Stop accepting 'user' parameter for application service registration. (#15928)
This is unspecced, but has existed for a very long time.
This commit is contained in:
parent
2cacd0849a
commit
20ae617d14
|
@ -0,0 +1 @@
|
||||||
|
Remove support for calling the `/register` endpoint with an unspecced `user` property for application services.
|
|
@ -88,6 +88,16 @@ process, for example:
|
||||||
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
|
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
|
||||||
```
|
```
|
||||||
|
|
||||||
|
# Upgrading to v1.89.0
|
||||||
|
|
||||||
|
## Removal of unspecced `user` property for `/register`
|
||||||
|
|
||||||
|
Application services can no longer call `/register` with a `user` property to create new users.
|
||||||
|
The standard `username` property should be used instead. See the
|
||||||
|
[Application Service specification](https://spec.matrix.org/v1.7/application-service-api/#server-admin-style-permissions)
|
||||||
|
for more information.
|
||||||
|
|
||||||
|
|
||||||
# Upgrading to v1.88.0
|
# Upgrading to v1.88.0
|
||||||
|
|
||||||
## Minimum supported Python version
|
## Minimum supported Python version
|
||||||
|
|
|
@ -462,9 +462,9 @@ class RegisterRestServlet(RestServlet):
|
||||||
# the auth layer will store these in sessions.
|
# the auth layer will store these in sessions.
|
||||||
desired_username = None
|
desired_username = None
|
||||||
if "username" in body:
|
if "username" in body:
|
||||||
if not isinstance(body["username"], str) or len(body["username"]) > 512:
|
|
||||||
raise SynapseError(400, "Invalid username")
|
|
||||||
desired_username = body["username"]
|
desired_username = body["username"]
|
||||||
|
if not isinstance(desired_username, str) or len(desired_username) > 512:
|
||||||
|
raise SynapseError(400, "Invalid username")
|
||||||
|
|
||||||
# fork off as soon as possible for ASes which have completely
|
# fork off as soon as possible for ASes which have completely
|
||||||
# different registration flows to normal users
|
# different registration flows to normal users
|
||||||
|
@ -477,11 +477,6 @@ class RegisterRestServlet(RestServlet):
|
||||||
"Appservice token must be provided when using a type of m.login.application_service",
|
"Appservice token must be provided when using a type of m.login.application_service",
|
||||||
)
|
)
|
||||||
|
|
||||||
# Set the desired user according to the AS API (which uses the
|
|
||||||
# 'user' key not 'username'). Since this is a new addition, we'll
|
|
||||||
# fallback to 'username' if they gave one.
|
|
||||||
desired_username = body.get("user", desired_username)
|
|
||||||
|
|
||||||
# XXX we should check that desired_username is valid. Currently
|
# XXX we should check that desired_username is valid. Currently
|
||||||
# we give appservices carte blanche for any insanity in mxids,
|
# we give appservices carte blanche for any insanity in mxids,
|
||||||
# because the IRC bridges rely on being able to register stupid
|
# because the IRC bridges rely on being able to register stupid
|
||||||
|
@ -489,7 +484,8 @@ class RegisterRestServlet(RestServlet):
|
||||||
|
|
||||||
access_token = self.auth.get_access_token_from_request(request)
|
access_token = self.auth.get_access_token_from_request(request)
|
||||||
|
|
||||||
if not isinstance(desired_username, str):
|
# Desired username is either a string or None.
|
||||||
|
if desired_username is None:
|
||||||
raise SynapseError(400, "Desired Username is missing or not a string")
|
raise SynapseError(400, "Desired Username is missing or not a string")
|
||||||
|
|
||||||
result = await self._do_appservice_registration(
|
result = await self._do_appservice_registration(
|
||||||
|
|
Loading…
Reference in New Issue