Commit Graph

20 Commits

Author SHA1 Message Date
Paul "LeoNerd" Evans
a7d53227de Bugfix for older Pythons that lack hmac.compare_digest() 2014-09-23 19:07:16 +01:00
Paul "LeoNerd" Evans
c03176af59 Send an HMAC(SHA1) protecting the User ID for the ReCAPTCHA bypass, rather than simply the secret itself, so it's useless if that HMAC leaks 2014-09-23 15:58:44 +01:00
Paul "LeoNerd" Evans
537c7e1137 Config values are almost never 'None', but they might be empty string. Detect their presence by truth 2014-09-23 15:18:59 +01:00
Paul "LeoNerd" Evans
5f16439752 Make sure the config actually /has/ a captcha_bypass_secret set before trying to compare it 2014-09-23 15:16:47 +01:00
Paul "LeoNerd" Evans
3a8a94448a Allow a (hidden undocumented) key to m.login.recaptcha to specify a shared secret to allow bots to bypass the ReCAPTCHA test (SYN-60) 2014-09-23 14:29:08 +01:00
Kegan Dougal
34d7896b06 More helpful 400 error messages. 2014-09-15 16:05:51 +01:00
Kegan Dougal
2c00e1ecd9 Be consistent when associating keys with login types for registration/login. 2014-09-15 15:38:29 +01:00
Kegan Dougal
04fbda46dd Make captcha work again with the new registration logic. 2014-09-15 14:52:39 +01:00
Kegan Dougal
285ecaacd0 Split out password/captcha/email logic. 2014-09-15 12:42:36 +01:00
Kegan Dougal
34878bc26a Added LoginType constants. Created general structure for processing registrations. 2014-09-15 10:23:20 +01:00
Kegan Dougal
3ea6f01b4e 80 chars please 2014-09-05 22:55:29 -07:00
Kegan Dougal
37e53513b6 Add config opion for XFF headers when performing ReCaptcha auth. 2014-09-05 22:51:11 -07:00
Kegan Dougal
1829b55bb0 Captchas now work on registration. Missing x-forwarded-for config arg support. Missing reloading a new captcha on the web client / displaying a sensible error message. 2014-09-05 19:18:23 -07:00
Kegan Dougal
0b9e1e7b56 Added a captcha config to the HS, to enable registration captcha checking and for the recaptcha private key. 2014-09-05 17:58:06 -07:00
David Baker
d72ce4da64 Merge branch 'develop' of github.com:matrix-org/synapse into develop
Conflicts:
	synapse/http/client.py
2014-09-03 18:25:17 +01:00
David Baker
d6ecbbdf0a Add support for registering with a threepid to the HS (get credentials from the client and check them against an ID server). 2014-09-03 18:22:27 +01:00
Matthew Hodgson
8a7c1d6a00 fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch. 2014-09-03 17:31:57 +01:00
Erik Johnston
a9a5329a11 Encode unicode from json as utf-8. This was required to allow people to register on my laptop 2014-08-24 11:29:29 +01:00
Matthew Hodgson
f98e6380f1 add in whitespace after copyright statements to improve legibility 2014-08-13 03:14:34 +01:00
matrix.org
4f475c7697 Reference Matrix Home Server 2014-08-12 15:10:52 +01:00