mirror of
https://mau.dev/maunium/synapse.git
synced 2025-01-19 06:31:56 +01:00
Use direct references for configuration variables (part 7). (#10959)
This commit is contained in:
parent
a071144a5c
commit
a0f48ee89d
23 changed files with 83 additions and 68 deletions
1
changelog.d/10959.misc
Normal file
1
changelog.d/10959.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Use direct references to config flags.
|
|
@ -198,7 +198,7 @@ class AuthHandler(BaseHandler):
|
||||||
if inst.is_enabled():
|
if inst.is_enabled():
|
||||||
self.checkers[inst.AUTH_TYPE] = inst # type: ignore
|
self.checkers[inst.AUTH_TYPE] = inst # type: ignore
|
||||||
|
|
||||||
self.bcrypt_rounds = hs.config.bcrypt_rounds
|
self.bcrypt_rounds = hs.config.registration.bcrypt_rounds
|
||||||
|
|
||||||
# we can't use hs.get_module_api() here, because to do so will create an
|
# we can't use hs.get_module_api() here, because to do so will create an
|
||||||
# import loop.
|
# import loop.
|
||||||
|
|
|
@ -573,9 +573,15 @@ class IdentityHandler(BaseHandler):
|
||||||
|
|
||||||
# Try to validate as email
|
# Try to validate as email
|
||||||
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||||
|
# Remote emails will only be used if a valid identity server is provided.
|
||||||
|
assert (
|
||||||
|
self.hs.config.registration.account_threepid_delegate_email is not None
|
||||||
|
)
|
||||||
|
|
||||||
# Ask our delegated email identity server
|
# Ask our delegated email identity server
|
||||||
validation_session = await self.threepid_from_creds(
|
validation_session = await self.threepid_from_creds(
|
||||||
self.hs.config.account_threepid_delegate_email, threepid_creds
|
self.hs.config.registration.account_threepid_delegate_email,
|
||||||
|
threepid_creds,
|
||||||
)
|
)
|
||||||
elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
|
||||||
# Get a validated session matching these details
|
# Get a validated session matching these details
|
||||||
|
@ -587,10 +593,11 @@ class IdentityHandler(BaseHandler):
|
||||||
return validation_session
|
return validation_session
|
||||||
|
|
||||||
# Try to validate as msisdn
|
# Try to validate as msisdn
|
||||||
if self.hs.config.account_threepid_delegate_msisdn:
|
if self.hs.config.registration.account_threepid_delegate_msisdn:
|
||||||
# Ask our delegated msisdn identity server
|
# Ask our delegated msisdn identity server
|
||||||
validation_session = await self.threepid_from_creds(
|
validation_session = await self.threepid_from_creds(
|
||||||
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
|
self.hs.config.registration.account_threepid_delegate_msisdn,
|
||||||
|
threepid_creds,
|
||||||
)
|
)
|
||||||
|
|
||||||
return validation_session
|
return validation_session
|
||||||
|
|
|
@ -178,7 +178,7 @@ class ProfileHandler(BaseHandler):
|
||||||
if not by_admin and target_user != requester.user:
|
if not by_admin and target_user != requester.user:
|
||||||
raise AuthError(400, "Cannot set another user's displayname")
|
raise AuthError(400, "Cannot set another user's displayname")
|
||||||
|
|
||||||
if not by_admin and not self.hs.config.enable_set_displayname:
|
if not by_admin and not self.hs.config.registration.enable_set_displayname:
|
||||||
profile = await self.store.get_profileinfo(target_user.localpart)
|
profile = await self.store.get_profileinfo(target_user.localpart)
|
||||||
if profile.display_name:
|
if profile.display_name:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
|
@ -268,7 +268,7 @@ class ProfileHandler(BaseHandler):
|
||||||
if not by_admin and target_user != requester.user:
|
if not by_admin and target_user != requester.user:
|
||||||
raise AuthError(400, "Cannot set another user's avatar_url")
|
raise AuthError(400, "Cannot set another user's avatar_url")
|
||||||
|
|
||||||
if not by_admin and not self.hs.config.enable_set_avatar_url:
|
if not by_admin and not self.hs.config.registration.enable_set_avatar_url:
|
||||||
profile = await self.store.get_profileinfo(target_user.localpart)
|
profile = await self.store.get_profileinfo(target_user.localpart)
|
||||||
if profile.avatar_url:
|
if profile.avatar_url:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
|
|
|
@ -116,8 +116,8 @@ class RegistrationHandler(BaseHandler):
|
||||||
self._register_device_client = self.register_device_inner
|
self._register_device_client = self.register_device_inner
|
||||||
self.pusher_pool = hs.get_pusherpool()
|
self.pusher_pool = hs.get_pusherpool()
|
||||||
|
|
||||||
self.session_lifetime = hs.config.session_lifetime
|
self.session_lifetime = hs.config.registration.session_lifetime
|
||||||
self.access_token_lifetime = hs.config.access_token_lifetime
|
self.access_token_lifetime = hs.config.registration.access_token_lifetime
|
||||||
|
|
||||||
init_counters_for_auth_provider("")
|
init_counters_for_auth_provider("")
|
||||||
|
|
||||||
|
@ -343,7 +343,10 @@ class RegistrationHandler(BaseHandler):
|
||||||
# If the user does not need to consent at registration, auto-join any
|
# If the user does not need to consent at registration, auto-join any
|
||||||
# configured rooms.
|
# configured rooms.
|
||||||
if not self.hs.config.consent.user_consent_at_registration:
|
if not self.hs.config.consent.user_consent_at_registration:
|
||||||
if not self.hs.config.auto_join_rooms_for_guests and make_guest:
|
if (
|
||||||
|
not self.hs.config.registration.auto_join_rooms_for_guests
|
||||||
|
and make_guest
|
||||||
|
):
|
||||||
logger.info(
|
logger.info(
|
||||||
"Skipping auto-join for %s because auto-join for guests is disabled",
|
"Skipping auto-join for %s because auto-join for guests is disabled",
|
||||||
user_id,
|
user_id,
|
||||||
|
|
|
@ -89,7 +89,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
|
||||||
self.spam_checker = hs.get_spam_checker()
|
self.spam_checker = hs.get_spam_checker()
|
||||||
self.third_party_event_rules = hs.get_third_party_event_rules()
|
self.third_party_event_rules = hs.get_third_party_event_rules()
|
||||||
self._server_notices_mxid = self.config.servernotices.server_notices_mxid
|
self._server_notices_mxid = self.config.servernotices.server_notices_mxid
|
||||||
self._enable_lookup = hs.config.enable_3pid_lookup
|
self._enable_lookup = hs.config.registration.enable_3pid_lookup
|
||||||
self.allow_per_room_profiles = self.config.server.allow_per_room_profiles
|
self.allow_per_room_profiles = self.config.server.allow_per_room_profiles
|
||||||
|
|
||||||
self._join_rate_limiter_local = Ratelimiter(
|
self._join_rate_limiter_local = Ratelimiter(
|
||||||
|
|
|
@ -153,21 +153,23 @@ class _BaseThreepidAuthChecker:
|
||||||
|
|
||||||
# msisdns are currently always ThreepidBehaviour.REMOTE
|
# msisdns are currently always ThreepidBehaviour.REMOTE
|
||||||
if medium == "msisdn":
|
if medium == "msisdn":
|
||||||
if not self.hs.config.account_threepid_delegate_msisdn:
|
if not self.hs.config.registration.account_threepid_delegate_msisdn:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400, "Phone number verification is not enabled on this homeserver"
|
400, "Phone number verification is not enabled on this homeserver"
|
||||||
)
|
)
|
||||||
threepid = await identity_handler.threepid_from_creds(
|
threepid = await identity_handler.threepid_from_creds(
|
||||||
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
|
self.hs.config.registration.account_threepid_delegate_msisdn,
|
||||||
|
threepid_creds,
|
||||||
)
|
)
|
||||||
elif medium == "email":
|
elif medium == "email":
|
||||||
if (
|
if (
|
||||||
self.hs.config.email.threepid_behaviour_email
|
self.hs.config.email.threepid_behaviour_email
|
||||||
== ThreepidBehaviour.REMOTE
|
== ThreepidBehaviour.REMOTE
|
||||||
):
|
):
|
||||||
assert self.hs.config.account_threepid_delegate_email
|
assert self.hs.config.registration.account_threepid_delegate_email
|
||||||
threepid = await identity_handler.threepid_from_creds(
|
threepid = await identity_handler.threepid_from_creds(
|
||||||
self.hs.config.account_threepid_delegate_email, threepid_creds
|
self.hs.config.registration.account_threepid_delegate_email,
|
||||||
|
threepid_creds,
|
||||||
)
|
)
|
||||||
elif (
|
elif (
|
||||||
self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
|
self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
|
||||||
|
@ -240,7 +242,7 @@ class MsisdnAuthChecker(UserInteractiveAuthChecker, _BaseThreepidAuthChecker):
|
||||||
_BaseThreepidAuthChecker.__init__(self, hs)
|
_BaseThreepidAuthChecker.__init__(self, hs)
|
||||||
|
|
||||||
def is_enabled(self) -> bool:
|
def is_enabled(self) -> bool:
|
||||||
return bool(self.hs.config.account_threepid_delegate_msisdn)
|
return bool(self.hs.config.registration.account_threepid_delegate_msisdn)
|
||||||
|
|
||||||
async def check_auth(self, authdict: dict, clientip: str) -> Any:
|
async def check_auth(self, authdict: dict, clientip: str) -> Any:
|
||||||
return await self._check_threepid("msisdn", authdict)
|
return await self._check_threepid("msisdn", authdict)
|
||||||
|
@ -252,7 +254,7 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
|
||||||
def __init__(self, hs: "HomeServer"):
|
def __init__(self, hs: "HomeServer"):
|
||||||
super().__init__(hs)
|
super().__init__(hs)
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
self._enabled = bool(hs.config.registration_requires_token)
|
self._enabled = bool(hs.config.registration.registration_requires_token)
|
||||||
self.store = hs.get_datastore()
|
self.store = hs.get_datastore()
|
||||||
|
|
||||||
def is_enabled(self) -> bool:
|
def is_enabled(self) -> bool:
|
||||||
|
|
|
@ -442,7 +442,7 @@ class UserRegisterServlet(RestServlet):
|
||||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||||
self._clear_old_nonces()
|
self._clear_old_nonces()
|
||||||
|
|
||||||
if not self.hs.config.registration_shared_secret:
|
if not self.hs.config.registration.registration_shared_secret:
|
||||||
raise SynapseError(400, "Shared secret registration is not enabled")
|
raise SynapseError(400, "Shared secret registration is not enabled")
|
||||||
|
|
||||||
body = parse_json_object_from_request(request)
|
body = parse_json_object_from_request(request)
|
||||||
|
@ -498,7 +498,7 @@ class UserRegisterServlet(RestServlet):
|
||||||
got_mac = body["mac"]
|
got_mac = body["mac"]
|
||||||
|
|
||||||
want_mac_builder = hmac.new(
|
want_mac_builder = hmac.new(
|
||||||
key=self.hs.config.registration_shared_secret.encode(),
|
key=self.hs.config.registration.registration_shared_secret.encode(),
|
||||||
digestmod=hashlib.sha1,
|
digestmod=hashlib.sha1,
|
||||||
)
|
)
|
||||||
want_mac_builder.update(nonce.encode("utf8"))
|
want_mac_builder.update(nonce.encode("utf8"))
|
||||||
|
|
|
@ -130,11 +130,11 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
||||||
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
|
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
|
||||||
|
|
||||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||||
assert self.hs.config.account_threepid_delegate_email
|
assert self.hs.config.registration.account_threepid_delegate_email
|
||||||
|
|
||||||
# Have the configured identity server handle the request
|
# Have the configured identity server handle the request
|
||||||
ret = await self.identity_handler.requestEmailToken(
|
ret = await self.identity_handler.requestEmailToken(
|
||||||
self.hs.config.account_threepid_delegate_email,
|
self.hs.config.registration.account_threepid_delegate_email,
|
||||||
email,
|
email,
|
||||||
client_secret,
|
client_secret,
|
||||||
send_attempt,
|
send_attempt,
|
||||||
|
@ -414,11 +414,11 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
|
||||||
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
|
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
|
||||||
|
|
||||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||||
assert self.hs.config.account_threepid_delegate_email
|
assert self.hs.config.registration.account_threepid_delegate_email
|
||||||
|
|
||||||
# Have the configured identity server handle the request
|
# Have the configured identity server handle the request
|
||||||
ret = await self.identity_handler.requestEmailToken(
|
ret = await self.identity_handler.requestEmailToken(
|
||||||
self.hs.config.account_threepid_delegate_email,
|
self.hs.config.registration.account_threepid_delegate_email,
|
||||||
email,
|
email,
|
||||||
client_secret,
|
client_secret,
|
||||||
send_attempt,
|
send_attempt,
|
||||||
|
@ -496,7 +496,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
|
||||||
|
|
||||||
raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)
|
raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)
|
||||||
|
|
||||||
if not self.hs.config.account_threepid_delegate_msisdn:
|
if not self.hs.config.registration.account_threepid_delegate_msisdn:
|
||||||
logger.warning(
|
logger.warning(
|
||||||
"No upstream msisdn account_threepid_delegate configured on the server to "
|
"No upstream msisdn account_threepid_delegate configured on the server to "
|
||||||
"handle this request"
|
"handle this request"
|
||||||
|
@ -507,7 +507,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
|
||||||
)
|
)
|
||||||
|
|
||||||
ret = await self.identity_handler.requestMsisdnToken(
|
ret = await self.identity_handler.requestMsisdnToken(
|
||||||
self.hs.config.account_threepid_delegate_msisdn,
|
self.hs.config.registration.account_threepid_delegate_msisdn,
|
||||||
country,
|
country,
|
||||||
phone_number,
|
phone_number,
|
||||||
client_secret,
|
client_secret,
|
||||||
|
@ -604,7 +604,7 @@ class AddThreepidMsisdnSubmitTokenServlet(RestServlet):
|
||||||
self.identity_handler = hs.get_identity_handler()
|
self.identity_handler = hs.get_identity_handler()
|
||||||
|
|
||||||
async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:
|
async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:
|
||||||
if not self.config.account_threepid_delegate_msisdn:
|
if not self.config.registration.account_threepid_delegate_msisdn:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400,
|
400,
|
||||||
"This homeserver is not validating phone numbers. Use an identity server "
|
"This homeserver is not validating phone numbers. Use an identity server "
|
||||||
|
@ -617,7 +617,7 @@ class AddThreepidMsisdnSubmitTokenServlet(RestServlet):
|
||||||
|
|
||||||
# Proxy submit_token request to msisdn threepid delegate
|
# Proxy submit_token request to msisdn threepid delegate
|
||||||
response = await self.identity_handler.proxy_msisdn_submit_token(
|
response = await self.identity_handler.proxy_msisdn_submit_token(
|
||||||
self.config.account_threepid_delegate_msisdn,
|
self.config.registration.account_threepid_delegate_msisdn,
|
||||||
body["client_secret"],
|
body["client_secret"],
|
||||||
body["sid"],
|
body["sid"],
|
||||||
body["token"],
|
body["token"],
|
||||||
|
@ -644,7 +644,7 @@ class ThreepidRestServlet(RestServlet):
|
||||||
return 200, {"threepids": threepids}
|
return 200, {"threepids": threepids}
|
||||||
|
|
||||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||||
if not self.hs.config.enable_3pid_changes:
|
if not self.hs.config.registration.enable_3pid_changes:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
|
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
|
||||||
)
|
)
|
||||||
|
@ -693,7 +693,7 @@ class ThreepidAddRestServlet(RestServlet):
|
||||||
|
|
||||||
@interactive_auth_handler
|
@interactive_auth_handler
|
||||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||||
if not self.hs.config.enable_3pid_changes:
|
if not self.hs.config.registration.enable_3pid_changes:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
|
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
|
||||||
)
|
)
|
||||||
|
@ -801,7 +801,7 @@ class ThreepidDeleteRestServlet(RestServlet):
|
||||||
self.auth_handler = hs.get_auth_handler()
|
self.auth_handler = hs.get_auth_handler()
|
||||||
|
|
||||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||||
if not self.hs.config.enable_3pid_changes:
|
if not self.hs.config.registration.enable_3pid_changes:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
|
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
|
||||||
)
|
)
|
||||||
|
|
|
@ -49,8 +49,10 @@ class AuthRestServlet(RestServlet):
|
||||||
self.registration_handler = hs.get_registration_handler()
|
self.registration_handler = hs.get_registration_handler()
|
||||||
self.recaptcha_template = hs.config.captcha.recaptcha_template
|
self.recaptcha_template = hs.config.captcha.recaptcha_template
|
||||||
self.terms_template = hs.config.terms_template
|
self.terms_template = hs.config.terms_template
|
||||||
self.registration_token_template = hs.config.registration_token_template
|
self.registration_token_template = (
|
||||||
self.success_template = hs.config.fallback_success_template
|
hs.config.registration.registration_token_template
|
||||||
|
)
|
||||||
|
self.success_template = hs.config.registration.fallback_success_template
|
||||||
|
|
||||||
async def on_GET(self, request: SynapseRequest, stagetype: str) -> None:
|
async def on_GET(self, request: SynapseRequest, stagetype: str) -> None:
|
||||||
session = parse_string(request, "session")
|
session = parse_string(request, "session")
|
||||||
|
|
|
@ -64,13 +64,13 @@ class CapabilitiesRestServlet(RestServlet):
|
||||||
|
|
||||||
if self.config.experimental.msc3283_enabled:
|
if self.config.experimental.msc3283_enabled:
|
||||||
response["capabilities"]["org.matrix.msc3283.set_displayname"] = {
|
response["capabilities"]["org.matrix.msc3283.set_displayname"] = {
|
||||||
"enabled": self.config.enable_set_displayname
|
"enabled": self.config.registration.enable_set_displayname
|
||||||
}
|
}
|
||||||
response["capabilities"]["org.matrix.msc3283.set_avatar_url"] = {
|
response["capabilities"]["org.matrix.msc3283.set_avatar_url"] = {
|
||||||
"enabled": self.config.enable_set_avatar_url
|
"enabled": self.config.registration.enable_set_avatar_url
|
||||||
}
|
}
|
||||||
response["capabilities"]["org.matrix.msc3283.3pid_changes"] = {
|
response["capabilities"]["org.matrix.msc3283.3pid_changes"] = {
|
||||||
"enabled": self.config.enable_3pid_changes
|
"enabled": self.config.registration.enable_3pid_changes
|
||||||
}
|
}
|
||||||
|
|
||||||
return 200, response
|
return 200, response
|
||||||
|
|
|
@ -79,7 +79,7 @@ class LoginRestServlet(RestServlet):
|
||||||
self.saml2_enabled = hs.config.saml2.saml2_enabled
|
self.saml2_enabled = hs.config.saml2.saml2_enabled
|
||||||
self.cas_enabled = hs.config.cas.cas_enabled
|
self.cas_enabled = hs.config.cas.cas_enabled
|
||||||
self.oidc_enabled = hs.config.oidc.oidc_enabled
|
self.oidc_enabled = hs.config.oidc.oidc_enabled
|
||||||
self._msc2918_enabled = hs.config.access_token_lifetime is not None
|
self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None
|
||||||
|
|
||||||
self.auth = hs.get_auth()
|
self.auth = hs.get_auth()
|
||||||
|
|
||||||
|
@ -447,7 +447,7 @@ class RefreshTokenServlet(RestServlet):
|
||||||
def __init__(self, hs: "HomeServer"):
|
def __init__(self, hs: "HomeServer"):
|
||||||
self._auth_handler = hs.get_auth_handler()
|
self._auth_handler = hs.get_auth_handler()
|
||||||
self._clock = hs.get_clock()
|
self._clock = hs.get_clock()
|
||||||
self.access_token_lifetime = hs.config.access_token_lifetime
|
self.access_token_lifetime = hs.config.registration.access_token_lifetime
|
||||||
|
|
||||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||||
refresh_submission = parse_json_object_from_request(request)
|
refresh_submission = parse_json_object_from_request(request)
|
||||||
|
@ -556,7 +556,7 @@ class CasTicketServlet(RestServlet):
|
||||||
|
|
||||||
def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
|
def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
|
||||||
LoginRestServlet(hs).register(http_server)
|
LoginRestServlet(hs).register(http_server)
|
||||||
if hs.config.access_token_lifetime is not None:
|
if hs.config.registration.access_token_lifetime is not None:
|
||||||
RefreshTokenServlet(hs).register(http_server)
|
RefreshTokenServlet(hs).register(http_server)
|
||||||
SsoRedirectServlet(hs).register(http_server)
|
SsoRedirectServlet(hs).register(http_server)
|
||||||
if hs.config.cas.cas_enabled:
|
if hs.config.cas.cas_enabled:
|
||||||
|
|
|
@ -140,11 +140,11 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
|
||||||
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
|
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
|
||||||
|
|
||||||
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
|
||||||
assert self.hs.config.account_threepid_delegate_email
|
assert self.hs.config.registration.account_threepid_delegate_email
|
||||||
|
|
||||||
# Have the configured identity server handle the request
|
# Have the configured identity server handle the request
|
||||||
ret = await self.identity_handler.requestEmailToken(
|
ret = await self.identity_handler.requestEmailToken(
|
||||||
self.hs.config.account_threepid_delegate_email,
|
self.hs.config.registration.account_threepid_delegate_email,
|
||||||
email,
|
email,
|
||||||
client_secret,
|
client_secret,
|
||||||
send_attempt,
|
send_attempt,
|
||||||
|
@ -221,7 +221,7 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
|
||||||
400, "Phone number is already in use", Codes.THREEPID_IN_USE
|
400, "Phone number is already in use", Codes.THREEPID_IN_USE
|
||||||
)
|
)
|
||||||
|
|
||||||
if not self.hs.config.account_threepid_delegate_msisdn:
|
if not self.hs.config.registration.account_threepid_delegate_msisdn:
|
||||||
logger.warning(
|
logger.warning(
|
||||||
"No upstream msisdn account_threepid_delegate configured on the server to "
|
"No upstream msisdn account_threepid_delegate configured on the server to "
|
||||||
"handle this request"
|
"handle this request"
|
||||||
|
@ -231,7 +231,7 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
|
||||||
)
|
)
|
||||||
|
|
||||||
ret = await self.identity_handler.requestMsisdnToken(
|
ret = await self.identity_handler.requestMsisdnToken(
|
||||||
self.hs.config.account_threepid_delegate_msisdn,
|
self.hs.config.registration.account_threepid_delegate_msisdn,
|
||||||
country,
|
country,
|
||||||
phone_number,
|
phone_number,
|
||||||
client_secret,
|
client_secret,
|
||||||
|
@ -341,7 +341,7 @@ class UsernameAvailabilityRestServlet(RestServlet):
|
||||||
)
|
)
|
||||||
|
|
||||||
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
|
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
|
||||||
if not self.hs.config.enable_registration:
|
if not self.hs.config.registration.enable_registration:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
|
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
|
||||||
)
|
)
|
||||||
|
@ -391,7 +391,7 @@ class RegistrationTokenValidityRestServlet(RestServlet):
|
||||||
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
|
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
|
||||||
await self.ratelimiter.ratelimit(None, (request.getClientIP(),))
|
await self.ratelimiter.ratelimit(None, (request.getClientIP(),))
|
||||||
|
|
||||||
if not self.hs.config.enable_registration:
|
if not self.hs.config.registration.enable_registration:
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
|
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
|
||||||
)
|
)
|
||||||
|
@ -419,8 +419,8 @@ class RegisterRestServlet(RestServlet):
|
||||||
self.ratelimiter = hs.get_registration_ratelimiter()
|
self.ratelimiter = hs.get_registration_ratelimiter()
|
||||||
self.password_policy_handler = hs.get_password_policy_handler()
|
self.password_policy_handler = hs.get_password_policy_handler()
|
||||||
self.clock = hs.get_clock()
|
self.clock = hs.get_clock()
|
||||||
self._registration_enabled = self.hs.config.enable_registration
|
self._registration_enabled = self.hs.config.registration.enable_registration
|
||||||
self._msc2918_enabled = hs.config.access_token_lifetime is not None
|
self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None
|
||||||
|
|
||||||
self._registration_flows = _calculate_registration_flows(
|
self._registration_flows = _calculate_registration_flows(
|
||||||
hs.config, self.auth_handler
|
hs.config, self.auth_handler
|
||||||
|
@ -800,7 +800,7 @@ class RegisterRestServlet(RestServlet):
|
||||||
async def _do_guest_registration(
|
async def _do_guest_registration(
|
||||||
self, params: JsonDict, address: Optional[str] = None
|
self, params: JsonDict, address: Optional[str] = None
|
||||||
) -> Tuple[int, JsonDict]:
|
) -> Tuple[int, JsonDict]:
|
||||||
if not self.hs.config.allow_guest_access:
|
if not self.hs.config.registration.allow_guest_access:
|
||||||
raise SynapseError(403, "Guest access is disabled")
|
raise SynapseError(403, "Guest access is disabled")
|
||||||
user_id = await self.registration_handler.register_user(
|
user_id = await self.registration_handler.register_user(
|
||||||
make_guest=True, address=address
|
make_guest=True, address=address
|
||||||
|
@ -849,13 +849,13 @@ def _calculate_registration_flows(
|
||||||
"""
|
"""
|
||||||
# FIXME: need a better error than "no auth flow found" for scenarios
|
# FIXME: need a better error than "no auth flow found" for scenarios
|
||||||
# where we required 3PID for registration but the user didn't give one
|
# where we required 3PID for registration but the user didn't give one
|
||||||
require_email = "email" in config.registrations_require_3pid
|
require_email = "email" in config.registration.registrations_require_3pid
|
||||||
require_msisdn = "msisdn" in config.registrations_require_3pid
|
require_msisdn = "msisdn" in config.registration.registrations_require_3pid
|
||||||
|
|
||||||
show_msisdn = True
|
show_msisdn = True
|
||||||
show_email = True
|
show_email = True
|
||||||
|
|
||||||
if config.disable_msisdn_registration:
|
if config.registration.disable_msisdn_registration:
|
||||||
show_msisdn = False
|
show_msisdn = False
|
||||||
require_msisdn = False
|
require_msisdn = False
|
||||||
|
|
||||||
|
@ -909,7 +909,7 @@ def _calculate_registration_flows(
|
||||||
flow.insert(0, LoginType.RECAPTCHA)
|
flow.insert(0, LoginType.RECAPTCHA)
|
||||||
|
|
||||||
# Prepend registration token to all flows if we're requiring a token
|
# Prepend registration token to all flows if we're requiring a token
|
||||||
if config.registration_requires_token:
|
if config.registration.registration_requires_token:
|
||||||
for flow in flows:
|
for flow in flows:
|
||||||
flow.insert(0, LoginType.REGISTRATION_TOKEN)
|
flow.insert(0, LoginType.REGISTRATION_TOKEN)
|
||||||
|
|
||||||
|
|
|
@ -39,9 +39,9 @@ class WellKnownBuilder:
|
||||||
|
|
||||||
result = {"m.homeserver": {"base_url": self._config.server.public_baseurl}}
|
result = {"m.homeserver": {"base_url": self._config.server.public_baseurl}}
|
||||||
|
|
||||||
if self._config.default_identity_server:
|
if self._config.registration.default_identity_server:
|
||||||
result["m.identity_server"] = {
|
result["m.identity_server"] = {
|
||||||
"base_url": self._config.default_identity_server
|
"base_url": self._config.registration.default_identity_server
|
||||||
}
|
}
|
||||||
|
|
||||||
return result
|
return result
|
||||||
|
|
|
@ -1710,7 +1710,7 @@ class RegistrationBackgroundUpdateStore(RegistrationWorkerStore):
|
||||||
We do this by grandfathering in existing user threepids assuming that
|
We do this by grandfathering in existing user threepids assuming that
|
||||||
they used one of the server configured trusted identity servers.
|
they used one of the server configured trusted identity servers.
|
||||||
"""
|
"""
|
||||||
id_servers = set(self.config.trusted_third_party_id_servers)
|
id_servers = set(self.config.registration.trusted_third_party_id_servers)
|
||||||
|
|
||||||
def _bg_user_threepids_grandfather_txn(txn):
|
def _bg_user_threepids_grandfather_txn(txn):
|
||||||
sql = """
|
sql = """
|
||||||
|
|
|
@ -44,8 +44,8 @@ def check_3pid_allowed(hs: "HomeServer", medium: str, address: str) -> bool:
|
||||||
bool: whether the 3PID medium/address is allowed to be added to this HS
|
bool: whether the 3PID medium/address is allowed to be added to this HS
|
||||||
"""
|
"""
|
||||||
|
|
||||||
if hs.config.allowed_local_3pids:
|
if hs.config.registration.allowed_local_3pids:
|
||||||
for constraint in hs.config.allowed_local_3pids:
|
for constraint in hs.config.registration.allowed_local_3pids:
|
||||||
logger.debug(
|
logger.debug(
|
||||||
"Checking 3PID %s (%s) against %s (%s)",
|
"Checking 3PID %s (%s) against %s (%s)",
|
||||||
address,
|
address,
|
||||||
|
|
|
@ -84,16 +84,16 @@ class ConfigLoadingTestCase(unittest.TestCase):
|
||||||
)
|
)
|
||||||
# Check that disable_registration clobbers enable_registration.
|
# Check that disable_registration clobbers enable_registration.
|
||||||
config = HomeServerConfig.load_config("", ["-c", self.file])
|
config = HomeServerConfig.load_config("", ["-c", self.file])
|
||||||
self.assertFalse(config.enable_registration)
|
self.assertFalse(config.registration.enable_registration)
|
||||||
|
|
||||||
config = HomeServerConfig.load_or_generate_config("", ["-c", self.file])
|
config = HomeServerConfig.load_or_generate_config("", ["-c", self.file])
|
||||||
self.assertFalse(config.enable_registration)
|
self.assertFalse(config.registration.enable_registration)
|
||||||
|
|
||||||
# Check that either config value is clobbered by the command line.
|
# Check that either config value is clobbered by the command line.
|
||||||
config = HomeServerConfig.load_or_generate_config(
|
config = HomeServerConfig.load_or_generate_config(
|
||||||
"", ["-c", self.file, "--enable-registration"]
|
"", ["-c", self.file, "--enable-registration"]
|
||||||
)
|
)
|
||||||
self.assertTrue(config.enable_registration)
|
self.assertTrue(config.registration.enable_registration)
|
||||||
|
|
||||||
def test_stats_enabled(self):
|
def test_stats_enabled(self):
|
||||||
self.generate_config_and_remove_lines_containing("enable_metrics")
|
self.generate_config_and_remove_lines_containing("enable_metrics")
|
||||||
|
|
|
@ -110,7 +110,7 @@ class ProfileTestCase(unittest.HomeserverTestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_set_my_name_if_disabled(self):
|
def test_set_my_name_if_disabled(self):
|
||||||
self.hs.config.enable_set_displayname = False
|
self.hs.config.registration.enable_set_displayname = False
|
||||||
|
|
||||||
# Setting displayname for the first time is allowed
|
# Setting displayname for the first time is allowed
|
||||||
self.get_success(
|
self.get_success(
|
||||||
|
@ -225,7 +225,7 @@ class ProfileTestCase(unittest.HomeserverTestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_set_my_avatar_if_disabled(self):
|
def test_set_my_avatar_if_disabled(self):
|
||||||
self.hs.config.enable_set_avatar_url = False
|
self.hs.config.registration.enable_set_avatar_url = False
|
||||||
|
|
||||||
# Setting displayname for the first time is allowed
|
# Setting displayname for the first time is allowed
|
||||||
self.get_success(
|
self.get_success(
|
||||||
|
|
|
@ -59,7 +59,7 @@ class UserRegisterTestCase(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
self.hs = self.setup_test_homeserver()
|
self.hs = self.setup_test_homeserver()
|
||||||
|
|
||||||
self.hs.config.registration_shared_secret = "shared"
|
self.hs.config.registration.registration_shared_secret = "shared"
|
||||||
|
|
||||||
self.hs.get_media_repository = Mock()
|
self.hs.get_media_repository = Mock()
|
||||||
self.hs.get_deactivate_account_handler = Mock()
|
self.hs.get_deactivate_account_handler = Mock()
|
||||||
|
@ -71,7 +71,7 @@ class UserRegisterTestCase(unittest.HomeserverTestCase):
|
||||||
If there is no shared secret, registration through this method will be
|
If there is no shared secret, registration through this method will be
|
||||||
prevented.
|
prevented.
|
||||||
"""
|
"""
|
||||||
self.hs.config.registration_shared_secret = None
|
self.hs.config.registration.registration_shared_secret = None
|
||||||
|
|
||||||
channel = self.make_request("POST", self.url, b"{}")
|
channel = self.make_request("POST", self.url, b"{}")
|
||||||
|
|
||||||
|
|
|
@ -664,7 +664,7 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
def test_add_email_if_disabled(self):
|
def test_add_email_if_disabled(self):
|
||||||
"""Test adding email to profile when doing so is disallowed"""
|
"""Test adding email to profile when doing so is disallowed"""
|
||||||
self.hs.config.enable_3pid_changes = False
|
self.hs.config.registration.enable_3pid_changes = False
|
||||||
|
|
||||||
client_secret = "foobar"
|
client_secret = "foobar"
|
||||||
session_id = self._request_token(self.email, client_secret)
|
session_id = self._request_token(self.email, client_secret)
|
||||||
|
@ -734,7 +734,7 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
def test_delete_email_if_disabled(self):
|
def test_delete_email_if_disabled(self):
|
||||||
"""Test deleting an email from profile when disallowed"""
|
"""Test deleting an email from profile when disallowed"""
|
||||||
self.hs.config.enable_3pid_changes = False
|
self.hs.config.registration.enable_3pid_changes = False
|
||||||
|
|
||||||
# Add a threepid
|
# Add a threepid
|
||||||
self.get_success(
|
self.get_success(
|
||||||
|
|
|
@ -37,7 +37,7 @@ class IdentityTestCase(unittest.HomeserverTestCase):
|
||||||
return self.hs
|
return self.hs
|
||||||
|
|
||||||
def test_3pid_lookup_disabled(self):
|
def test_3pid_lookup_disabled(self):
|
||||||
self.hs.config.enable_3pid_lookup = False
|
self.hs.config.registration.enable_3pid_lookup = False
|
||||||
|
|
||||||
self.register_user("kermit", "monkey")
|
self.register_user("kermit", "monkey")
|
||||||
tok = self.login("kermit", "monkey")
|
tok = self.login("kermit", "monkey")
|
||||||
|
|
|
@ -147,7 +147,7 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
def test_POST_guest_registration(self):
|
def test_POST_guest_registration(self):
|
||||||
self.hs.config.key.macaroon_secret_key = "test"
|
self.hs.config.key.macaroon_secret_key = "test"
|
||||||
self.hs.config.allow_guest_access = True
|
self.hs.config.registration.allow_guest_access = True
|
||||||
|
|
||||||
channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
||||||
|
|
||||||
|
@ -156,7 +156,7 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
|
||||||
self.assertDictContainsSubset(det_data, channel.json_body)
|
self.assertDictContainsSubset(det_data, channel.json_body)
|
||||||
|
|
||||||
def test_POST_disabled_guest_registration(self):
|
def test_POST_disabled_guest_registration(self):
|
||||||
self.hs.config.allow_guest_access = False
|
self.hs.config.registration.allow_guest_access = False
|
||||||
|
|
||||||
channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
|
||||||
|
|
||||||
|
|
|
@ -560,7 +560,7 @@ class HomeserverTestCase(TestCase):
|
||||||
Returns:
|
Returns:
|
||||||
The MXID of the new user.
|
The MXID of the new user.
|
||||||
"""
|
"""
|
||||||
self.hs.config.registration_shared_secret = "shared"
|
self.hs.config.registration.registration_shared_secret = "shared"
|
||||||
|
|
||||||
# Create the user
|
# Create the user
|
||||||
channel = self.make_request("GET", "/_synapse/admin/v1/register")
|
channel = self.make_request("GET", "/_synapse/admin/v1/register")
|
||||||
|
|
Loading…
Add table
Reference in a new issue