| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Adrian Tschira <nota@notafile.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the handling of auto_join_rooms only works when a user
registers itself via public register api. Registrations via
registration_shared_secret and ModuleApi do not work
This auto_joins the users in the registration handler which enables
the auto join feature for all 3 registration paths.
This is related to issue #2725
Signed-Off-by: Matthias Kesler <krombel@krombel.de>
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
* [ ] split config options into allowed_local_3pids and registrations_require_3pid
* [ ] simplify and comment logic for picking registration flows
* [ ] fix docstring and move check_3pid_allowed into a new util module
* [ ] use check_3pid_allowed everywhere
@erikjohnston PTAL
|
| |
|
|
|
|
|
| |
lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with.
Typically useful for stopping people from registering with non-work emails
|
|
|
|
|
| |
Instead of returning False when auth is incomplete, throw an exception which
can be caught with a wrapper.
|
|
|
|
| |
Explain why we don't validate userids registered via app services
|
| |
|
|
|
|
|
|
| |
Force username to lowercase before attempting to register
https://github.com/matrix-org/synapse/issues/2660
|
|
|
|
| |
Allow things to pass inhibit_login when registering to ... inhibit logins.
|
|
|
|
|
|
|
|
|
| |
I'm going to need to make the device_handler depend on the auth_handler, so I
need to break this dependency to avoid a cycle.
It turns out that the auth_handler was only using the device_handler in one
place which was an edge case which we can more elegantly handle by throwing an
error rather than fixing it up.
|
|
|
|
|
| |
New users who register on the server will be dumped into all rooms in
auto_join_rooms in the config.
|
|
|
|
|
|
|
| |
- GET is now the method for register/available
- a query parameter "username" is now used
Also, empty usernames are now handled with an error message on registration or via register/available: `User ID cannot be empty`
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Outlined here: https://github.com/vector-im/riot-web/issues/3605#issuecomment-298679388
```HTTP
GET /_matrix/.../register/available
{
"username": "desiredlocalpart123"
}
```
If available, the response looks like
```HTTP
HTTP/1.1 200 OK
{
"available": true
}
```
Otherwise,
```HTTP
HTTP/1.1 429
{
"errcode": "M_LIMIT_EXCEEDED",
"error": "Too Many Requests",
"retry_after_ms": 2000
}
```
or
```HTTP
HTTP/1.1 400
{
"errcode": "M_USER_IN_USE",
"error": "User ID already taken."
}
```
or
```HTTP
HTTP/1.1 400
{
"errcode": "M_INVALID_USERNAME",
"error": "Some reason for username being invalid"
}
```
|
| |
|
| |
|
| |
|
|
|
|
| |
Only offer msisdn flows if the x_show_msisdn option is given.
|
|
|
|
| |
Changes from https://github.com/matrix-org/synapse/pull/1971
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
and replace requestEmailToken where we meant requestMsisdnToken
|
|
|
|
| |
Plus a couple of other minor fixes
|
| |
|
|
|
|
| |
and support binding them with the bind_msisdn param
|
| |
|
|
|
|
|
|
| |
This was broken when device list updates were implemented, as Mailer
could no longer instantiate an AuthHandler due to a dependency on
federation sending.
|
|
|
|
| |
Remove refresh_token reference
|
|
|
|
|
|
|
|
| |
We might as well treat all refresh_tokens as invalid. Just return a 403 from
/tokenrefresh, so that we don't have a load of dead, untestable code hanging
around.
Still TODO: removing the table from the schema.
|
|\ |
|
| |
| |
| |
| |
| | |
We need to create devices for guests so that they can use e2e, but we don't
have anywhere to store it, so just use a fixed one.
|
|/
|
|
|
|
|
| |
Since we're not doing refresh tokens any more, we should start killing off the
dead code paths. /tokenrefresh itself is a bit of a thornier subject, since
there might be apps out there using it, but we can at least not generate
refresh tokens on new logins.
|
| |
|
|
|
|
|
| |
Works around https://github.com/vector-im/vector-android/issues/715
and equivalent for iOS
|
|
|
|
|
|
| |
Rather than reimplementing the token parsing in the various places.
This will make it easier to change the token parsing to allow access_tokens
in HTTP headers.
|
| |
|
|
|
|
| |
Synapse was not adding email addresses to accounts registered with an email address, due to too many different variables called 'result'. Rename both of them. Also remove the defer.returnValue() with no params because that's not a thing.
|
| |
|
|
|
|
|
| |
device_id may only be passed in the first call to /register, so make sure we
fish it out of the register `params` rather than the body of the final call.
|
|
|
|
|
|
|
|
|
|
| |
This doesn't cover *all* of the registration flows, but it does cover the most
common ones: in particular: shared_secret registration, appservice
registration, and normal user/pass registration.
Pull device_id from the registration parameters. Register the device in the
devices table. Associate the device with the returned access and refresh
tokens. Profit.
|
|\
| |
| | |
Type annotations
|
| |
| |
| |
| |
| | |
Add some type annotations to help PyCharm (in particular) to figure out the
types of a bunch of things.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
* `RegistrationHandler.appservice_register` no longer issues an access token:
instead it is left for the caller to do it. (There are two of these, one in
`synapse/rest/client/v1/register.py`, which now simply calls
`AuthHandler.issue_access_token`, and the other in
`synapse/rest/client/v2_alpha/register.py`, which is covered below).
* In `synapse/rest/client/v2_alpha/register.py`, move the generation of
access_tokens into `_create_registration_details`. This means that the normal
flow no longer needs to call `AuthHandler.issue_access_token`; the
shared-secret flow can tell `RegistrationHandler.register` not to generate a
token; and the appservice flow continues to work despite the above change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is meant to be an *almost* non-functional change, with the exception that
it fixes what looks a lot like a bug in that it only calls
`auth_handler.add_threepid` and `add_pusher` once instead of three times.
The idea is to move the generation of the `access_token` out of
`registration_handler.register`, because `access_token`s now require a
device_id, and we only want to generate a device_id once registration has been
successful.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
If they registered with an email address and email notifs are enabled on the HS
|
|
|
|
|
|
| |
The spec is clear the key should be 'user' not 'username' and this is indeed
the case for v1. This is not true for v2_alpha though, which is what this
commit is fixing.
|
| |
|
| |
|
|
|
|
| |
a username.
|
| |
|
|
|
|
| |
you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions.
|
|
|
|
| |
Guest registration still doesn't return refresh_token
|
|
|
|
|
| |
to deduplicate all the copy+pasted _parse_json functions. Also document
the parse_.* functions.
|
| |
|
| |
|
|
|
|
| |
break if you open the email on a different device.
|
|
|
|
| |
not. Use this so we can run _filter_events_for_client when calculating event_push_actions.
|
| |
|
| |
|
|
|
|
|
|
|
| |
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
|
|\
| |
| | |
Changes for unique emails
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| | |
email is in use on this Home Server.
|
|/
|
|
|
|
|
|
|
| |
* Merge LoginHandler -> AuthHandler
* Add a bunch of documentation
* Improve some naming
* Remove unused branches
I will start merging the actual logic of the two handlers shortly
|
|
|
|
| |
been saved in the auth layer)
|
|
|
|
| |
Namely this means using registration_handler.appservice_register.
|
|
|
|
|
|
|
|
| |
V2 Registration forced everyone (including ASes) to create a password for a
user, when ASes should be able to omit passwords. Also unbreak AS registration
in general which checked too early if the given username was claimed by an AS;
it was checked before knowing if the AS was the one doing the registration! Add
unit tests for AS reg, user reg and disabled_registration flag.
|
| |
|
|
|
|
| |
user-interactive auth call.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
it just succeeding
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
* Now only the auth part goes to fallback, not the whole operation
* Auth fallback is a normal API endpoint, not a static page
* Params like the recaptcha pubkey can just live in the config
Involves a little engineering on JsonResource so its servlets aren't always forced to return JSON. I should document this more, in fact I'll do that now.
|
| |
|
|
|