summary refs log tree commit diff
path: root/synapse/rest
diff options
context:
space:
mode:
authorDavid Baker <dave@matrix.org>2016-03-16 11:56:24 +0000
committerDavid Baker <dave@matrix.org>2016-03-16 11:56:24 +0000
commitc12b9d719a3cf1eeb9c4c8d354dbaecab5e76233 (patch)
tree54d337acd5721964fec27b2f169a52b067ebc8db /synapse/rest
parentMerge pull request #647 from matrix-org/markjh/pushers_stream (diff)
downloadsynapse-c12b9d719a3cf1eeb9c4c8d354dbaecab5e76233.tar.xz
Make registration idempotent: if you specify the same session, make it give you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions.
Diffstat (limited to 'synapse/rest')
-rw-r--r--synapse/rest/client/v2_alpha/register.py27
1 files changed, 26 insertions, 1 deletions
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index 533ff136eb..649491bdf6 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -139,7 +139,7 @@ class RegisterRestServlet(RestServlet):
                 [LoginType.EMAIL_IDENTITY]
             ]
 
-        authed, result, params = yield self.auth_handler.check_auth(
+        authed, result, params, session_id = yield self.auth_handler.check_auth(
             flows, body, self.hs.get_ip_from_request(request)
         )
 
@@ -147,6 +147,24 @@ class RegisterRestServlet(RestServlet):
             defer.returnValue((401, result))
             return
 
+        # have we already registered a user for this session
+        registered_user_id = self.auth_handler.get_session_data(
+                session_id, "registered_user_id", None
+        )
+        if registered_user_id is not None:
+            logger.info(
+                "Already registered user ID %r for this session",
+                registered_user_id
+            )
+            access_token = yield self.auth_handler.issue_access_token(registered_user_id)
+            refresh_token = yield self.auth_handler.issue_refresh_token(registered_user_id)
+            defer.returnValue((200, {
+                "user_id": registered_user_id,
+                "access_token": access_token,
+                "home_server": self.hs.hostname,
+                "refresh_token": refresh_token,
+            }))
+
         # NB: This may be from the auth handler and NOT from the POST
         if 'password' not in params:
             raise SynapseError(400, "Missing password.", Codes.MISSING_PARAM)
@@ -161,6 +179,13 @@ class RegisterRestServlet(RestServlet):
             guest_access_token=guest_access_token,
         )
 
+        # remember that we've now registered that user account, and with what
+        # user ID (since the user may not have specified)
+        logger.info("%r", body)
+        self.auth_handler.set_session_data(
+                session_id, "registered_user_id", user_id
+        )
+
         if result and LoginType.EMAIL_IDENTITY in result:
             threepid = result[LoginType.EMAIL_IDENTITY]