forked from MirrorHub/synapse
Incorporate Dave's work for GDPR login flows
As per https://github.com/vector-im/riot-web/issues/7168#issuecomment-419996117
This commit is contained in:
parent
8935ec5a93
commit
fd99787162
4 changed files with 40 additions and 0 deletions
|
@ -51,6 +51,7 @@ class LoginType(object):
|
||||||
EMAIL_IDENTITY = u"m.login.email.identity"
|
EMAIL_IDENTITY = u"m.login.email.identity"
|
||||||
MSISDN = u"m.login.msisdn"
|
MSISDN = u"m.login.msisdn"
|
||||||
RECAPTCHA = u"m.login.recaptcha"
|
RECAPTCHA = u"m.login.recaptcha"
|
||||||
|
TERMS = u"m.login.terms"
|
||||||
DUMMY = u"m.login.dummy"
|
DUMMY = u"m.login.dummy"
|
||||||
|
|
||||||
# Only for C/S API v1
|
# Only for C/S API v1
|
||||||
|
|
|
@ -59,6 +59,7 @@ class AuthHandler(BaseHandler):
|
||||||
LoginType.EMAIL_IDENTITY: self._check_email_identity,
|
LoginType.EMAIL_IDENTITY: self._check_email_identity,
|
||||||
LoginType.MSISDN: self._check_msisdn,
|
LoginType.MSISDN: self._check_msisdn,
|
||||||
LoginType.DUMMY: self._check_dummy_auth,
|
LoginType.DUMMY: self._check_dummy_auth,
|
||||||
|
LoginType.TERMS: self._check_terms_auth,
|
||||||
}
|
}
|
||||||
self.bcrypt_rounds = hs.config.bcrypt_rounds
|
self.bcrypt_rounds = hs.config.bcrypt_rounds
|
||||||
|
|
||||||
|
@ -431,6 +432,9 @@ class AuthHandler(BaseHandler):
|
||||||
def _check_dummy_auth(self, authdict, _):
|
def _check_dummy_auth(self, authdict, _):
|
||||||
return defer.succeed(True)
|
return defer.succeed(True)
|
||||||
|
|
||||||
|
def _check_terms_auth(self, authdict, _):
|
||||||
|
return defer.succeed(True)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def _check_threepid(self, medium, authdict):
|
def _check_threepid(self, medium, authdict):
|
||||||
if 'threepid_creds' not in authdict:
|
if 'threepid_creds' not in authdict:
|
||||||
|
|
|
@ -130,6 +130,26 @@ class AuthRestServlet(RestServlet):
|
||||||
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
|
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
|
||||||
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
|
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
|
||||||
|
|
||||||
|
request.write(html_bytes)
|
||||||
|
finish_request(request)
|
||||||
|
defer.returnValue(None)
|
||||||
|
elif stagetype == LoginType.TERMS:
|
||||||
|
session = request.args['session'][0]
|
||||||
|
authdict = {
|
||||||
|
'session': session,
|
||||||
|
}
|
||||||
|
success = yield self.auth_handler.add_oob_auth(
|
||||||
|
LoginType.TERMS,
|
||||||
|
authdict,
|
||||||
|
self.hs.get_ip_from_request(request)
|
||||||
|
)
|
||||||
|
|
||||||
|
html = "<html><body>hai</body></html>"
|
||||||
|
html_bytes = html.encode("utf8")
|
||||||
|
request.setResponseCode(200)
|
||||||
|
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
|
||||||
|
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
|
||||||
|
|
||||||
request.write(html_bytes)
|
request.write(html_bytes)
|
||||||
finish_request(request)
|
finish_request(request)
|
||||||
defer.returnValue(None)
|
defer.returnValue(None)
|
||||||
|
|
|
@ -359,6 +359,21 @@ class RegisterRestServlet(RestServlet):
|
||||||
[LoginType.MSISDN, LoginType.EMAIL_IDENTITY]
|
[LoginType.MSISDN, LoginType.EMAIL_IDENTITY]
|
||||||
])
|
])
|
||||||
|
|
||||||
|
if self.hs.config.block_events_without_consent_error is not None:
|
||||||
|
new_flows = []
|
||||||
|
for flow in flows:
|
||||||
|
# To only allow registration if completing GDPR auth,
|
||||||
|
# making clients that don't support it use fallback auth.
|
||||||
|
#flow.append(LoginType.TERMS)
|
||||||
|
|
||||||
|
# or to duplicate all the flows above with the GDPR flow on the
|
||||||
|
# end so clients that support it can use it but clients that don't
|
||||||
|
# continue to consent via the DM from server notices bot.
|
||||||
|
new_flows.extend([
|
||||||
|
flow + [LoginType.TERMS]
|
||||||
|
])
|
||||||
|
flows.extend(new_flows)
|
||||||
|
|
||||||
auth_result, params, session_id = yield self.auth_handler.check_auth(
|
auth_result, params, session_id = yield self.auth_handler.check_auth(
|
||||||
flows, body, self.hs.get_ip_from_request(request)
|
flows, body, self.hs.get_ip_from_request(request)
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue