forked from MirrorHub/synapse
fix up v1, and improve errors
This commit is contained in:
parent
0af58f14ee
commit
9d332e0f79
4 changed files with 65 additions and 20 deletions
|
@ -15,6 +15,7 @@
|
|||
|
||||
"""Contains functions for registering clients."""
|
||||
import logging
|
||||
import re
|
||||
|
||||
from twisted.internet import defer
|
||||
|
||||
|
@ -293,7 +294,7 @@ class RegistrationHandler(BaseHandler):
|
|||
"""
|
||||
|
||||
for c in threepidCreds:
|
||||
logger.info("validating theeepidcred sid %s on id server %s",
|
||||
logger.info("validating threepidcred sid %s on id server %s",
|
||||
c['sid'], c['idServer'])
|
||||
try:
|
||||
identity_handler = self.hs.get_handlers().identity_handler
|
||||
|
@ -307,6 +308,16 @@ class RegistrationHandler(BaseHandler):
|
|||
logger.info("got threepid with medium '%s' and address '%s'",
|
||||
threepid['medium'], threepid['address'])
|
||||
|
||||
for constraint in self.hs.config.registrations_require_3pid:
|
||||
if (
|
||||
constraint['medium'] == 'email' and
|
||||
threepid['medium'] == 'email' and
|
||||
re.match(constraint['pattern'], threepid['address'])
|
||||
):
|
||||
raise RegistrationError(
|
||||
403, "Third party identifier is not allowed"
|
||||
)
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def bind_emails(self, user_id, threepidCreds):
|
||||
"""Links emails with a user ID and informs an identity server.
|
||||
|
|
|
@ -70,10 +70,24 @@ class RegisterRestServlet(ClientV1RestServlet):
|
|||
self.handlers = hs.get_handlers()
|
||||
|
||||
def on_GET(self, request):
|
||||
|
||||
require_email = False
|
||||
require_msisdn = False
|
||||
for constraint in self.hs.config.registrations_require_3pid:
|
||||
if constraint['medium'] == 'email':
|
||||
require_email = True
|
||||
elif constraint['medium'] == 'msisdn':
|
||||
require_msisdn = True
|
||||
else:
|
||||
logger.warn(
|
||||
"Unrecognised 3PID medium %s in registrations_require_3pid" %
|
||||
constraint['medium']
|
||||
)
|
||||
|
||||
flows = []
|
||||
if self.hs.config.enable_registration_captcha:
|
||||
return (
|
||||
200,
|
||||
{"flows": [
|
||||
if require_email or not require_msisdn:
|
||||
flows.extend([
|
||||
{
|
||||
"type": LoginType.RECAPTCHA,
|
||||
"stages": [
|
||||
|
@ -82,27 +96,31 @@ class RegisterRestServlet(ClientV1RestServlet):
|
|||
LoginType.PASSWORD
|
||||
]
|
||||
},
|
||||
])
|
||||
if not require_email and not require_msisdn:
|
||||
flows.extend([
|
||||
{
|
||||
"type": LoginType.RECAPTCHA,
|
||||
"stages": [LoginType.RECAPTCHA, LoginType.PASSWORD]
|
||||
}
|
||||
]}
|
||||
)
|
||||
])
|
||||
else:
|
||||
return (
|
||||
200,
|
||||
{"flows": [
|
||||
if require_email or not require_msisdn:
|
||||
flows.extend([
|
||||
{
|
||||
"type": LoginType.EMAIL_IDENTITY,
|
||||
"stages": [
|
||||
LoginType.EMAIL_IDENTITY, LoginType.PASSWORD
|
||||
]
|
||||
},
|
||||
}
|
||||
])
|
||||
if not require_email and not require_msisdn:
|
||||
flows.extend([
|
||||
{
|
||||
"type": LoginType.PASSWORD
|
||||
}
|
||||
]}
|
||||
)
|
||||
])
|
||||
return (200, {"flows": flows})
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def on_POST(self, request):
|
||||
|
|
|
@ -48,7 +48,9 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
|||
])
|
||||
|
||||
if not check_3pid_allowed(self.hs, "email", body['email']):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
|
||||
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
||||
'email', body['email']
|
||||
|
@ -82,7 +84,9 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
|
|||
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
||||
|
||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
|
||||
existingUid = yield self.datastore.get_user_id_by_threepid(
|
||||
'msisdn', msisdn
|
||||
|
@ -224,7 +228,9 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
|
|||
raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
|
||||
|
||||
if not check_3pid_allowed(self.hs, "email", body['email']):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
|
||||
existingUid = yield self.datastore.get_user_id_by_threepid(
|
||||
'email', body['email']
|
||||
|
@ -265,7 +271,9 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
|
|||
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
||||
|
||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
|
||||
existingUid = yield self.datastore.get_user_id_by_threepid(
|
||||
'msisdn', msisdn
|
||||
|
|
|
@ -72,7 +72,9 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
|
|||
])
|
||||
|
||||
if not check_3pid_allowed(self.hs, "email", body['email']):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
|
||||
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
||||
'email', body['email']
|
||||
|
@ -110,7 +112,9 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
|
|||
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
|
||||
|
||||
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
|
||||
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
|
||||
'msisdn', msisdn
|
||||
|
@ -368,7 +372,9 @@ class RegisterRestServlet(RestServlet):
|
|||
auth_result[LoginType.EMAIL_IDENTITY].threepid.address
|
||||
)
|
||||
):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
elif (
|
||||
constraint['medium'] == 'msisdn' and
|
||||
auth_result and LoginType.MSISDN in auth_result and
|
||||
|
@ -377,7 +383,9 @@ class RegisterRestServlet(RestServlet):
|
|||
auth_result[LoginType.MSISDN].threepid.address
|
||||
)
|
||||
):
|
||||
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
|
||||
raise SynapseError(
|
||||
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
|
||||
)
|
||||
|
||||
if registered_user_id is not None:
|
||||
logger.info(
|
||||
|
|
Loading…
Reference in a new issue