diff options
author | Amber Brown <hawkowl@atleastfornow.net> | 2018-07-20 22:41:13 +1000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-20 22:41:13 +1000 |
commit | e1a237eaabf0ba37f242897700f9bf00729976b8 (patch) | |
tree | 61b5addbdf6df58fe558c5951eb113521c7c7c89 /docs/admin_api/register_api.rst | |
parent | Merge pull request #3564 from matrix-org/hawkowl/markdown (diff) | |
download | synapse-e1a237eaabf0ba37f242897700f9bf00729976b8.tar.xz |
Admin API for creating new users (#3415)
Diffstat (limited to 'docs/admin_api/register_api.rst')
-rw-r--r-- | docs/admin_api/register_api.rst | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/docs/admin_api/register_api.rst b/docs/admin_api/register_api.rst new file mode 100644 index 0000000000..209cd140fd --- /dev/null +++ b/docs/admin_api/register_api.rst @@ -0,0 +1,63 @@ +Shared-Secret Registration +========================== + +This API allows for the creation of users in an administrative and +non-interactive way. This is generally used for bootstrapping a Synapse +instance with administrator accounts. + +To authenticate yourself to the server, you will need both the shared secret +(``registration_shared_secret`` in the homeserver configuration), and a +one-time nonce. If the registration shared secret is not configured, this API +is not enabled. + +To fetch the nonce, you need to request one from the API:: + + > GET /_matrix/client/r0/admin/register + + < {"nonce": "thisisanonce"} + +Once you have the nonce, you can make a ``POST`` to the same URL with a JSON +body containing the nonce, username, password, whether they are an admin +(optional, False by default), and a HMAC digest of the content. + +As an example:: + + > POST /_matrix/client/r0/admin/register + > { + "nonce": "thisisanonce", + "username": "pepper_roni", + "password": "pizza", + "admin": true, + "mac": "mac_digest_here" + } + + < { + "access_token": "token_here", + "user_id": "@pepper_roni@test", + "home_server": "test", + "device_id": "device_id_here" + } + +The MAC is the hex digest output of the HMAC-SHA1 algorithm, with the key being +the shared secret and the content being the nonce, user, password, and either +the string "admin" or "notadmin", each separated by NULs. For an example of +generation in Python:: + + import hmac, hashlib + + def generate_mac(nonce, user, password, admin=False): + + mac = hmac.new( + key=shared_secret, + digestmod=hashlib.sha1, + ) + + mac.update(nonce.encode('utf8')) + mac.update(b"\x00") + mac.update(user.encode('utf8')) + mac.update(b"\x00") + mac.update(password.encode('utf8')) + mac.update(b"\x00") + mac.update(b"admin" if admin else b"notadmin") + + return mac.hexdigest() |