diff options
| author | Daniel Wagner-Hall <dawagner@gmail.com> | 2016-02-05 01:58:36 +0000 |
|---|---|---|
| committer | Daniel Wagner-Hall <dawagner@gmail.com> | 2016-02-05 01:58:36 +0000 |
| commit | db0da033eb1013e19042b6c7e8d3ccfd80bf9d6f (patch) | |
| tree | e0459fc07083e15dc4dd1871c446d762b87c1f4e /synapse/config/registration.py | |
| parent | Merge pull request #557 from matrix-org/dbkr/profile_dont_return_null (diff) | |
| parent | Error if macaroon key is missing from config (diff) | |
| download | synapse-db0da033eb1013e19042b6c7e8d3ccfd80bf9d6f.tar.xz | |
Merge pull request #558 from matrix-org/daniel/config
Error if macaroon key is missing from config Currently we store all access tokens in the DB, and fall back to that check if we can't validate the macaroon, so our fallback works here, but for guests, their macaroons don't get persisted, so we don't get to find them in the database. Each restart, we generate a new ephemeral key, so guests lose access after each server restart. I tried to fix up the config stuff to be less insane, but gave up, so instead I bolt on yet another piece of custom one-off insanity. Also, add some basic tests for config generation and loading.
Diffstat (limited to 'synapse/config/registration.py')
| -rw-r--r-- | synapse/config/registration.py | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 90ea19bd4b..9b6dacc5b8 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -33,12 +33,24 @@ class RegistrationConfig(Config): self.registration_shared_secret = config.get("registration_shared_secret") self.macaroon_secret_key = config.get("macaroon_secret_key") + if self.macaroon_secret_key is None: + raise Exception( + "Config is missing missing macaroon_secret_key - please set it" + " in your config file." + ) self.bcrypt_rounds = config.get("bcrypt_rounds", 12) self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"] self.allow_guest_access = config.get("allow_guest_access", False) - def default_config(self, **kwargs): + def default_config(self, is_generating_file=False, **kwargs): registration_shared_secret = random_string_with_symbols(50) + + macaroon_line = "" + if is_generating_file: + macaroon_line += '\n macaroon_secret_key: "%s"\n' % ( + random_string_with_symbols(50), + ) + macaroon_secret_key = random_string_with_symbols(50) return """\ ## Registration ## @@ -49,9 +61,7 @@ class RegistrationConfig(Config): # If set, allows registration by anyone who also has the shared # secret, even if registration is otherwise disabled. registration_shared_secret: "%(registration_shared_secret)s" - - macaroon_secret_key: "%(macaroon_secret_key)s" - +%(macaroon_line)s # Set the number of bcrypt rounds used to generate password hash. # Larger numbers increase the work factor needed to generate the hash. # The default number of rounds is 12. |