forked from MirrorHub/synapse
fix up v1, and improve errors
This commit is contained in:
parent
0af58f14ee
commit
9d332e0f79
4 changed files with 65 additions and 20 deletions
|
@ -15,6 +15,7 @@
|
||||||
|
|
||||||
"""Contains functions for registering clients."""
|
"""Contains functions for registering clients."""
|
||||||
import logging
|
import logging
|
||||||
|
import re
|
||||||
|
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
@ -293,7 +294,7 @@ class RegistrationHandler(BaseHandler):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
for c in threepidCreds:
|
for c in threepidCreds:
|
||||||
logger.info("validating theeepidcred sid %s on id server %s",
|
logger.info("validating threepidcred sid %s on id server %s",
|
||||||
c['sid'], c['idServer'])
|
c['sid'], c['idServer'])
|
||||||
try:
|
try:
|
||||||
identity_handler = self.hs.get_handlers().identity_handler
|
identity_handler = self.hs.get_handlers().identity_handler
|
||||||
|
@ -307,6 +308,16 @@ class RegistrationHandler(BaseHandler):
|
||||||
logger.info("got threepid with medium '%s' and address '%s'",
|
logger.info("got threepid with medium '%s' and address '%s'",
|
||||||
threepid['medium'], threepid['address'])
|
threepid['medium'], threepid['address'])
|
||||||
|
|
||||||
|
for constraint in self.hs.config.registrations_require_3pid:
|
||||||
|
if (
|
||||||
|
constraint['medium'] == 'email' and
|
||||||
|
threepid['medium'] == 'email' and
|
||||||
|
re.match(constraint['pattern'], threepid['address'])
|
||||||
|
):
|
||||||
|
raise RegistrationError(
|
||||||
|
403, "Third party identifier is not allowed"
|
||||||
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def bind_emails(self, user_id, threepidCreds):
|
def bind_emails(self, user_id, threepidCreds):
|
||||||
"""Links emails with a user ID and informs an identity server.
|
"""Links emails with a user ID and informs an identity server.
|
||||||
|
|
|
@ -70,10 +70,24 @@ class RegisterRestServlet(ClientV1RestServlet):
|
||||||
self.handlers = hs.get_handlers()
|
self.handlers = hs.get_handlers()
|
||||||
|
|
||||||
def on_GET(self, request):
|
def on_GET(self, request):
|
||||||
|
|
||||||
|
require_email = False
|
||||||
|
require_msisdn = False
|
||||||
|
for constraint in self.hs.config.registrations_require_3pid:
|
||||||
|
if constraint['medium'] == 'email':
|
||||||
|
require_email = True
|
||||||
|
elif constraint['medium'] == 'msisdn':
|
||||||
|
require_msisdn = True
|
||||||
|
else:
|
||||||
|
logger.warn(
|
||||||
|
"Unrecognised 3PID medium %s in registrations_require_3pid" %
|
||||||
|
constraint['medium']
|
||||||
|
)
|
||||||
|
|
||||||
|
flows = []
|
||||||
if self.hs.config.enable_registration_captcha:
|
if self.hs.config.enable_registration_captcha:
|
||||||
return (
|
if require_email or not require_msisdn:
|
||||||
200,
|
flows.extend([
|
||||||
{"flows": [
|
|
||||||
{
|
{
|
||||||
"type": LoginType.RECAPTCHA,
|
"type": LoginType.RECAPTCHA,
|
||||||
"stages": [
|
"stages": [
|
||||||
|
@ -82,27 +96,31 @@ class RegisterRestServlet(ClientV1RestServlet):
|
||||||
LoginType.PASSWORD
|
LoginType.PASSWORD
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
])
|
||||||
|
if not require_email and not require_msisdn:
|
||||||
|
flows.extend([
|
||||||
{
|
{
|
||||||
"type": LoginType.RECAPTCHA,
|
"type": LoginType.RECAPTCHA,
|
||||||
"stages": [LoginType.RECAPTCHA, LoginType.PASSWORD]
|
"stages": [LoginType.RECAPTCHA, LoginType.PASSWORD]
|
||||||
}
|
}
|
||||||
]}
|
])
|
||||||
)
|
|
||||||
else:
|
else:
|
||||||
return (
|
if require_email or not require_msisdn:
|
||||||
200,
|
flows.extend([
|
||||||
{"flows": [
|
|
||||||
{
|
{
|
||||||
"type": LoginType.EMAIL_IDENTITY,
|
"type": LoginType.EMAIL_IDENTITY,
|
||||||
"stages": [
|
"stages": [
|
||||||
LoginType.EMAIL_IDENTITY, LoginType.PASSWORD
|
LoginType.EMAIL_IDENTITY, LoginType.PASSWORD
|
||||||
]
|
]
|
||||||
},
|
}
|
||||||
|
])
|
||||||
|
if not require_email and not require_msisdn:
|
||||||
|
flows.extend([
|
||||||
{
|
{
|
||||||
"type": LoginType.PASSWORD
|
"type": LoginType.PASSWORD
|
||||||
}
|
}
|
||||||
]}
|
])
|
||||||
)
|
return (200, {"flows": flows})
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_POST(self, request):
|
def on_POST(self, request):
|
||||||
|
|
|
@ -48,7 +48,9 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
||||||
])
|
])
|
||||||
|
|
||||||
if not check_3pid_allowed(self.hs, "email", body['email']):
|
if not check_3pid_allowed(self.hs, "email", body['email']):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
|
|
||||||
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
||||||
'email', body['email']
|
'email', body['email']
|
||||||
|
@ -82,7 +84,9 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
|
||||||
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
||||||
|
|
||||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
|
|
||||||
existingUid = yield self.datastore.get_user_id_by_threepid(
|
existingUid = yield self.datastore.get_user_id_by_threepid(
|
||||||
'msisdn', msisdn
|
'msisdn', msisdn
|
||||||
|
@ -224,7 +228,9 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
|
||||||
raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
|
raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
|
||||||
|
|
||||||
if not check_3pid_allowed(self.hs, "email", body['email']):
|
if not check_3pid_allowed(self.hs, "email", body['email']):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
|
|
||||||
existingUid = yield self.datastore.get_user_id_by_threepid(
|
existingUid = yield self.datastore.get_user_id_by_threepid(
|
||||||
'email', body['email']
|
'email', body['email']
|
||||||
|
@ -265,7 +271,9 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
|
||||||
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
||||||
|
|
||||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
|
|
||||||
existingUid = yield self.datastore.get_user_id_by_threepid(
|
existingUid = yield self.datastore.get_user_id_by_threepid(
|
||||||
'msisdn', msisdn
|
'msisdn', msisdn
|
||||||
|
|
|
@ -72,7 +72,9 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
|
||||||
])
|
])
|
||||||
|
|
||||||
if not check_3pid_allowed(self.hs, "email", body['email']):
|
if not check_3pid_allowed(self.hs, "email", body['email']):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
|
|
||||||
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
||||||
'email', body['email']
|
'email', body['email']
|
||||||
|
@ -110,7 +112,9 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
|
||||||
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
||||||
|
|
||||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
|
|
||||||
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
||||||
'msisdn', msisdn
|
'msisdn', msisdn
|
||||||
|
@ -368,7 +372,9 @@ class RegisterRestServlet(RestServlet):
|
||||||
auth_result[LoginType.EMAIL_IDENTITY].threepid.address
|
auth_result[LoginType.EMAIL_IDENTITY].threepid.address
|
||||||
)
|
)
|
||||||
):
|
):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
elif (
|
elif (
|
||||||
constraint['medium'] == 'msisdn' and
|
constraint['medium'] == 'msisdn' and
|
||||||
auth_result and LoginType.MSISDN in auth_result and
|
auth_result and LoginType.MSISDN in auth_result and
|
||||||
|
@ -377,7 +383,9 @@ class RegisterRestServlet(RestServlet):
|
||||||
auth_result[LoginType.MSISDN].threepid.address
|
auth_result[LoginType.MSISDN].threepid.address
|
||||||
)
|
)
|
||||||
):
|
):
|
||||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
raise SynapseError(
|
||||||
|
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||||
|
)
|
||||||
|
|
||||||
if registered_user_id is not None:
|
if registered_user_id is not None:
|
||||||
logger.info(
|
logger.info(
|
||||||
|
|
Loading…
Reference in a new issue