fix up v1, and improve errors

This commit is contained in:
Matthew Hodgson 2018-01-19 00:53:58 +00:00
parent 0af58f14ee
commit 9d332e0f79
4 changed files with 65 additions and 20 deletions

View file

@ -15,6 +15,7 @@
"""Contains functions for registering clients.""" """Contains functions for registering clients."""
import logging import logging
import re
from twisted.internet import defer from twisted.internet import defer
@ -293,7 +294,7 @@ class RegistrationHandler(BaseHandler):
""" """
for c in threepidCreds: for c in threepidCreds:
logger.info("validating theeepidcred sid %s on id server %s", logger.info("validating threepidcred sid %s on id server %s",
c['sid'], c['idServer']) c['sid'], c['idServer'])
try: try:
identity_handler = self.hs.get_handlers().identity_handler identity_handler = self.hs.get_handlers().identity_handler
@ -307,6 +308,16 @@ class RegistrationHandler(BaseHandler):
logger.info("got threepid with medium '%s' and address '%s'", logger.info("got threepid with medium '%s' and address '%s'",
threepid['medium'], threepid['address']) threepid['medium'], threepid['address'])
for constraint in self.hs.config.registrations_require_3pid:
if (
constraint['medium'] == 'email' and
threepid['medium'] == 'email' and
re.match(constraint['pattern'], threepid['address'])
):
raise RegistrationError(
403, "Third party identifier is not allowed"
)
@defer.inlineCallbacks @defer.inlineCallbacks
def bind_emails(self, user_id, threepidCreds): def bind_emails(self, user_id, threepidCreds):
"""Links emails with a user ID and informs an identity server. """Links emails with a user ID and informs an identity server.

View file

@ -70,10 +70,24 @@ class RegisterRestServlet(ClientV1RestServlet):
self.handlers = hs.get_handlers() self.handlers = hs.get_handlers()
def on_GET(self, request): def on_GET(self, request):
require_email = False
require_msisdn = False
for constraint in self.hs.config.registrations_require_3pid:
if constraint['medium'] == 'email':
require_email = True
elif constraint['medium'] == 'msisdn':
require_msisdn = True
else:
logger.warn(
"Unrecognised 3PID medium %s in registrations_require_3pid" %
constraint['medium']
)
flows = []
if self.hs.config.enable_registration_captcha: if self.hs.config.enable_registration_captcha:
return ( if require_email or not require_msisdn:
200, flows.extend([
{"flows": [
{ {
"type": LoginType.RECAPTCHA, "type": LoginType.RECAPTCHA,
"stages": [ "stages": [
@ -82,27 +96,31 @@ class RegisterRestServlet(ClientV1RestServlet):
LoginType.PASSWORD LoginType.PASSWORD
] ]
}, },
])
if not require_email and not require_msisdn:
flows.extend([
{ {
"type": LoginType.RECAPTCHA, "type": LoginType.RECAPTCHA,
"stages": [LoginType.RECAPTCHA, LoginType.PASSWORD] "stages": [LoginType.RECAPTCHA, LoginType.PASSWORD]
} }
]} ])
)
else: else:
return ( if require_email or not require_msisdn:
200, flows.extend([
{"flows": [
{ {
"type": LoginType.EMAIL_IDENTITY, "type": LoginType.EMAIL_IDENTITY,
"stages": [ "stages": [
LoginType.EMAIL_IDENTITY, LoginType.PASSWORD LoginType.EMAIL_IDENTITY, LoginType.PASSWORD
] ]
}, }
])
if not require_email and not require_msisdn:
flows.extend([
{ {
"type": LoginType.PASSWORD "type": LoginType.PASSWORD
} }
]} ])
) return (200, {"flows": flows})
@defer.inlineCallbacks @defer.inlineCallbacks
def on_POST(self, request): def on_POST(self, request):

View file

@ -48,7 +48,9 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
]) ])
if not check_3pid_allowed(self.hs, "email", body['email']): if not check_3pid_allowed(self.hs, "email", body['email']):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid( existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
'email', body['email'] 'email', body['email']
@ -82,7 +84,9 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
msisdn = phone_number_to_msisdn(body['country'], body['phone_number']) msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
if not check_3pid_allowed(self.hs, "msisdn", msisdn): if not check_3pid_allowed(self.hs, "msisdn", msisdn):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.datastore.get_user_id_by_threepid( existingUid = yield self.datastore.get_user_id_by_threepid(
'msisdn', msisdn 'msisdn', msisdn
@ -224,7 +228,9 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM) raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
if not check_3pid_allowed(self.hs, "email", body['email']): if not check_3pid_allowed(self.hs, "email", body['email']):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.datastore.get_user_id_by_threepid( existingUid = yield self.datastore.get_user_id_by_threepid(
'email', body['email'] 'email', body['email']
@ -265,7 +271,9 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
msisdn = phone_number_to_msisdn(body['country'], body['phone_number']) msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
if not check_3pid_allowed(self.hs, "msisdn", msisdn): if not check_3pid_allowed(self.hs, "msisdn", msisdn):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.datastore.get_user_id_by_threepid( existingUid = yield self.datastore.get_user_id_by_threepid(
'msisdn', msisdn 'msisdn', msisdn

View file

@ -72,7 +72,9 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
]) ])
if not check_3pid_allowed(self.hs, "email", body['email']): if not check_3pid_allowed(self.hs, "email", body['email']):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid( existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
'email', body['email'] 'email', body['email']
@ -110,7 +112,9 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
msisdn = phone_number_to_msisdn(body['country'], body['phone_number']) msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
if not check_3pid_allowed(self.hs, "msisdn", msisdn): if not check_3pid_allowed(self.hs, "msisdn", msisdn):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid( existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
'msisdn', msisdn 'msisdn', msisdn
@ -368,7 +372,9 @@ class RegisterRestServlet(RestServlet):
auth_result[LoginType.EMAIL_IDENTITY].threepid.address auth_result[LoginType.EMAIL_IDENTITY].threepid.address
) )
): ):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
elif ( elif (
constraint['medium'] == 'msisdn' and constraint['medium'] == 'msisdn' and
auth_result and LoginType.MSISDN in auth_result and auth_result and LoginType.MSISDN in auth_result and
@ -377,7 +383,9 @@ class RegisterRestServlet(RestServlet):
auth_result[LoginType.MSISDN].threepid.address auth_result[LoginType.MSISDN].threepid.address
) )
): ):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED) raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
if registered_user_id is not None: if registered_user_id is not None:
logger.info( logger.info(