Add config option to disable registration (#360)
parent
791a5ee7f4
commit
7236090989
|
@ -222,6 +222,11 @@ func handleRegistrationFlow(
|
|||
// TODO: Handle mapping registrationRequest parameters into session parameters
|
||||
|
||||
// TODO: email / msisdn / recaptcha auth types.
|
||||
|
||||
if cfg.Matrix.RegistrationDisabled && r.Auth.Type != authtypes.LoginTypeSharedSecret {
|
||||
return util.MessageResponse(403, "Registration has been disabled")
|
||||
}
|
||||
|
||||
switch r.Auth.Type {
|
||||
case authtypes.LoginTypeSharedSecret:
|
||||
if cfg.Matrix.RegistrationSharedSecret == "" {
|
||||
|
@ -277,33 +282,19 @@ func LegacyRegister(
|
|||
cfg *config.Dendrite,
|
||||
) util.JSONResponse {
|
||||
var r legacyRegisterRequest
|
||||
resErr := httputil.UnmarshalJSONRequest(req, &r)
|
||||
resErr := parseAndValidateLegacyLogin(req, &r)
|
||||
if resErr != nil {
|
||||
return *resErr
|
||||
}
|
||||
|
||||
// Squash username to all lowercase letters
|
||||
r.Username = strings.ToLower(r.Username)
|
||||
|
||||
if resErr = validateUserName(r.Username); resErr != nil {
|
||||
return *resErr
|
||||
}
|
||||
if resErr = validatePassword(r.Password); resErr != nil {
|
||||
return *resErr
|
||||
}
|
||||
|
||||
logger := util.GetLogger(req.Context())
|
||||
logger.WithFields(log.Fields{
|
||||
"username": r.Username,
|
||||
"auth.type": r.Type,
|
||||
}).Info("Processing registration request")
|
||||
|
||||
// All registration requests must specify what auth they are using to perform this request
|
||||
if r.Type == "" {
|
||||
return util.JSONResponse{
|
||||
Code: 400,
|
||||
JSON: jsonerror.BadJSON("invalid type"),
|
||||
}
|
||||
if cfg.Matrix.RegistrationDisabled && r.Type != authtypes.LoginTypeSharedSecret {
|
||||
return util.MessageResponse(403, "Registration has been disabled")
|
||||
}
|
||||
|
||||
switch r.Type {
|
||||
|
@ -333,6 +324,35 @@ func LegacyRegister(
|
|||
}
|
||||
}
|
||||
|
||||
// parseAndValidateLegacyLogin parses the request into r and checks that the
|
||||
// request is valid (e.g. valid user names, etc)
|
||||
func parseAndValidateLegacyLogin(req *http.Request, r *legacyRegisterRequest) *util.JSONResponse {
|
||||
resErr := httputil.UnmarshalJSONRequest(req, &r)
|
||||
if resErr != nil {
|
||||
return resErr
|
||||
}
|
||||
|
||||
// Squash username to all lowercase letters
|
||||
r.Username = strings.ToLower(r.Username)
|
||||
|
||||
if resErr = validateUserName(r.Username); resErr != nil {
|
||||
return resErr
|
||||
}
|
||||
if resErr = validatePassword(r.Password); resErr != nil {
|
||||
return resErr
|
||||
}
|
||||
|
||||
// All registration requests must specify what auth they are using to perform this request
|
||||
if r.Type == "" {
|
||||
return &util.JSONResponse{
|
||||
Code: 400,
|
||||
JSON: jsonerror.BadJSON("invalid type"),
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func completeRegistration(
|
||||
ctx context.Context,
|
||||
accountDB *accounts.Database,
|
||||
|
|
|
@ -83,6 +83,9 @@ type Dendrite struct {
|
|||
// If set, allows registration by anyone who also has the shared
|
||||
// secret, even if registration is otherwise disabled.
|
||||
RegistrationSharedSecret string `yaml:"registration_shared_secret"`
|
||||
// If set disables new users from registering (except via shared
|
||||
// secrets)
|
||||
RegistrationDisabled bool `yaml:"registration_disabled"`
|
||||
} `yaml:"matrix"`
|
||||
|
||||
// The configuration specific to the media repostitory.
|
||||
|
|
Loading…
Reference in New Issue