summary refs log tree commit diff
path: root/synapse/handlers/register.py
diff options
context:
space:
mode:
authorDaniel Wagner-Hall <daniel@matrix.org>2016-02-24 14:41:25 +0000
committerreview.rocks <nobody@review.rocks>2016-02-24 14:41:25 +0000
commit33300673b7a6f79802f691ac121e720cb44c0dfc (patch)
treee093e52c405849706fc2b6d55cb74259eac2a64f /synapse/handlers/register.py
parentIgnore invalid POST bodies when joining rooms (diff)
downloadsynapse-33300673b7a6f79802f691ac121e720cb44c0dfc.tar.xz
Generate guest access token on 3pid invites
This means that following the same link across multiple sessions or
devices can re-use the same guest account.

Note that this is somewhat of an abuse vector; we can't throw up
captchas on this flow, so this is a way of registering ephemeral
accounts for spam, whose sign-up we don't rate limit.
Diffstat (limited to 'synapse/handlers/register.py')
-rw-r--r--synapse/handlers/register.py15
1 files changed, 15 insertions, 0 deletions
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index f8959e5d82..6d155d57e7 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -349,3 +349,18 @@ class RegistrationHandler(BaseHandler):
 
     def auth_handler(self):
         return self.hs.get_handlers().auth_handler
+
+    @defer.inlineCallbacks
+    def guest_access_token_for(self, medium, address, inviter_user_id):
+        access_token = yield self.store.get_3pid_guest_access_token(medium, address)
+        if access_token:
+            defer.returnValue(access_token)
+
+        _, access_token = yield self.register(
+            generate_token=True,
+            make_guest=True
+        )
+        access_token = yield self.store.save_or_get_3pid_guest_access_token(
+            medium, address, access_token, inviter_user_id
+        )
+        defer.returnValue(access_token)