add the register_mxid_from_3pid setting (untested)

This commit is contained in:
Matthew Hodgson 2018-04-12 18:20:51 +01:00
parent d5c74b9f6c
commit 969ed2e49d
2 changed files with 36 additions and 8 deletions

View File

@ -34,6 +34,7 @@ class RegistrationConfig(Config):
self.registrations_require_3pid = config.get("registrations_require_3pid", [])
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
self.registration_shared_secret = config.get("registration_shared_secret")
self.register_mxid_from_3pid = config.get("register_mxid_from_3pid")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
@ -60,6 +61,13 @@ class RegistrationConfig(Config):
# - email
# - msisdn
# Derive the user's matrix ID from a type of 3PID used when registering.
# This overrides any matrix ID the user proposes when calling /register
# The 3PID type should be present in registrations_require_3pid to avoid
# users failing to register if they don't specify the right kind of 3pid.
#
# register_mxid_from_3pid: email
# Mandate that users are only allowed to associate certain formats of
# 3PIDs with accounts on this server.
#

View File

@ -297,13 +297,6 @@ class RegisterRestServlet(RestServlet):
session_id, "registered_user_id", None
)
if desired_username is not None:
yield self.registration_handler.check_username(
desired_username,
guest_access_token=guest_access_token,
assigned_user_id=registered_user_id,
)
# Only give msisdn flows if the x_show_msisdn flag is given:
# this is a hack to work around the fact that clients were shipped
# that use fallback registration if they see any flows that they don't
@ -376,6 +369,25 @@ class RegisterRestServlet(RestServlet):
Codes.THREEPID_DENIED,
)
if self.hs.config.register_mxid_from_3pid:
# override the desired_username based on the 3PID if any.
# reset it first to avoid folks picking their own username.
desired_username = None
# we should always have an auth_result if we're going to progress
# to register the user (i.e. we haven't picked up a registered_user_id)
# from our session store
if auth_result and self.hs.config.register_mxid_from_3pid in auth_result:
address = auth_result[login_type]['address']
desired_username = address.lower()
if desired_username is not None:
yield self.registration_handler.check_username(
desired_username,
guest_access_token=guest_access_token,
assigned_user_id=registered_user_id,
)
if registered_user_id is not None:
logger.info(
"Already registered user ID %r for this session",
@ -390,10 +402,18 @@ class RegisterRestServlet(RestServlet):
raise SynapseError(400, "Missing password.",
Codes.MISSING_PARAM)
if not self.hs.config.register_mxid_from_3pid:
desired_username = params.get("username", None)
else:
# we keep the original desired_username derived from the 3pid above
pass
new_password = params.get("password", None)
guest_access_token = params.get("guest_access_token", None)
# XXX: don't we need to validate these for length etc like we did on
# the ones from the JSON body earlier on in the method?
if desired_username is not None:
desired_username = desired_username.lower()