From 71abc16482d3f9174b1a76561688e2d649fef670 Mon Sep 17 00:00:00 2001 From: anoadragon453 Date: Sat, 21 Aug 2021 21:15:01 +0000 Subject: deploy: 947dbbdfd1e0029da66f956d277b7c089928e1e7 --- develop/usage/administration/admin_api/index.html | 2 +- .../admin_api/registration_tokens.html | 492 +++++++++++++++++++++ develop/usage/administration/index.html | 2 +- develop/usage/administration/request_log.html | 2 +- .../configuration/homeserver_sample_config.html | 17 +- develop/usage/configuration/index.html | 2 +- .../usage/configuration/logging_sample_config.html | 2 +- .../configuration/user_authentication/index.html | 2 +- 8 files changed, 514 insertions(+), 7 deletions(-) create mode 100644 develop/usage/administration/admin_api/registration_tokens.html (limited to 'develop/usage') diff --git a/develop/usage/administration/admin_api/index.html b/develop/usage/administration/admin_api/index.html index 052d7113be..aae1dc9730 100644 --- a/develop/usage/administration/admin_api/index.html +++ b/develop/usage/administration/admin_api/index.html @@ -99,7 +99,7 @@ diff --git a/develop/usage/administration/admin_api/registration_tokens.html b/develop/usage/administration/admin_api/registration_tokens.html new file mode 100644 index 0000000000..e1d365463a --- /dev/null +++ b/develop/usage/administration/admin_api/registration_tokens.html @@ -0,0 +1,492 @@ + + + + + + Registration Tokens - Synapse + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
+ + + + + + + + + + + +
+
+ +
+ +
+ +

Registration Tokens

+

This API allows you to manage tokens which can be used to authenticate +registration requests, as proposed in MSC3231. +To use it, you will need to enable the registration_requires_token config +option, and authenticate by providing an access_token for a server admin: +see Admin API. +Note that this API is still experimental; not all clients may support it yet.

+

Registration token objects

+

Most endpoints make use of JSON objects that contain details about tokens. +These objects have the following fields:

+
    +
  • token: The token which can be used to authenticate registration.
  • +
  • uses_allowed: The number of times the token can be used to complete a +registration before it becomes invalid.
  • +
  • pending: The number of pending uses the token has. When someone uses +the token to authenticate themselves, the pending counter is incremented +so that the token is not used more than the permitted number of times. +When the person completes registration the pending counter is decremented, +and the completed counter is incremented.
  • +
  • completed: The number of times the token has been used to successfully +complete a registration.
  • +
  • expiry_time: The latest time the token is valid. Given as the number of +milliseconds since 1970-01-01 00:00:00 UTC (the start of the Unix epoch). +To convert this into a human-readable form you can remove the milliseconds +and use the date command. For example, date -d '@1625394937'.
  • +
+

List all tokens

+

Lists all tokens and details about them. If the request is successful, the top +level JSON object will have a registration_tokens key which is an array of +registration token objects.

+
GET /_synapse/admin/v1/registration_tokens
+
+

Optional query parameters:

+
    +
  • valid: true or false. If true, only valid tokens are returned. +If false, only tokens that have expired or have had all uses exhausted are +returned. If omitted, all tokens are returned regardless of validity.
  • +
+

Example:

+
GET /_synapse/admin/v1/registration_tokens
+
+
200 OK
+
+{
+    "registration_tokens": [
+        {
+            "token": "abcd",
+            "uses_allowed": 3,
+            "pending": 0,
+            "completed": 1,
+            "expiry_time": null
+        },
+        {
+            "token": "pqrs",
+            "uses_allowed": 2,
+            "pending": 1,
+            "completed": 1,
+            "expiry_time": null
+        },
+        {
+            "token": "wxyz",
+            "uses_allowed": null,
+            "pending": 0,
+            "completed": 9,
+            "expiry_time": 1625394937000    // 2021-07-04 10:35:37 UTC
+        }
+    ]
+}
+
+

Example using the valid query parameter:

+
GET /_synapse/admin/v1/registration_tokens?valid=false
+
+
200 OK
+
+{
+    "registration_tokens": [
+        {
+            "token": "pqrs",
+            "uses_allowed": 2,
+            "pending": 1,
+            "completed": 1,
+            "expiry_time": null
+        },
+        {
+            "token": "wxyz",
+            "uses_allowed": null,
+            "pending": 0,
+            "completed": 9,
+            "expiry_time": 1625394937000    // 2021-07-04 10:35:37 UTC
+        }
+    ]
+}
+
+

Get one token

+

Get details about a single token. If the request is successful, the response +body will be a registration token object.

+
GET /_synapse/admin/v1/registration_tokens/<token>
+
+

Path parameters:

+
    +
  • token: The registration token to return details of.
  • +
+

Example:

+
GET /_synapse/admin/v1/registration_tokens/abcd
+
+
200 OK
+
+{
+    "token": "abcd",
+    "uses_allowed": 3,
+    "pending": 0,
+    "completed": 1,
+    "expiry_time": null
+}
+
+

Create token

+

Create a new registration token. If the request is successful, the newly created +token will be returned as a registration token object in the response body.

+
POST /_synapse/admin/v1/registration_tokens/new
+
+

The request body must be a JSON object and can contain the following fields:

+
    +
  • token: The registration token. A string of no more than 64 characters that +consists only of characters matched by the regex [A-Za-z0-9-_]. +Default: randomly generated.
  • +
  • uses_allowed: The integer number of times the token can be used to complete +a registration before it becomes invalid. +Default: null (unlimited uses).
  • +
  • expiry_time: The latest time the token is valid. Given as the number of +milliseconds since 1970-01-01 00:00:00 UTC (the start of the Unix epoch). +You could use, for example, date '+%s000' -d 'tomorrow'. +Default: null (token does not expire).
  • +
  • length: The length of the token randomly generated if token is not +specified. Must be between 1 and 64 inclusive. Default: 16.
  • +
+

If a field is omitted the default is used.

+

Example using defaults:

+
POST /_synapse/admin/v1/registration_tokens/new
+
+{}
+
+
200 OK
+
+{
+    "token": "0M-9jbkf2t_Tgiw1",
+    "uses_allowed": null,
+    "pending": 0,
+    "completed": 0,
+    "expiry_time": null
+}
+
+

Example specifying some fields:

+
POST /_synapse/admin/v1/registration_tokens/new
+
+{
+    "token": "defg",
+    "uses_allowed": 1
+}
+
+
200 OK
+
+{
+    "token": "defg",
+    "uses_allowed": 1,
+    "pending": 0,
+    "completed": 0,
+    "expiry_time": null
+}
+
+

Update token

+

Update the number of allowed uses or expiry time of a token. If the request is +successful, the updated token will be returned as a registration token object +in the response body.

+
PUT /_synapse/admin/v1/registration_tokens/<token>
+
+

Path parameters:

+
    +
  • token: The registration token to update.
  • +
+

The request body must be a JSON object and can contain the following fields:

+
    +
  • uses_allowed: The integer number of times the token can be used to complete +a registration before it becomes invalid. By setting uses_allowed to 0 +the token can be easily made invalid without deleting it. +If null the token will have an unlimited number of uses.
  • +
  • expiry_time: The latest time the token is valid. Given as the number of +milliseconds since 1970-01-01 00:00:00 UTC (the start of the Unix epoch). +If null the token will not expire.
  • +
+

If a field is omitted its value is not modified.

+

Example:

+
PUT /_synapse/admin/v1/registration_tokens/defg
+
+{
+    "expiry_time": 4781243146000    // 2121-07-06 11:05:46 UTC
+}
+
+
200 OK
+
+{
+    "token": "defg",
+    "uses_allowed": 1,
+    "pending": 0,
+    "completed": 0,
+    "expiry_time": 4781243146000
+}
+
+

Delete token

+

Delete a registration token. If the request is successful, the response body +will be an empty JSON object.

+
DELETE /_synapse/admin/v1/registration_tokens/<token>
+
+

Path parameters:

+
    +
  • token: The registration token to delete.
  • +
+

Example:

+
DELETE /_synapse/admin/v1/registration_tokens/wxyz
+
+
200 OK
+
+{}
+
+

Errors

+

If a request fails a "standard error response" will be returned as defined in +the Matrix Client-Server API specification.

+

For example, if the token specified in a path parameter does not exist a +404 Not Found error will be returned.

+
GET /_synapse/admin/v1/registration_tokens/1234
+
+
404 Not Found
+
+{
+    "errcode": "M_NOT_FOUND",
+    "error": "No such registration token: 1234"
+}
+
+ +
+ + +
+
+ + + +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/develop/usage/administration/index.html b/develop/usage/administration/index.html index 09dba0be7a..9718d330b6 100644 --- a/develop/usage/administration/index.html +++ b/develop/usage/administration/index.html @@ -99,7 +99,7 @@ diff --git a/develop/usage/administration/request_log.html b/develop/usage/administration/request_log.html index d1c8d0e091..6fe44a5d7c 100644 --- a/develop/usage/administration/request_log.html +++ b/develop/usage/administration/request_log.html @@ -99,7 +99,7 @@ diff --git a/develop/usage/configuration/homeserver_sample_config.html b/develop/usage/configuration/homeserver_sample_config.html index ed8948febe..c0679bfb48 100644 --- a/develop/usage/configuration/homeserver_sample_config.html +++ b/develop/usage/configuration/homeserver_sample_config.html @@ -99,7 +99,7 @@ @@ -985,6 +985,8 @@ log_config: "CONFDIR/SERVERNAME.log.config" # is using # - one for registration that ratelimits registration requests based on the # client's IP address. +# - one for checking the validity of registration tokens that ratelimits +# requests based on the client's IP address. # - one for login that ratelimits login requests based on the client's IP # address. # - one for login that ratelimits login requests based on the account the @@ -1013,6 +1015,10 @@ log_config: "CONFDIR/SERVERNAME.log.config" # per_second: 0.17 # burst_count: 3 # +#rc_registration_token_validity: +# per_second: 0.1 +# burst_count: 5 +# #rc_login: # address: # per_second: 0.17 @@ -1361,6 +1367,15 @@ url_preview_accept_language: # #enable_3pid_lookup: true +# Require users to submit a token during registration. +# Tokens can be managed using the admin API: +# https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/registration_tokens.html +# Note that `enable_registration` must be set to `true`. +# Disabling this option will not delete any tokens previously generated. +# Defaults to false. Uncomment the following to require tokens: +# +#registration_requires_token: true + # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. # diff --git a/develop/usage/configuration/index.html b/develop/usage/configuration/index.html index 5ff734d223..1e22f12e05 100644 --- a/develop/usage/configuration/index.html +++ b/develop/usage/configuration/index.html @@ -99,7 +99,7 @@ diff --git a/develop/usage/configuration/logging_sample_config.html b/develop/usage/configuration/logging_sample_config.html index d409c06d33..de8111075d 100644 --- a/develop/usage/configuration/logging_sample_config.html +++ b/develop/usage/configuration/logging_sample_config.html @@ -99,7 +99,7 @@ diff --git a/develop/usage/configuration/user_authentication/index.html b/develop/usage/configuration/user_authentication/index.html index 646cc00648..4c55ce8e61 100644 --- a/develop/usage/configuration/user_authentication/index.html +++ b/develop/usage/configuration/user_authentication/index.html @@ -99,7 +99,7 @@ -- cgit 1.5.1