summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorTravis Ralston <travpc@gmail.com>2018-09-27 14:53:58 -0600
committerTravis Ralston <travpc@gmail.com>2018-10-03 15:57:42 -0600
commitfd99787162113857119c033355548c5b3769a309 (patch)
tree100096a7f63847b8fcf860270fc84fa0eb5a87af /synapse
parentMerge pull request #3999 from matrix-org/erikj/fix_3pid_invite_rejetion (diff)
downloadsynapse-fd99787162113857119c033355548c5b3769a309.tar.xz
Incorporate Dave's work for GDPR login flows
As per https://github.com/vector-im/riot-web/issues/7168#issuecomment-419996117
Diffstat (limited to 'synapse')
-rw-r--r--synapse/api/constants.py1
-rw-r--r--synapse/handlers/auth.py4
-rw-r--r--synapse/rest/client/v2_alpha/auth.py20
-rw-r--r--synapse/rest/client/v2_alpha/register.py15
4 files changed, 40 insertions, 0 deletions
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index c2630c4c64..b2815da0ab 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -51,6 +51,7 @@ class LoginType(object):
     EMAIL_IDENTITY = u"m.login.email.identity"
     MSISDN = u"m.login.msisdn"
     RECAPTCHA = u"m.login.recaptcha"
+    TERMS = u"m.login.terms"
     DUMMY = u"m.login.dummy"
 
     # Only for C/S API v1
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 2a5eab124f..f08a2cdd7e 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -59,6 +59,7 @@ class AuthHandler(BaseHandler):
             LoginType.EMAIL_IDENTITY: self._check_email_identity,
             LoginType.MSISDN: self._check_msisdn,
             LoginType.DUMMY: self._check_dummy_auth,
+            LoginType.TERMS: self._check_terms_auth,
         }
         self.bcrypt_rounds = hs.config.bcrypt_rounds
 
@@ -431,6 +432,9 @@ class AuthHandler(BaseHandler):
     def _check_dummy_auth(self, authdict, _):
         return defer.succeed(True)
 
+    def _check_terms_auth(self, authdict, _):
+        return defer.succeed(True)
+
     @defer.inlineCallbacks
     def _check_threepid(self, medium, authdict):
         if 'threepid_creds' not in authdict:
diff --git a/synapse/rest/client/v2_alpha/auth.py b/synapse/rest/client/v2_alpha/auth.py
index bd8b5f4afa..bc3bfee4a0 100644
--- a/synapse/rest/client/v2_alpha/auth.py
+++ b/synapse/rest/client/v2_alpha/auth.py
@@ -133,6 +133,26 @@ class AuthRestServlet(RestServlet):
             request.write(html_bytes)
             finish_request(request)
             defer.returnValue(None)
+        elif stagetype == LoginType.TERMS:
+            session = request.args['session'][0]
+            authdict = {
+                'session': session,
+            }
+            success = yield self.auth_handler.add_oob_auth(
+                LoginType.TERMS,
+                authdict,
+                self.hs.get_ip_from_request(request)
+            )
+
+            html = "<html><body>hai</body></html>"
+            html_bytes = html.encode("utf8")
+            request.setResponseCode(200)
+            request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
+            request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
+
+            request.write(html_bytes)
+            finish_request(request)
+            defer.returnValue(None)
         else:
             raise SynapseError(404, "Unknown auth stage type")
 
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index 192f52e462..dedf5269ed 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -359,6 +359,21 @@ class RegisterRestServlet(RestServlet):
                     [LoginType.MSISDN, LoginType.EMAIL_IDENTITY]
                 ])
 
+        if self.hs.config.block_events_without_consent_error is not None:
+            new_flows = []
+            for flow in flows:
+                # To only allow registration if completing GDPR auth,
+                # making clients that don't support it use fallback auth.
+                #flow.append(LoginType.TERMS)
+
+                # or to duplicate all the flows above with the GDPR flow on the
+                # end so clients that support it can use it but clients that don't
+                # continue to consent via the DM from server notices bot.
+                new_flows.extend([
+                    flow + [LoginType.TERMS]
+                ])
+            flows.extend(new_flows)
+
         auth_result, params, session_id = yield self.auth_handler.check_auth(
             flows, body, self.hs.get_ip_from_request(request)
         )