fix up v1, and improve errors

This commit is contained in:
Matthew Hodgson 2018-01-19 00:53:58 +00:00
parent 0af58f14ee
commit 9d332e0f79
4 changed files with 65 additions and 20 deletions

View File

@ -15,6 +15,7 @@
"""Contains functions for registering clients."""
import logging
import re
from twisted.internet import defer
@ -293,7 +294,7 @@ class RegistrationHandler(BaseHandler):
"""
for c in threepidCreds:
logger.info("validating theeepidcred sid %s on id server %s",
logger.info("validating threepidcred sid %s on id server %s",
c['sid'], c['idServer'])
try:
identity_handler = self.hs.get_handlers().identity_handler
@ -307,6 +308,16 @@ class RegistrationHandler(BaseHandler):
logger.info("got threepid with medium '%s' and address '%s'",
threepid['medium'], threepid['address'])
for constraint in self.hs.config.registrations_require_3pid:
if (
constraint['medium'] == 'email' and
threepid['medium'] == 'email' and
re.match(constraint['pattern'], threepid['address'])
):
raise RegistrationError(
403, "Third party identifier is not allowed"
)
@defer.inlineCallbacks
def bind_emails(self, user_id, threepidCreds):
"""Links emails with a user ID and informs an identity server.

View File

@ -70,10 +70,24 @@ class RegisterRestServlet(ClientV1RestServlet):
self.handlers = hs.get_handlers()
def on_GET(self, request):
require_email = False
require_msisdn = False
for constraint in self.hs.config.registrations_require_3pid:
if constraint['medium'] == 'email':
require_email = True
elif constraint['medium'] == 'msisdn':
require_msisdn = True
else:
logger.warn(
"Unrecognised 3PID medium %s in registrations_require_3pid" %
constraint['medium']
)
flows = []
if self.hs.config.enable_registration_captcha:
return (
200,
{"flows": [
if require_email or not require_msisdn:
flows.extend([
{
"type": LoginType.RECAPTCHA,
"stages": [
@ -82,27 +96,31 @@ class RegisterRestServlet(ClientV1RestServlet):
LoginType.PASSWORD
]
},
])
if not require_email and not require_msisdn:
flows.extend([
{
"type": LoginType.RECAPTCHA,
"stages": [LoginType.RECAPTCHA, LoginType.PASSWORD]
}
]}
)
])
else:
return (
200,
{"flows": [
if require_email or not require_msisdn:
flows.extend([
{
"type": LoginType.EMAIL_IDENTITY,
"stages": [
LoginType.EMAIL_IDENTITY, LoginType.PASSWORD
]
},
}
])
if not require_email and not require_msisdn:
flows.extend([
{
"type": LoginType.PASSWORD
}
]}
)
])
return (200, {"flows": flows})
@defer.inlineCallbacks
def on_POST(self, request):

View File

@ -48,7 +48,9 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
])
if not check_3pid_allowed(self.hs, "email", body['email']):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
'email', body['email']
@ -82,7 +84,9 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.datastore.get_user_id_by_threepid(
'msisdn', msisdn
@ -224,7 +228,9 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)
if not check_3pid_allowed(self.hs, "email", body['email']):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.datastore.get_user_id_by_threepid(
'email', body['email']
@ -265,7 +271,9 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.datastore.get_user_id_by_threepid(
'msisdn', msisdn

View File

@ -72,7 +72,9 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
])
if not check_3pid_allowed(self.hs, "email", body['email']):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
'email', body['email']
@ -110,7 +112,9 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
if not check_3pid_allowed(self.hs, "msisdn", msisdn):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
'msisdn', msisdn
@ -368,7 +372,9 @@ class RegisterRestServlet(RestServlet):
auth_result[LoginType.EMAIL_IDENTITY].threepid.address
)
):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
elif (
constraint['medium'] == 'msisdn' and
auth_result and LoginType.MSISDN in auth_result and
@ -377,7 +383,9 @@ class RegisterRestServlet(RestServlet):
auth_result[LoginType.MSISDN].threepid.address
)
):
raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
raise SynapseError(
403, "Third party identifier is not allowed", Codes.THREEPID_DENIED
)
if registered_user_id is not None:
logger.info(