forked from MirrorHub/synapse
Add option to enable token registration without requiring 3pids (#12526)
This commit is contained in:
parent
b76f1a4d5f
commit
e8d1ec0e92
5 changed files with 25 additions and 2 deletions
1
changelog.d/12526.feature
Normal file
1
changelog.d/12526.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add new `enable_registration_token_3pid_bypass` configuration option to allow registrations via token as an alternative to verifying a 3pid.
|
|
@ -1323,6 +1323,12 @@ oembed:
|
||||||
#
|
#
|
||||||
#registration_requires_token: true
|
#registration_requires_token: true
|
||||||
|
|
||||||
|
# Allow users to submit a token during registration to bypass any required 3pid
|
||||||
|
# steps configured in `registrations_require_3pid`.
|
||||||
|
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
|
||||||
|
#
|
||||||
|
#enable_registration_token_3pid_bypass: false
|
||||||
|
|
||||||
# If set, allows registration of standard or admin accounts by anyone who
|
# If set, allows registration of standard or admin accounts by anyone who
|
||||||
# has the shared secret, even if registration is otherwise disabled.
|
# has the shared secret, even if registration is otherwise disabled.
|
||||||
#
|
#
|
||||||
|
|
|
@ -43,6 +43,9 @@ class RegistrationConfig(Config):
|
||||||
self.registration_requires_token = config.get(
|
self.registration_requires_token = config.get(
|
||||||
"registration_requires_token", False
|
"registration_requires_token", False
|
||||||
)
|
)
|
||||||
|
self.enable_registration_token_3pid_bypasss = config.get(
|
||||||
|
"enable_registration_token_3pid_bypasss", False
|
||||||
|
)
|
||||||
self.registration_shared_secret = config.get("registration_shared_secret")
|
self.registration_shared_secret = config.get("registration_shared_secret")
|
||||||
|
|
||||||
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
|
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
|
||||||
|
@ -309,6 +312,12 @@ class RegistrationConfig(Config):
|
||||||
#
|
#
|
||||||
#registration_requires_token: true
|
#registration_requires_token: true
|
||||||
|
|
||||||
|
# Allow users to submit a token during registration to bypass any required 3pid
|
||||||
|
# steps configured in `registrations_require_3pid`.
|
||||||
|
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
|
||||||
|
#
|
||||||
|
#enable_registration_token_3pid_bypass: false
|
||||||
|
|
||||||
# If set, allows registration of standard or admin accounts by anyone who
|
# If set, allows registration of standard or admin accounts by anyone who
|
||||||
# has the shared secret, even if registration is otherwise disabled.
|
# has the shared secret, even if registration is otherwise disabled.
|
||||||
#
|
#
|
||||||
|
|
|
@ -256,7 +256,9 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
|
||||||
def __init__(self, hs: "HomeServer"):
|
def __init__(self, hs: "HomeServer"):
|
||||||
super().__init__(hs)
|
super().__init__(hs)
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
self._enabled = bool(hs.config.registration.registration_requires_token)
|
self._enabled = bool(
|
||||||
|
hs.config.registration.registration_requires_token
|
||||||
|
) or bool(hs.config.registration.enable_registration_token_3pid_bypasss)
|
||||||
self.store = hs.get_datastores().main
|
self.store = hs.get_datastores().main
|
||||||
|
|
||||||
def is_enabled(self) -> bool:
|
def is_enabled(self) -> bool:
|
||||||
|
|
|
@ -929,6 +929,10 @@ def _calculate_registration_flows(
|
||||||
# always let users provide both MSISDN & email
|
# always let users provide both MSISDN & email
|
||||||
flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY])
|
flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY])
|
||||||
|
|
||||||
|
# Add a flow that doesn't require any 3pids, if the config requests it.
|
||||||
|
if config.registration.enable_registration_token_3pid_bypasss:
|
||||||
|
flows.append([LoginType.REGISTRATION_TOKEN])
|
||||||
|
|
||||||
# Prepend m.login.terms to all flows if we're requiring consent
|
# Prepend m.login.terms to all flows if we're requiring consent
|
||||||
if config.consent.user_consent_at_registration:
|
if config.consent.user_consent_at_registration:
|
||||||
for flow in flows:
|
for flow in flows:
|
||||||
|
@ -942,6 +946,7 @@ def _calculate_registration_flows(
|
||||||
# Prepend registration token to all flows if we're requiring a token
|
# Prepend registration token to all flows if we're requiring a token
|
||||||
if config.registration.registration_requires_token:
|
if config.registration.registration_requires_token:
|
||||||
for flow in flows:
|
for flow in flows:
|
||||||
|
if LoginType.REGISTRATION_TOKEN not in flow:
|
||||||
flow.insert(0, LoginType.REGISTRATION_TOKEN)
|
flow.insert(0, LoginType.REGISTRATION_TOKEN)
|
||||||
|
|
||||||
return flows
|
return flows
|
||||||
|
|
Loading…
Reference in a new issue