Allow appservices to register without a login type (#529)
* Allow appservices to register without a logintype Signed-off-by: Andrew Morgan <andrewm@matrix.org> * Reduce cyclomatic complexity on Register function * Fix some grammarmain
parent
d2b349a75a
commit
99005d6a91
|
@ -415,6 +415,22 @@ func validateApplicationService(
|
||||||
return matchedApplicationService.ID, nil
|
return matchedApplicationService.ID, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// authTypeIsValid checks the registration authentication type of the request
|
||||||
|
// and returns true or false depending on whether the auth type is valid
|
||||||
|
func authTypeIsValid(authType *authtypes.LoginType, req *http.Request) bool {
|
||||||
|
// If no auth type is specified by the client, send back the list of available flows
|
||||||
|
if *authType == "" && req.URL.Query().Get("access_token") != "" {
|
||||||
|
// Assume this is an application service registering a user if an empty login
|
||||||
|
// type was provided alongside an access token
|
||||||
|
*authType = authtypes.LoginTypeApplicationService
|
||||||
|
} else if *authType == "" {
|
||||||
|
// Not an access token, and no login type. Send back the flows
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
|
||||||
// Register processes a /register request.
|
// Register processes a /register request.
|
||||||
// http://matrix.org/speculator/spec/HEAD/client_server/unstable.html#post-matrix-client-unstable-register
|
// http://matrix.org/speculator/spec/HEAD/client_server/unstable.html#post-matrix-client-unstable-register
|
||||||
func Register(
|
func Register(
|
||||||
|
@ -454,8 +470,9 @@ func Register(
|
||||||
r.Username = strconv.FormatInt(id, 10)
|
r.Username = strconv.FormatInt(id, 10)
|
||||||
}
|
}
|
||||||
|
|
||||||
// If no auth type is specified by the client, send back the list of available flows
|
// Check r.Auth.Type is correct for the client requesting (handles application
|
||||||
if r.Auth.Type == "" {
|
// services requesting without an auth type)
|
||||||
|
if !authTypeIsValid(&r.Auth.Type, req) {
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
Code: http.StatusUnauthorized,
|
Code: http.StatusUnauthorized,
|
||||||
JSON: newUserInteractiveResponse(sessionID,
|
JSON: newUserInteractiveResponse(sessionID,
|
||||||
|
@ -475,7 +492,7 @@ func Register(
|
||||||
|
|
||||||
// Make sure normal user isn't registering under an exclusive application
|
// Make sure normal user isn't registering under an exclusive application
|
||||||
// service namespace. Skip this check if no app services are registered.
|
// service namespace. Skip this check if no app services are registered.
|
||||||
if r.Auth.Type != "m.login.application_service" &&
|
if r.Auth.Type != authtypes.LoginTypeApplicationService &&
|
||||||
len(cfg.Derived.ApplicationServices) != 0 &&
|
len(cfg.Derived.ApplicationServices) != 0 &&
|
||||||
UsernameMatchesExclusiveNamespaces(cfg, r.Username) {
|
UsernameMatchesExclusiveNamespaces(cfg, r.Username) {
|
||||||
return util.JSONResponse{
|
return util.JSONResponse{
|
||||||
|
|
Loading…
Reference in New Issue