forked from MirrorHub/synapse
Add option to enable token registration without requiring 3pids (#12526)
This commit is contained in:
parent
b76f1a4d5f
commit
e8d1ec0e92
5 changed files with 25 additions and 2 deletions
1
changelog.d/12526.feature
Normal file
1
changelog.d/12526.feature
Normal file
|
@ -0,0 +1 @@
|
|||
Add new `enable_registration_token_3pid_bypass` configuration option to allow registrations via token as an alternative to verifying a 3pid.
|
|
@ -1323,6 +1323,12 @@ oembed:
|
|||
#
|
||||
#registration_requires_token: true
|
||||
|
||||
# Allow users to submit a token during registration to bypass any required 3pid
|
||||
# steps configured in `registrations_require_3pid`.
|
||||
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
|
||||
#
|
||||
#enable_registration_token_3pid_bypass: false
|
||||
|
||||
# If set, allows registration of standard or admin accounts by anyone who
|
||||
# has the shared secret, even if registration is otherwise disabled.
|
||||
#
|
||||
|
|
|
@ -43,6 +43,9 @@ class RegistrationConfig(Config):
|
|||
self.registration_requires_token = config.get(
|
||||
"registration_requires_token", False
|
||||
)
|
||||
self.enable_registration_token_3pid_bypasss = config.get(
|
||||
"enable_registration_token_3pid_bypasss", False
|
||||
)
|
||||
self.registration_shared_secret = config.get("registration_shared_secret")
|
||||
|
||||
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
|
||||
|
@ -309,6 +312,12 @@ class RegistrationConfig(Config):
|
|||
#
|
||||
#registration_requires_token: true
|
||||
|
||||
# Allow users to submit a token during registration to bypass any required 3pid
|
||||
# steps configured in `registrations_require_3pid`.
|
||||
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
|
||||
#
|
||||
#enable_registration_token_3pid_bypass: false
|
||||
|
||||
# If set, allows registration of standard or admin accounts by anyone who
|
||||
# has the shared secret, even if registration is otherwise disabled.
|
||||
#
|
||||
|
|
|
@ -256,7 +256,9 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
|
|||
def __init__(self, hs: "HomeServer"):
|
||||
super().__init__(hs)
|
||||
self.hs = hs
|
||||
self._enabled = bool(hs.config.registration.registration_requires_token)
|
||||
self._enabled = bool(
|
||||
hs.config.registration.registration_requires_token
|
||||
) or bool(hs.config.registration.enable_registration_token_3pid_bypasss)
|
||||
self.store = hs.get_datastores().main
|
||||
|
||||
def is_enabled(self) -> bool:
|
||||
|
|
|
@ -929,6 +929,10 @@ def _calculate_registration_flows(
|
|||
# always let users provide both MSISDN & email
|
||||
flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY])
|
||||
|
||||
# Add a flow that doesn't require any 3pids, if the config requests it.
|
||||
if config.registration.enable_registration_token_3pid_bypasss:
|
||||
flows.append([LoginType.REGISTRATION_TOKEN])
|
||||
|
||||
# Prepend m.login.terms to all flows if we're requiring consent
|
||||
if config.consent.user_consent_at_registration:
|
||||
for flow in flows:
|
||||
|
@ -942,7 +946,8 @@ def _calculate_registration_flows(
|
|||
# Prepend registration token to all flows if we're requiring a token
|
||||
if config.registration.registration_requires_token:
|
||||
for flow in flows:
|
||||
flow.insert(0, LoginType.REGISTRATION_TOKEN)
|
||||
if LoginType.REGISTRATION_TOKEN not in flow:
|
||||
flow.insert(0, LoginType.REGISTRATION_TOKEN)
|
||||
|
||||
return flows
|
||||
|
||||
|
|
Loading…
Reference in a new issue