diff options
| author | Daniel Wagner-Hall <daniel@matrix.org> | 2016-02-24 14:41:25 +0000 |
|---|---|---|
| committer | review.rocks <nobody@review.rocks> | 2016-02-24 14:41:25 +0000 |
| commit | 33300673b7a6f79802f691ac121e720cb44c0dfc (patch) | |
| tree | e093e52c405849706fc2b6d55cb74259eac2a64f /synapse/storage/registration.py | |
| parent | Ignore invalid POST bodies when joining rooms (diff) | |
| download | synapse-33300673b7a6f79802f691ac121e720cb44c0dfc.tar.xz | |
Generate guest access token on 3pid invites
This means that following the same link across multiple sessions or devices can re-use the same guest account. Note that this is somewhat of an abuse vector; we can't throw up captchas on this flow, so this is a way of registering ephemeral accounts for spam, whose sign-up we don't rate limit.
Diffstat (limited to 'synapse/storage/registration.py')
| -rw-r--r-- | synapse/storage/registration.py | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py index 967c732bda..03a9b66e4a 100644 --- a/synapse/storage/registration.py +++ b/synapse/storage/registration.py @@ -387,3 +387,47 @@ class RegistrationStore(SQLBaseStore): "find_next_generated_user_id", _find_next_generated_user_id ))) + + @defer.inlineCallbacks + def get_3pid_guest_access_token(self, medium, address): + ret = yield self._simple_select_one( + "threepid_guest_access_tokens", + { + "medium": medium, + "address": address + }, + ["guest_access_token"], True, 'get_3pid_guest_access_token' + ) + if ret: + defer.returnValue(ret["guest_access_token"]) + defer.returnValue(None) + + @defer.inlineCallbacks + def save_or_get_3pid_guest_access_token( + self, medium, address, access_token, inviter_user_id + ): + """ + Gets the 3pid's guest access token if exists, else saves access_token. + + :param medium (str): Medium of the 3pid. Must be "email". + :param address (str): 3pid address. + :param access_token (str): The access token to persist if none is + already persisted. + :param inviter_user_id (str): User ID of the inviter. + :return (deferred str): Whichever access token is persisted at the end + of this function call. + """ + def insert(txn): + txn.execute( + "INSERT INTO threepid_guest_access_tokens " + "(medium, address, guest_access_token, first_inviter) " + "VALUES (?, ?, ?, ?)", + (medium, address, access_token, inviter_user_id) + ) + + try: + yield self.runInteraction("save_3pid_guest_access_token", insert) + defer.returnValue(access_token) + except self.database_engine.module.IntegrityError: + ret = yield self.get_3pid_guest_access_token(medium, address) + defer.returnValue(ret) |