summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2016-03-14 15:50:40 +0000
committerErik Johnston <erik@matrix.org>2016-03-14 15:50:40 +0000
commit590fbbef03c21308c8ff038541b7ef6d33f9c5fa (patch)
treefba4b3fd65c8a3a133de3611ba024bc0bea682d1
parentReturn list, not generator. (diff)
downloadsynapse-590fbbef03c21308c8ff038541b7ef6d33f9c5fa.tar.xz
Add config to create guest account on 3pid invite
Currently, when a 3pid invite request is sent to an identity server, it
includes a provisioned guest access token. This allows the link in the,
say, invite email to include the guest access token ensuring that the
same account is used each time the link is clicked.

This flow has a number of flaws, including when using different servers
or servers that have guest access disabled.

For now, we keep this implementation but hide it behind a config option
until a better flow is implemented.
Diffstat (limited to '')
-rw-r--r--synapse/config/registration.py4
-rw-r--r--synapse/handlers/room.py57
2 files changed, 36 insertions, 25 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index ab062d528c..87e500c97a 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -37,6 +37,10 @@ class RegistrationConfig(Config):
         self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
         self.allow_guest_access = config.get("allow_guest_access", False)
 
+        self.invite_3pid_guest = (
+            self.allow_guest_access and config.get("invite_3pid_guest", False)
+        )
+
     def default_config(self, **kwargs):
         registration_shared_secret = random_string_with_symbols(50)
 
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index 57113ae4a5..051468989f 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -877,36 +877,43 @@ class RoomMemberHandler(BaseHandler):
                 user.
         """
 
-        registration_handler = self.hs.get_handlers().registration_handler
-        guest_access_token = yield registration_handler.guest_access_token_for(
-            medium=medium,
-            address=address,
-            inviter_user_id=inviter_user_id,
-        )
-
-        guest_user_info = yield self.hs.get_auth().get_user_by_access_token(
-            guest_access_token
-        )
-
         is_url = "%s%s/_matrix/identity/api/v1/store-invite" % (
             id_server_scheme, id_server,
         )
+
+        invite_config = {
+            "medium": medium,
+            "address": address,
+            "room_id": room_id,
+            "room_alias": room_alias,
+            "room_avatar_url": room_avatar_url,
+            "room_join_rules": room_join_rules,
+            "room_name": room_name,
+            "sender": inviter_user_id,
+            "sender_display_name": inviter_display_name,
+            "sender_avatar_url": inviter_avatar_url,
+        }
+
+        if self.hs.config.invite_3pid_guest:
+            registration_handler = self.hs.get_handlers().registration_handler
+            guest_access_token = yield registration_handler.guest_access_token_for(
+                medium=medium,
+                address=address,
+                inviter_user_id=inviter_user_id,
+            )
+
+            guest_user_info = yield self.hs.get_auth().get_user_by_access_token(
+                guest_access_token
+            )
+
+            invite_config.update({
+                "guest_access_token": guest_access_token,
+                "guest_user_id": guest_user_info["user"].to_string(),
+            })
+
         data = yield self.hs.get_simple_http_client().post_urlencoded_get_json(
             is_url,
-            {
-                "medium": medium,
-                "address": address,
-                "room_id": room_id,
-                "room_alias": room_alias,
-                "room_avatar_url": room_avatar_url,
-                "room_join_rules": room_join_rules,
-                "room_name": room_name,
-                "sender": inviter_user_id,
-                "sender_display_name": inviter_display_name,
-                "sender_avatar_url": inviter_avatar_url,
-                "guest_user_id": guest_user_info["user"].to_string(),
-                "guest_access_token": guest_access_token,
-            }
+            invite_config
         )
         # TODO: Check for success
         token = data["token"]