Compare commits
6 commits
develop
...
bbz/info-m
Author | SHA1 | Date | |
---|---|---|---|
e70810934f | |||
b8a05b5a3f | |||
2e9f389fd2 | |||
80c66c4bca | |||
09cb7dec5f | |||
456fa172cf |
|
@ -1103,6 +1103,11 @@ account_validity:
|
|||
# Mandate that users are only allowed to associate certain formats of
|
||||
# 3PIDs with accounts on this server.
|
||||
#
|
||||
# Use an Identity Server to establish which 3PIDs are allowed to register?
|
||||
# Overrides allowed_local_3pids below.
|
||||
#
|
||||
#check_is_for_allowed_local_3pids: matrix.org
|
||||
#
|
||||
#allowed_local_3pids:
|
||||
# - medium: email
|
||||
# pattern: '.*@matrix\.org'
|
||||
|
|
|
@ -99,6 +99,9 @@ class RegistrationConfig(Config):
|
|||
|
||||
self.registrations_require_3pid = config.get("registrations_require_3pid", [])
|
||||
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
|
||||
self.check_is_for_allowed_local_3pids = config.get(
|
||||
"check_is_for_allowed_local_3pids", None
|
||||
)
|
||||
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
|
||||
self.registration_shared_secret = config.get("registration_shared_secret")
|
||||
|
||||
|
@ -250,6 +253,11 @@ class RegistrationConfig(Config):
|
|||
# Mandate that users are only allowed to associate certain formats of
|
||||
# 3PIDs with accounts on this server.
|
||||
#
|
||||
# Use an Identity Server to establish which 3PIDs are allowed to register?
|
||||
# Overrides allowed_local_3pids below.
|
||||
#
|
||||
#check_is_for_allowed_local_3pids: matrix.org
|
||||
#
|
||||
#allowed_local_3pids:
|
||||
# - medium: email
|
||||
# pattern: '.*@matrix\\.org'
|
||||
|
|
|
@ -721,6 +721,27 @@ class GroupsServerHandler(GroupsServerWorkerHandler):
|
|||
|
||||
raise NotImplementedError()
|
||||
|
||||
async def change_user_admin_in_group(
|
||||
self, group_id, user_id, want_admin, requester_user_id, content
|
||||
):
|
||||
"""Promotes or demotes a user in a group.
|
||||
"""
|
||||
|
||||
await self.check_group_is_ours(group_id, requester_user_id, and_exists=True)
|
||||
|
||||
if requester_user_id == user_id:
|
||||
raise SynapseError(400, "User cannot target themselves")
|
||||
|
||||
is_admin = await self.store.is_user_admin_in_group(
|
||||
group_id, requester_user_id
|
||||
)
|
||||
if not is_admin:
|
||||
raise SynapseError(403, "User is not admin in group")
|
||||
|
||||
await self.store.change_user_admin_in_group(group_id, user_id, want_admin)
|
||||
|
||||
return {}
|
||||
|
||||
async def remove_user_from_group(
|
||||
self, group_id, user_id, requester_user_id, content
|
||||
):
|
||||
|
|
|
@ -470,6 +470,25 @@ class GroupsLocalHandler(GroupsLocalWorkerHandler):
|
|||
|
||||
return {"state": "invite", "user_profile": user_profile}
|
||||
|
||||
async def change_user_admin_in_group(
|
||||
self, group_id, user_id, want_admin, requester_user_id, content
|
||||
):
|
||||
"""Promotes or demotes a user in a group.
|
||||
"""
|
||||
|
||||
if not self.is_mine_id(user_id):
|
||||
raise SynapseError(400, "User not on this server")
|
||||
|
||||
# TODO: We should probably support federation, but this is fine for now
|
||||
if not self.is_mine_id(group_id):
|
||||
raise SynapseError(400, "Group not on this server")
|
||||
|
||||
res = await self.groups_server_handler.change_user_admin_in_group(
|
||||
group_id, user_id, want_admin, requester_user_id, content
|
||||
)
|
||||
|
||||
return res
|
||||
|
||||
async def remove_user_from_group(
|
||||
self, group_id, user_id, requester_user_id, content
|
||||
):
|
||||
|
|
|
@ -88,7 +88,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
|||
send_attempt = body["send_attempt"]
|
||||
next_link = body.get("next_link") # Optional param
|
||||
|
||||
if not check_3pid_allowed(self.hs, "email", email):
|
||||
if not await check_3pid_allowed(self.hs, "email", email):
|
||||
raise SynapseError(
|
||||
403,
|
||||
"Your email domain is not authorized on this server",
|
||||
|
@ -398,7 +398,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
|
|||
send_attempt = body["send_attempt"]
|
||||
next_link = body.get("next_link") # Optional param
|
||||
|
||||
if not check_3pid_allowed(self.hs, "email", email):
|
||||
if not await check_3pid_allowed(self.hs, "email", email):
|
||||
raise SynapseError(
|
||||
403,
|
||||
"Your email domain is not authorized on this server",
|
||||
|
@ -468,7 +468,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
|
|||
|
||||
msisdn = phone_number_to_msisdn(country, phone_number)
|
||||
|
||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||
if not await check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||
raise SynapseError(
|
||||
403,
|
||||
"Account phone numbers are not authorized on this server",
|
||||
|
|
|
@ -548,6 +548,31 @@ class GroupAdminUsersKickServlet(RestServlet):
|
|||
|
||||
return 200, result
|
||||
|
||||
class GroupAdminChangeAdminServlet(RestServlet):
|
||||
"""Promote or demote a user in the group
|
||||
"""
|
||||
|
||||
PATTERNS = client_patterns(
|
||||
"/groups/(?P<group_id>[^/]*)/admin/users/admins/(?P<user_id>[^/]*)$"
|
||||
)
|
||||
|
||||
def __init__(self, hs):
|
||||
super(GroupAdminChangeAdminServlet, self).__init__()
|
||||
self.auth = hs.get_auth()
|
||||
self.clock = hs.get_clock()
|
||||
self.groups_handler = hs.get_groups_local_handler()
|
||||
|
||||
async def on_POST(self, request, group_id, user_id):
|
||||
requester = await self.auth.get_user_by_req(request)
|
||||
requester_user_id = requester.user.to_string()
|
||||
|
||||
content = parse_json_object_from_request(request)
|
||||
want_admin = content["is_admin"]
|
||||
result = await self.groups_handler.change_user_admin_in_group(
|
||||
group_id, user_id, want_admin, requester_user_id, content
|
||||
)
|
||||
|
||||
return 200, result
|
||||
|
||||
class GroupSelfLeaveServlet(RestServlet):
|
||||
"""Leave a joined group
|
||||
|
@ -722,6 +747,7 @@ def register_servlets(hs, http_server):
|
|||
GroupAdminRoomsConfigServlet(hs).register(http_server)
|
||||
GroupAdminUsersInviteServlet(hs).register(http_server)
|
||||
GroupAdminUsersKickServlet(hs).register(http_server)
|
||||
GroupAdminChangeAdminServlet(hs).register(http_server)
|
||||
GroupSelfLeaveServlet(hs).register(http_server)
|
||||
GroupSelfJoinServlet(hs).register(http_server)
|
||||
GroupSelfAcceptInviteServlet(hs).register(http_server)
|
||||
|
|
|
@ -122,10 +122,10 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
|
|||
send_attempt = body["send_attempt"]
|
||||
next_link = body.get("next_link") # Optional param
|
||||
|
||||
if not check_3pid_allowed(self.hs, "email", email):
|
||||
if not await check_3pid_allowed(self.hs, "email", email):
|
||||
raise SynapseError(
|
||||
403,
|
||||
"Your email domain is not authorized to register on this server",
|
||||
"You currently can't create an account with this email address",
|
||||
Codes.THREEPID_DENIED,
|
||||
)
|
||||
|
||||
|
@ -194,7 +194,7 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
|
|||
|
||||
msisdn = phone_number_to_msisdn(country, phone_number)
|
||||
|
||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||
if not await check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||
raise SynapseError(
|
||||
403,
|
||||
"Phone numbers are not authorized to register on this server",
|
||||
|
@ -520,7 +520,7 @@ class RegisterRestServlet(RestServlet):
|
|||
medium = auth_result[login_type]["medium"]
|
||||
address = auth_result[login_type]["address"]
|
||||
|
||||
if not check_3pid_allowed(self.hs, medium, address):
|
||||
if not await check_3pid_allowed(self.hs, medium, address):
|
||||
raise SynapseError(
|
||||
403,
|
||||
"Third party identifiers (email/phone numbers)"
|
||||
|
|
|
@ -1011,6 +1011,14 @@ class GroupServerStore(GroupServerWorkerStore):
|
|||
"remove_user_from_group", _remove_user_from_group_txn
|
||||
)
|
||||
|
||||
def change_user_admin_in_group(self, group_id, user_id, is_admin):
|
||||
return self.db.simple_update(
|
||||
table="group_users",
|
||||
keyvalues={"group_id": group_id, "user_id": user_id},
|
||||
updatevalues={"is_admin": is_admin},
|
||||
desc="change_user_admin_in_group"
|
||||
)
|
||||
|
||||
def add_room_to_group(self, group_id, room_id, is_public):
|
||||
return self.db.simple_insert(
|
||||
table="group_rooms",
|
||||
|
|
|
@ -19,7 +19,7 @@ import re
|
|||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def check_3pid_allowed(hs, medium, address):
|
||||
async def check_3pid_allowed(hs, medium, address):
|
||||
"""Checks whether a given format of 3PID is allowed to be used on this HS
|
||||
|
||||
Args:
|
||||
|
@ -31,6 +31,32 @@ def check_3pid_allowed(hs, medium, address):
|
|||
bool: whether the 3PID medium/address is allowed to be added to this HS
|
||||
"""
|
||||
|
||||
if hs.config.check_is_for_allowed_local_3pids:
|
||||
data = await hs.get_simple_http_client().get_json(
|
||||
"https://%s%s" % (
|
||||
hs.config.check_is_for_allowed_local_3pids,
|
||||
"/_matrix/identity/api/v1/internal-info"
|
||||
),
|
||||
{'medium': medium, 'address': address}
|
||||
)
|
||||
|
||||
# Check for invalid response
|
||||
if 'hs' not in data and 'shadow_hs' not in data:
|
||||
return False
|
||||
|
||||
# Check if this user is intended to register for this homeserver
|
||||
if (
|
||||
data.get('hs') != hs.config.server_name
|
||||
and data.get('shadow_hs') != hs.config.server_name
|
||||
):
|
||||
return False
|
||||
|
||||
if data.get('requires_invite', False) and not data.get('invited', False):
|
||||
# Requires an invite but hasn't been invited
|
||||
return False
|
||||
|
||||
return True
|
||||
|
||||
if hs.config.allowed_local_3pids:
|
||||
for constraint in hs.config.allowed_local_3pids:
|
||||
logger.debug(
|
||||
|
|
Loading…
Reference in a new issue