Incorporate Dave's work for GDPR login flows

As per https://github.com/vector-im/riot-web/issues/7168#issuecomment-419996117
This commit is contained in:
Travis Ralston 2018-09-27 14:53:58 -06:00
parent 8935ec5a93
commit fd99787162
4 changed files with 40 additions and 0 deletions

View File

@ -51,6 +51,7 @@ class LoginType(object):
EMAIL_IDENTITY = u"m.login.email.identity" EMAIL_IDENTITY = u"m.login.email.identity"
MSISDN = u"m.login.msisdn" MSISDN = u"m.login.msisdn"
RECAPTCHA = u"m.login.recaptcha" RECAPTCHA = u"m.login.recaptcha"
TERMS = u"m.login.terms"
DUMMY = u"m.login.dummy" DUMMY = u"m.login.dummy"
# Only for C/S API v1 # Only for C/S API v1

View File

@ -59,6 +59,7 @@ class AuthHandler(BaseHandler):
LoginType.EMAIL_IDENTITY: self._check_email_identity, LoginType.EMAIL_IDENTITY: self._check_email_identity,
LoginType.MSISDN: self._check_msisdn, LoginType.MSISDN: self._check_msisdn,
LoginType.DUMMY: self._check_dummy_auth, LoginType.DUMMY: self._check_dummy_auth,
LoginType.TERMS: self._check_terms_auth,
} }
self.bcrypt_rounds = hs.config.bcrypt_rounds self.bcrypt_rounds = hs.config.bcrypt_rounds
@ -431,6 +432,9 @@ class AuthHandler(BaseHandler):
def _check_dummy_auth(self, authdict, _): def _check_dummy_auth(self, authdict, _):
return defer.succeed(True) return defer.succeed(True)
def _check_terms_auth(self, authdict, _):
return defer.succeed(True)
@defer.inlineCallbacks @defer.inlineCallbacks
def _check_threepid(self, medium, authdict): def _check_threepid(self, medium, authdict):
if 'threepid_creds' not in authdict: if 'threepid_creds' not in authdict:

View File

@ -130,6 +130,26 @@ class AuthRestServlet(RestServlet):
request.setHeader(b"Content-Type", b"text/html; charset=utf-8") request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),)) request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
request.write(html_bytes)
finish_request(request)
defer.returnValue(None)
elif stagetype == LoginType.TERMS:
session = request.args['session'][0]
authdict = {
'session': session,
}
success = yield self.auth_handler.add_oob_auth(
LoginType.TERMS,
authdict,
self.hs.get_ip_from_request(request)
)
html = "<html><body>hai</body></html>"
html_bytes = html.encode("utf8")
request.setResponseCode(200)
request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
request.write(html_bytes) request.write(html_bytes)
finish_request(request) finish_request(request)
defer.returnValue(None) defer.returnValue(None)

View File

@ -359,6 +359,21 @@ class RegisterRestServlet(RestServlet):
[LoginType.MSISDN, LoginType.EMAIL_IDENTITY] [LoginType.MSISDN, LoginType.EMAIL_IDENTITY]
]) ])
if self.hs.config.block_events_without_consent_error is not None:
new_flows = []
for flow in flows:
# To only allow registration if completing GDPR auth,
# making clients that don't support it use fallback auth.
#flow.append(LoginType.TERMS)
# or to duplicate all the flows above with the GDPR flow on the
# end so clients that support it can use it but clients that don't
# continue to consent via the DM from server notices bot.
new_flows.extend([
flow + [LoginType.TERMS]
])
flows.extend(new_flows)
auth_result, params, session_id = yield self.auth_handler.check_auth( auth_result, params, session_id = yield self.auth_handler.check_auth(
flows, body, self.hs.get_ip_from_request(request) flows, body, self.hs.get_ip_from_request(request)
) )