Merge pull request #5174 from matrix-org/dbkr/add_dummy_flow_to_recaptcha_only

Re-order registration stages to do msisdn & email auth last
author: David Baker <dbkr@users.noreply.github.com> 2019-05-16 17:27:39 +0100
committer: GitHub <noreply@github.com> 2019-05-16 17:27:39 +0100
commit: 07cff7b1214060a4505030fc9eb822d974da9610 (patch)
tree: add1759e9b58bf32ba51cd408a17c44db7435f4c /synapse/rest
parent: Make /sync attempt to return device updates for both joined and invited users... (diff)
parent: Terms might not be the last stage (diff)
download: synapse-07cff7b1214060a4505030fc9eb822d974da9610.tar.xz
1 files changed, 17 insertions, 5 deletions
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index fa0cedb8d4..042f636135 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -348,18 +348,22 @@ class RegisterRestServlet(RestServlet):
         if self.hs.config.enable_registration_captcha:
             # only support 3PIDless registration if no 3PIDs are required
             if not require_email and not require_msisdn:
-                flows.extend([[LoginType.RECAPTCHA]])
+                # Also add a dummy flow here, otherwise if a client completes
+                # recaptcha first we'll assume they were going for this flow
+                # and complete the request, when they could have been trying to
+                # complete one of the flows with email/msisdn auth.
+                flows.extend([[LoginType.RECAPTCHA, LoginType.DUMMY]])
             # only support the email-only flow if we don't require MSISDN 3PIDs
             if not require_msisdn:
-                flows.extend([[LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA]])
+                flows.extend([[LoginType.RECAPTCHA, LoginType.EMAIL_IDENTITY]])
 
             if show_msisdn:
                 # only support the MSISDN-only flow if we don't require email 3PIDs
                 if not require_email:
-                    flows.extend([[LoginType.MSISDN, LoginType.RECAPTCHA]])
+                    flows.extend([[LoginType.RECAPTCHA, LoginType.MSISDN]])
                 # always let users provide both MSISDN & email
                 flows.extend([
-                    [LoginType.MSISDN, LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA],
+                    [LoginType.RECAPTCHA, LoginType.MSISDN, LoginType.EMAIL_IDENTITY],
                 ])
         else:
             # only support 3PIDless registration if no 3PIDs are required
@@ -382,7 +386,15 @@ class RegisterRestServlet(RestServlet):
         if self.hs.config.user_consent_at_registration:
             new_flows = []
             for flow in flows:
-                flow.append(LoginType.TERMS)
+                inserted = False
+                # m.login.terms should go near the end but before msisdn or email auth
+                for i, stage in enumerate(flow):
+                    if stage == LoginType.EMAIL_IDENTITY or stage == LoginType.MSISDN:
+                        flow.insert(i, LoginType.TERMS)
+                        inserted = True
+                        break
+                if not inserted:
+                    flow.append(LoginType.TERMS)
             flows.extend(new_flows)
 
         auth_result, params, session_id = yield self.auth_handler.check_auth(
author	David Baker <dbkr@users.noreply.github.com>	2019-05-16 17:27:39 +0100
committer	GitHub <noreply@github.com>	2019-05-16 17:27:39 +0100
commit	07cff7b1214060a4505030fc9eb822d974da9610 (patch)
tree	add1759e9b58bf32ba51cd408a17c44db7435f4c /synapse/rest
parent	Make /sync attempt to return device updates for both joined and invited users... (diff)
parent	Terms might not be the last stage (diff)
download	synapse-07cff7b1214060a4505030fc9eb822d974da9610.tar.xz