summary refs log tree commit diff
path: root/synapse/config/registration.py
diff options
context:
space:
mode:
authorDaniel Wagner-Hall <dawagner@gmail.com>2016-02-05 01:58:36 +0000
committerDaniel Wagner-Hall <dawagner@gmail.com>2016-02-05 01:58:36 +0000
commitdb0da033eb1013e19042b6c7e8d3ccfd80bf9d6f (patch)
treee0459fc07083e15dc4dd1871c446d762b87c1f4e /synapse/config/registration.py
parentMerge pull request #557 from matrix-org/dbkr/profile_dont_return_null (diff)
parentError if macaroon key is missing from config (diff)
downloadsynapse-db0da033eb1013e19042b6c7e8d3ccfd80bf9d6f.tar.xz
Merge pull request #558 from matrix-org/daniel/config
Error if macaroon key is missing from config

Currently we store all access tokens in the DB, and fall back to that
check if we can't validate the macaroon, so our fallback works here, but
for guests, their macaroons don't get persisted, so we don't get to
find them in the database. Each restart, we generate a new ephemeral
key, so guests lose access after each server restart.

I tried to fix up the config stuff to be less insane, but gave up, so
instead I bolt on yet another piece of custom one-off insanity.

Also, add some basic tests for config generation and loading.
Diffstat (limited to 'synapse/config/registration.py')
-rw-r--r--synapse/config/registration.py18
1 files changed, 14 insertions, 4 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index 90ea19bd4b..9b6dacc5b8 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -33,12 +33,24 @@ class RegistrationConfig(Config):
 
         self.registration_shared_secret = config.get("registration_shared_secret")
         self.macaroon_secret_key = config.get("macaroon_secret_key")
+        if self.macaroon_secret_key is None:
+            raise Exception(
+                "Config is missing missing macaroon_secret_key - please set it"
+                " in your config file."
+            )
         self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
         self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
         self.allow_guest_access = config.get("allow_guest_access", False)
 
-    def default_config(self, **kwargs):
+    def default_config(self, is_generating_file=False, **kwargs):
         registration_shared_secret = random_string_with_symbols(50)
+
+        macaroon_line = ""
+        if is_generating_file:
+            macaroon_line += '\n        macaroon_secret_key: "%s"\n' % (
+                random_string_with_symbols(50),
+            )
+
         macaroon_secret_key = random_string_with_symbols(50)
         return """\
         ## Registration ##
@@ -49,9 +61,7 @@ class RegistrationConfig(Config):
         # If set, allows registration by anyone who also has the shared
         # secret, even if registration is otherwise disabled.
         registration_shared_secret: "%(registration_shared_secret)s"
-
-        macaroon_secret_key: "%(macaroon_secret_key)s"
-
+%(macaroon_line)s
         # Set the number of bcrypt rounds used to generate password hash.
         # Larger numbers increase the work factor needed to generate the hash.
         # The default number of rounds is 12.