forked-synapse/synapse/config/registration.py

# -*- coding: utf-8 -*-
# Copyright 2015, 2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from ._base import Config

from synapse.util.stringutils import random_string_with_symbols

from distutils.util import strtobool


class RegistrationConfig(Config):

    def read_config(self, config):
        self.enable_registration = bool(
            strtobool(str(config["enable_registration"]))
        )
        if "disable_registration" in config:
            self.enable_registration = not bool(
                strtobool(str(config["disable_registration"]))
            )

        self.registration_shared_secret = config.get("registration_shared_secret")
        self.user_creation_max_duration = int(config["user_creation_max_duration"])

        self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
        self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
        self.allow_guest_access = config.get("allow_guest_access", False)

        self.invite_3pid_guest = (
            self.allow_guest_access and config.get("invite_3pid_guest", False)
        )

    def default_config(self, **kwargs):
        registration_shared_secret = random_string_with_symbols(50)

        return """\
        ## Registration ##

        # Enable registration for new users.
        enable_registration: False

        # If set, allows registration by anyone who also has the shared
        # secret, even if registration is otherwise disabled.
        registration_shared_secret: "%(registration_shared_secret)s"

        # Sets the expiry for the short term user creation in
        # milliseconds. For instance the bellow duration is two weeks
        # in milliseconds.
        user_creation_max_duration: 1209600000

        # Set the number of bcrypt rounds used to generate password hash.
        # Larger numbers increase the work factor needed to generate the hash.
        # The default number of rounds is 12.
        bcrypt_rounds: 12

        # Allows users to register as guests without a password/email/etc, and
        # participate in rooms hosted on this server which have been made
        # accessible to anonymous users.
        allow_guest_access: False

        # The list of identity servers trusted to verify third party
        # identifiers by this server.
        trusted_third_party_id_servers:
            - matrix.org
            - vector.im
        """ % locals()

    def add_arguments(self, parser):
        reg_group = parser.add_argument_group("registration")
        reg_group.add_argument(
            "--enable-registration", action="store_true", default=None,
            help="Enable registration for new users."
        )

    def read_arguments(self, args):
        if args.enable_registration is not None:
            self.enable_registration = bool(
                strtobool(str(args.enable_registration))
            )
Add config option to disable registration. 2015-02-19 09:16:53 -05:00			`# -- coding: utf-8 --`
copyrights 2016-01-06 23:26:29 -05:00			`# Copyright 2015, 2016 OpenMarket Ltd`
Add config option to disable registration. 2015-02-19 09:16:53 -05:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

			`from ._base import Config`

Implement registering with shared secret. 2015-03-13 11:23:37 -04:00			`from synapse.util.stringutils import random_string_with_symbols`

Allow --enable-registration to be passed on the commandline 2015-04-30 10:04:06 -04:00			`from distutils.util import strtobool`
Allow enabling of registration with --disable-registration false 2015-03-13 12:49:18 -04:00
Add config option to disable registration. 2015-02-19 09:16:53 -05:00
			`class RegistrationConfig(Config):`

Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00			`def read_config(self, config):`
Rename config field to reflect yaml name 2016-02-03 09:42:01 -05:00			`self.enable_registration = bool(`
Allow --enable-registration to be passed on the commandline 2015-04-30 10:04:06 -04:00			`strtobool(str(config["enable_registration"]))`
Add config option to disable registration. 2015-02-19 09:16:53 -05:00			`)`
Use disable_registration keys if they are present 2015-04-30 09:34:09 -04:00			`if "disable_registration" in config:`
Rename config field to reflect yaml name 2016-02-03 09:42:01 -05:00			`self.enable_registration = not bool(`
Allow --enable-registration to be passed on the commandline 2015-04-30 10:04:06 -04:00			`strtobool(str(config["disable_registration"]))`
Use disable_registration keys if they are present 2015-04-30 09:34:09 -04:00			`)`

Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00			`self.registration_shared_secret = config.get("registration_shared_secret")`
Create user with expiry - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> 2016-04-20 10:21:40 -04:00			`self.user_creation_max_duration = int(config["user_creation_max_duration"])`
Derive macaroon_secret_key from signing key. Unfortunately, there are people that are running synapse without a `macaroon_sercret_key` set. Mandating they set one is a good solution, except that breaking auto upgrades is annoying. 2016-02-08 11:35:44 -05:00
Add config for how many bcrypt rounds to use for password hashes By default we leave it at the default value of 12. But now we can reduce it for preparing users for loadtests or running integration tests. 2015-10-16 09:52:08 -04:00			`self.bcrypt_rounds = config.get("bcrypt_rounds", 12)`
Add config option for setting the trusted id servers, disabling checking the ID server in integration tests 2016-01-29 09:12:26 -05:00			`self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]`
Allow guests to register and call /events?room_id= This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. 2015-11-04 12:29:07 -05:00			`self.allow_guest_access = config.get("allow_guest_access", False)`
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00
Add config to create guest account on 3pid invite Currently, when a 3pid invite request is sent to an identity server, it includes a provisioned guest access token. This allows the link in the, say, invite email to include the guest access token ensuring that the same account is used each time the link is clicked. This flow has a number of flaws, including when using different servers or servers that have guest access disabled. For now, we keep this implementation but hide it behind a config option until a better flow is implemented. 2016-03-14 11:50:40 -04:00			`self.invite_3pid_guest = (`
			`self.allow_guest_access and config.get("invite_3pid_guest", False)`
			`)`

Derive macaroon_secret_key from signing key. Unfortunately, there are people that are running synapse without a `macaroon_sercret_key` set. Mandating they set one is a good solution, except that breaking auto upgrades is annoying. 2016-02-08 11:35:44 -05:00			`def default_config(self, **kwargs):`
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00			`registration_shared_secret = random_string_with_symbols(50)`
Error if macaroon key is missing from config Currently we store all access tokens in the DB, and fall back to that check if we can't validate the macaroon, so our fallback works here, but for guests, their macaroons don't get persisted, so we don't get to find them in the database. Each restart, we generate a new ephemeral key, so guests lose access after each server restart. I tried to fix up the config stuff to be less insane, but gave up, so instead I bolt on yet another piece of custom one-off insanity. Also, add some basic tests for config generation and loading. 2016-02-04 20:58:23 -05:00
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00			`return """\`
			`## Registration ##`
Disable registration by default 2015-03-13 08:59:45 -04:00
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00			`# Enable registration for new users.`
Registration should be disabled by default 2015-05-28 06:01:34 -04:00			`enable_registration: False`
Implement registering with shared secret. 2015-03-13 11:23:37 -04:00
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00			`# If set, allows registration by anyone who also has the shared`
			`# secret, even if registration is otherwise disabled.`
			`registration_shared_secret: "%(registration_shared_secret)s"`
Derive macaroon_secret_key from signing key. Unfortunately, there are people that are running synapse without a `macaroon_sercret_key` set. Mandating they set one is a good solution, except that breaking auto upgrades is annoying. 2016-02-08 11:35:44 -05:00
Create user with expiry - Add unittests for client, api and handler Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com> 2016-04-20 10:21:40 -04:00			`# Sets the expiry for the short term user creation in`
			`# milliseconds. For instance the bellow duration is two weeks`
			`# in milliseconds.`
			`user_creation_max_duration: 1209600000`

Add config for how many bcrypt rounds to use for password hashes By default we leave it at the default value of 12. But now we can reduce it for preparing users for loadtests or running integration tests. 2015-10-16 09:52:08 -04:00			`# Set the number of bcrypt rounds used to generate password hash.`
			`# Larger numbers increase the work factor needed to generate the hash.`
			`# The default number of rounds is 12.`
			`bcrypt_rounds: 12`
Allow guests to register and call /events?room_id= This follows the same flows-based flow as regular registration, but as the only implemented flow has no requirements, it auto-succeeds. In the future, other flows (e.g. captcha) may be required, so clients should treat this like the regular registration flow choices. 2015-11-04 12:29:07 -05:00
			`# Allows users to register as guests without a password/email/etc, and`
			`# participate in rooms hosted on this server which have been made`
			`# accessible to anonymous users.`
			`allow_guest_access: False`
Add config option for setting the trusted id servers, disabling checking the ID server in integration tests 2016-01-29 09:12:26 -05:00
			`# The list of identity servers trusted to verify third party`
			`# identifiers by this server.`
			`trusted_third_party_id_servers:`
			`- matrix.org`
			`- vector.im`
Manually generate the default config yaml, remove most of the commandline arguments for synapse anticipating that people will use the yaml instead. Simpify implementing config options by not requiring the classes to hit the super class 2015-04-29 23:24:44 -04:00			`""" % locals()`
Allow --enable-registration to be passed on the commandline 2015-04-30 10:04:06 -04:00
			`def add_arguments(self, parser):`
			`reg_group = parser.add_argument_group("registration")`
			`reg_group.add_argument(`
Allow generate-config to run against an existing config file to generate default keys 2015-05-01 08:54:38 -04:00			`"--enable-registration", action="store_true", default=None,`
Allow --enable-registration to be passed on the commandline 2015-04-30 10:04:06 -04:00			`help="Enable registration for new users."`
			`)`

			`def read_arguments(self, args):`
			`if args.enable_registration is not None:`
Rename config field to reflect yaml name 2016-02-03 09:42:01 -05:00			`self.enable_registration = bool(`
Allow --enable-registration to be passed on the commandline 2015-04-30 10:04:06 -04:00			`strtobool(str(args.enable_registration))`
			`)`