Merge pull request #5174 from matrix-org/dbkr/add_dummy_flow_to_recaptcha_only
Re-order registration stages to do msisdn & email auth last
This commit is contained in:
commit
07cff7b121
|
@ -0,0 +1 @@
|
||||||
|
Re-order stages in registration flows such that msisdn and email verification are done last.
|
|
@ -348,18 +348,22 @@ class RegisterRestServlet(RestServlet):
|
||||||
if self.hs.config.enable_registration_captcha:
|
if self.hs.config.enable_registration_captcha:
|
||||||
# only support 3PIDless registration if no 3PIDs are required
|
# only support 3PIDless registration if no 3PIDs are required
|
||||||
if not require_email and not require_msisdn:
|
if not require_email and not require_msisdn:
|
||||||
flows.extend([[LoginType.RECAPTCHA]])
|
# Also add a dummy flow here, otherwise if a client completes
|
||||||
|
# recaptcha first we'll assume they were going for this flow
|
||||||
|
# and complete the request, when they could have been trying to
|
||||||
|
# complete one of the flows with email/msisdn auth.
|
||||||
|
flows.extend([[LoginType.RECAPTCHA, LoginType.DUMMY]])
|
||||||
# only support the email-only flow if we don't require MSISDN 3PIDs
|
# only support the email-only flow if we don't require MSISDN 3PIDs
|
||||||
if not require_msisdn:
|
if not require_msisdn:
|
||||||
flows.extend([[LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA]])
|
flows.extend([[LoginType.RECAPTCHA, LoginType.EMAIL_IDENTITY]])
|
||||||
|
|
||||||
if show_msisdn:
|
if show_msisdn:
|
||||||
# only support the MSISDN-only flow if we don't require email 3PIDs
|
# only support the MSISDN-only flow if we don't require email 3PIDs
|
||||||
if not require_email:
|
if not require_email:
|
||||||
flows.extend([[LoginType.MSISDN, LoginType.RECAPTCHA]])
|
flows.extend([[LoginType.RECAPTCHA, LoginType.MSISDN]])
|
||||||
# always let users provide both MSISDN & email
|
# always let users provide both MSISDN & email
|
||||||
flows.extend([
|
flows.extend([
|
||||||
[LoginType.MSISDN, LoginType.EMAIL_IDENTITY, LoginType.RECAPTCHA],
|
[LoginType.RECAPTCHA, LoginType.MSISDN, LoginType.EMAIL_IDENTITY],
|
||||||
])
|
])
|
||||||
else:
|
else:
|
||||||
# only support 3PIDless registration if no 3PIDs are required
|
# only support 3PIDless registration if no 3PIDs are required
|
||||||
|
@ -382,7 +386,15 @@ class RegisterRestServlet(RestServlet):
|
||||||
if self.hs.config.user_consent_at_registration:
|
if self.hs.config.user_consent_at_registration:
|
||||||
new_flows = []
|
new_flows = []
|
||||||
for flow in flows:
|
for flow in flows:
|
||||||
flow.append(LoginType.TERMS)
|
inserted = False
|
||||||
|
# m.login.terms should go near the end but before msisdn or email auth
|
||||||
|
for i, stage in enumerate(flow):
|
||||||
|
if stage == LoginType.EMAIL_IDENTITY or stage == LoginType.MSISDN:
|
||||||
|
flow.insert(i, LoginType.TERMS)
|
||||||
|
inserted = True
|
||||||
|
break
|
||||||
|
if not inserted:
|
||||||
|
flow.append(LoginType.TERMS)
|
||||||
flows.extend(new_flows)
|
flows.extend(new_flows)
|
||||||
|
|
||||||
auth_result, params, session_id = yield self.auth_handler.check_auth(
|
auth_result, params, session_id = yield self.auth_handler.check_auth(
|
||||||
|
|
|
@ -92,7 +92,14 @@ class FallbackAuthTests(unittest.HomeserverTestCase):
|
||||||
self.assertEqual(len(self.recaptcha_attempts), 1)
|
self.assertEqual(len(self.recaptcha_attempts), 1)
|
||||||
self.assertEqual(self.recaptcha_attempts[0][0]["response"], "a")
|
self.assertEqual(self.recaptcha_attempts[0][0]["response"], "a")
|
||||||
|
|
||||||
# Now we have fufilled the recaptcha fallback step, we can then send a
|
# also complete the dummy auth
|
||||||
|
request, channel = self.make_request(
|
||||||
|
"POST", "register", {"auth": {"session": session, "type": "m.login.dummy"}}
|
||||||
|
)
|
||||||
|
self.render(request)
|
||||||
|
|
||||||
|
# Now we should have fufilled a complete auth flow, including
|
||||||
|
# the recaptcha fallback step, we can then send a
|
||||||
# request to the register API with the session in the authdict.
|
# request to the register API with the session in the authdict.
|
||||||
request, channel = self.make_request(
|
request, channel = self.make_request(
|
||||||
"POST", "register", {"auth": {"session": session}}
|
"POST", "register", {"auth": {"session": session}}
|
||||||
|
|
|
@ -59,7 +59,7 @@ class TermsTestCase(unittest.HomeserverTestCase):
|
||||||
for flow in channel.json_body["flows"]:
|
for flow in channel.json_body["flows"]:
|
||||||
self.assertIsInstance(flow["stages"], list)
|
self.assertIsInstance(flow["stages"], list)
|
||||||
self.assertTrue(len(flow["stages"]) > 0)
|
self.assertTrue(len(flow["stages"]) > 0)
|
||||||
self.assertEquals(flow["stages"][-1], "m.login.terms")
|
self.assertTrue("m.login.terms" in flow["stages"])
|
||||||
|
|
||||||
expected_params = {
|
expected_params = {
|
||||||
"m.login.terms": {
|
"m.login.terms": {
|
||||||
|
|
Loading…
Reference in New Issue