Make registration idempotent: if you specify the same session, make it give you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions.

2025-05-22 01:30:22 -04:00 · 2016-03-16 11:56:24 +00:00 · 2016-03-16 11:56:24 +00:00 · c12b9d719a
commit c12b9d719a
parent add89a03a6
2 changed files with 73 additions and 12 deletions
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@ -139,7 +139,7 @@ class RegisterRestServlet(RestServlet):
                [LoginType.EMAIL_IDENTITY]
            ]

-        authed, result, params = yield self.auth_handler.check_auth(
+        authed, result, params, session_id = yield self.auth_handler.check_auth(
            flows, body, self.hs.get_ip_from_request(request)
        )

@ -147,6 +147,24 @@ class RegisterRestServlet(RestServlet):
            defer.returnValue((401, result))
            return

+        # have we already registered a user for this session
+        registered_user_id = self.auth_handler.get_session_data(
+                session_id, "registered_user_id", None
+        )
+        if registered_user_id is not None:
+            logger.info(
+                "Already registered user ID %r for this session",
+                registered_user_id
+            )
+            access_token = yield self.auth_handler.issue_access_token(registered_user_id)
+            refresh_token = yield self.auth_handler.issue_refresh_token(registered_user_id)
+            defer.returnValue((200, {
+                "user_id": registered_user_id,
+                "access_token": access_token,
+                "home_server": self.hs.hostname,
+                "refresh_token": refresh_token,
+            }))
+
        # NB: This may be from the auth handler and NOT from the POST
        if 'password' not in params:
            raise SynapseError(400, "Missing password.", Codes.MISSING_PARAM)
@ -161,6 +179,13 @@ class RegisterRestServlet(RestServlet):
            guest_access_token=guest_access_token,
        )

+        # remember that we've now registered that user account, and with what
+        # user ID (since the user may not have specified)
+        logger.info("%r", body)
+        self.auth_handler.set_session_data(
+                session_id, "registered_user_id", user_id
+        )
+
        if result and LoginType.EMAIL_IDENTITY in result:
            threepid = result[LoginType.EMAIL_IDENTITY]