds['idServer'] in trustedIdServers:
|
if not creds['idServer'] in trustedIdServers:
|
||||||
logger.warn('%s is not a trusted ID server: rejecting 3pid ' +
|
logger.warn('%s is not a trusted ID server: rejecting 3pid ' +
|
||||||
'credentials', creds['idServer'])
|
'credentials', creds['idServer'])
|
||||||
|
@ -52,7 +52,7 @@ class IdentityHandler(BaseHandler):
|
||||||
data = {}
|
data = {}
|
||||||
try:
|
try:
|
||||||
data = yield http_client.get_json(
|
data = yield http_client.get_json(
|
||||||
"https://%s%s" % (
|
"http://%s%s" % (
|
||||||
creds['idServer'],
|
creds['idServer'],
|
||||||
"/_matrix/identity/api/v1/3pid/getValidated3pid"
|
"/_matrix/identity/api/v1/3pid/getValidated3pid"
|
||||||
),
|
),
|
||||||
|
|
|
@ -63,6 +63,17 @@ class RegisterRestServlet(RestServlet):
|
||||||
if 'access_token' in request.args:
|
if 'access_token' in request.args:
|
||||||
service = yield self.auth.get_appservice_by_req(request)
|
service = yield self.auth.get_appservice_by_req(request)
|
||||||
|
|
||||||
|
if self.hs.config.enable_registration_captcha:
|
||||||
|
flows = [
|
||||||
|
[LoginType.RECAPTCHA],
|
||||||
|
[LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA]
|
||||||
|
]
|
||||||
|
else:
|
||||||
|
flows = [
|
||||||
|
[LoginType.DUMMY],
|
||||||
|
[LoginType.EMAIL_IDENTITY]
|
||||||
|
]
|
||||||
|
|
||||||
if service:
|
if service:
|
||||||
is_application_server = True
|
is_application_server = True
|
||||||
elif 'mac' in body:
|
elif 'mac' in body:
|
||||||
|
@ -74,10 +85,9 @@ class RegisterRestServlet(RestServlet):
|
||||||
)
|
)
|
||||||
is_using_shared_secret = True
|
is_using_shared_secret = True
|
||||||
else:
|
else:
|
||||||
authed, result, params = yield self.auth_handler.check_auth([
|
authed, result, params = yield self.auth_handler.check_auth(
|
||||||
[LoginType.RECAPTCHA],
|
flows, body, self.hs.get_ip_from_request(request)
|
||||||
[LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA],
|
)
|
||||||
], body, self.hs.get_ip_from_request(request))
|
|
||||||
|
|
||||||
if not authed:
|
if not authed:
|
||||||
defer.returnValue((401, result))
|
defer.returnValue((401, result))
|
||||||
|
|
Loading…
Reference in a new issue