forked from MirrorHub/synapse
Incorporate Dave's work for GDPR login flows
As per https://github.com/vector-im/riot-web/issues/7168#issuecomment-419996117
This commit is contained in:
parent
8935ec5a93
commit
fd99787162
4 changed files with 40 additions and 0 deletions
|
@ -51,6 +51,7 @@ class LoginType(object):
|
|||
EMAIL_IDENTITY = u"m.login.email.identity"
|
||||
MSISDN = u"m.login.msisdn"
|
||||
RECAPTCHA = u"m.login.recaptcha"
|
||||
TERMS = u"m.login.terms"
|
||||
DUMMY = u"m.login.dummy"
|
||||
|
||||
# Only for C/S API v1
|
||||
|
|
|
@ -59,6 +59,7 @@ class AuthHandler(BaseHandler):
|
|||
LoginType.EMAIL_IDENTITY: self._check_email_identity,
|
||||
LoginType.MSISDN: self._check_msisdn,
|
||||
LoginType.DUMMY: self._check_dummy_auth,
|
||||
LoginType.TERMS: self._check_terms_auth,
|
||||
}
|
||||
self.bcrypt_rounds = hs.config.bcrypt_rounds
|
||||
|
||||
|
@ -431,6 +432,9 @@ class AuthHandler(BaseHandler):
|
|||
def _check_dummy_auth(self, authdict, _):
|
||||
return defer.succeed(True)
|
||||
|
||||
def _check_terms_auth(self, authdict, _):
|
||||
return defer.succeed(True)
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def _check_threepid(self, medium, authdict):
|
||||
if 'threepid_creds' not in authdict:
|
||||
|
|
|
@ -130,6 +130,26 @@ class AuthRestServlet(RestServlet):
|
|||
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
|
||||
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
|
||||
|
||||
request.write(html_bytes)
|
||||
finish_request(request)
|
||||
defer.returnValue(None)
|
||||
elif stagetype == LoginType.TERMS:
|
||||
session = request.args['session'][0]
|
||||
authdict = {
|
||||
'session': session,
|
||||
}
|
||||
success = yield self.auth_handler.add_oob_auth(
|
||||
LoginType.TERMS,
|
||||
authdict,
|
||||
self.hs.get_ip_from_request(request)
|
||||
)
|
||||
|
||||
html = "<html><body>hai</body></html>"
|
||||
html_bytes = html.encode("utf8")
|
||||
request.setResponseCode(200)
|
||||
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
|
||||
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
|
||||
|
||||
request.write(html_bytes)
|
||||
finish_request(request)
|
||||
defer.returnValue(None)
|
||||
|
|
|
@ -359,6 +359,21 @@ class RegisterRestServlet(RestServlet):
|
|||
[LoginType.MSISDN, LoginType.EMAIL_IDENTITY]
|
||||
])
|
||||
|
||||
if self.hs.config.block_events_without_consent_error is not None:
|
||||
new_flows = []
|
||||
for flow in flows:
|
||||
# To only allow registration if completing GDPR auth,
|
||||
# making clients that don't support it use fallback auth.
|
||||
#flow.append(LoginType.TERMS)
|
||||
|
||||
# or to duplicate all the flows above with the GDPR flow on the
|
||||
# end so clients that support it can use it but clients that don't
|
||||
# continue to consent via the DM from server notices bot.
|
||||
new_flows.extend([
|
||||
flow + [LoginType.TERMS]
|
||||
])
|
||||
flows.extend(new_flows)
|
||||
|
||||
auth_result, params, session_id = yield self.auth_handler.check_auth(
|
||||
flows, body, self.hs.get_ip_from_request(request)
|
||||
)
|
||||
|
|
Loading…
Reference in a new issue