mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Only check 3pids not in use when registering
We checked that 3pids were not already in use before we checked if we were going to return the account previously registered in the same UI auth session, in which case the 3pids will definitely be in use. https://github.com/vector-im/riot-web/issues/9586
This commit is contained in:
parent
df2ebd75d3
commit
6ca88c4693
@ -391,13 +391,6 @@ class RegisterRestServlet(RestServlet):
|
|||||||
# the user-facing checks will probably already have happened in
|
# the user-facing checks will probably already have happened in
|
||||||
# /register/email/requestToken when we requested a 3pid, but that's not
|
# /register/email/requestToken when we requested a 3pid, but that's not
|
||||||
# guaranteed.
|
# guaranteed.
|
||||||
#
|
|
||||||
# Also check that we're not trying to register a 3pid that's already
|
|
||||||
# been registered.
|
|
||||||
#
|
|
||||||
# This has probably happened in /register/email/requestToken as well,
|
|
||||||
# but if a user hits this endpoint twice then clicks on each link from
|
|
||||||
# the two activation emails, they would register the same 3pid twice.
|
|
||||||
|
|
||||||
if auth_result:
|
if auth_result:
|
||||||
for login_type in [LoginType.EMAIL_IDENTITY, LoginType.MSISDN]:
|
for login_type in [LoginType.EMAIL_IDENTITY, LoginType.MSISDN]:
|
||||||
@ -413,17 +406,6 @@ class RegisterRestServlet(RestServlet):
|
|||||||
Codes.THREEPID_DENIED,
|
Codes.THREEPID_DENIED,
|
||||||
)
|
)
|
||||||
|
|
||||||
existingUid = yield self.store.get_user_id_by_threepid(
|
|
||||||
medium, address,
|
|
||||||
)
|
|
||||||
|
|
||||||
if existingUid is not None:
|
|
||||||
raise SynapseError(
|
|
||||||
400,
|
|
||||||
"%s is already in use" % medium,
|
|
||||||
Codes.THREEPID_IN_USE,
|
|
||||||
)
|
|
||||||
|
|
||||||
if registered_user_id is not None:
|
if registered_user_id is not None:
|
||||||
logger.info(
|
logger.info(
|
||||||
"Already registered user ID %r for this session",
|
"Already registered user ID %r for this session",
|
||||||
@ -446,6 +428,28 @@ class RegisterRestServlet(RestServlet):
|
|||||||
if auth_result:
|
if auth_result:
|
||||||
threepid = auth_result.get(LoginType.EMAIL_IDENTITY)
|
threepid = auth_result.get(LoginType.EMAIL_IDENTITY)
|
||||||
|
|
||||||
|
# Also check that we're not trying to register a 3pid that's already
|
||||||
|
# been registered.
|
||||||
|
#
|
||||||
|
# This has probably happened in /register/email/requestToken as well,
|
||||||
|
# but if a user hits this endpoint twice then clicks on each link from
|
||||||
|
# the two activation emails, they would register the same 3pid twice.
|
||||||
|
for login_type in [LoginType.EMAIL_IDENTITY, LoginType.MSISDN]:
|
||||||
|
if login_type in auth_result:
|
||||||
|
medium = auth_result[login_type]['medium']
|
||||||
|
address = auth_result[login_type]['address']
|
||||||
|
|
||||||
|
existingUid = yield self.store.get_user_id_by_threepid(
|
||||||
|
medium, address,
|
||||||
|
)
|
||||||
|
|
||||||
|
if existingUid is not None:
|
||||||
|
raise SynapseError(
|
||||||
|
400,
|
||||||
|
"%s is already in use" % medium,
|
||||||
|
Codes.THREEPID_IN_USE,
|
||||||
|
)
|
||||||
|
|
||||||
(registered_user_id, _) = yield self.registration_handler.register(
|
(registered_user_id, _) = yield self.registration_handler.register(
|
||||||
localpart=desired_username,
|
localpart=desired_username,
|
||||||
password=new_password,
|
password=new_password,
|
||||||
|
Loading…
Reference in New Issue
Block a user