Don't validate username when fetching registration flows (#259)

main
Erik Johnston 2017-09-22 16:38:22 +01:00 committed by GitHub
parent 6bec139544
commit bdfade26ed
1 changed files with 14 additions and 13 deletions

View File

@ -135,6 +135,20 @@ func Register(
if resErr != nil { if resErr != nil {
return *resErr return *resErr
} }
// All registration requests must specify what auth they are using to perform this request
if r.Auth.Type == "" {
return util.JSONResponse{
Code: 401,
// TODO: Hard-coded 'dummy' auth for now with a bogus session ID.
// Server admins should be able to change things around (eg enable captcha)
JSON: newUserInteractiveResponse(time.Now().String(), []authFlow{
{[]authtypes.LoginType{authtypes.LoginTypeDummy}},
{[]authtypes.LoginType{authtypes.LoginTypeSharedSecret}},
}),
}
}
if resErr = validate(r.Username, r.Password); resErr != nil { if resErr = validate(r.Username, r.Password); resErr != nil {
return *resErr return *resErr
} }
@ -151,19 +165,6 @@ func Register(
// TODO: Enable registration config flag // TODO: Enable registration config flag
// TODO: Guest account upgrading // TODO: Guest account upgrading
// All registration requests must specify what auth they are using to perform this request
if r.Auth.Type == "" {
return util.JSONResponse{
Code: 401,
// TODO: Hard-coded 'dummy' auth for now with a bogus session ID.
// Server admins should be able to change things around (eg enable captcha)
JSON: newUserInteractiveResponse(time.Now().String(), []authFlow{
{[]authtypes.LoginType{authtypes.LoginTypeDummy}},
{[]authtypes.LoginType{authtypes.LoginTypeSharedSecret}},
}),
}
}
// TODO: Handle loading of previous session parameters from database. // TODO: Handle loading of previous session parameters from database.
// TODO: Handle mapping registrationRequest parameters into session parameters // TODO: Handle mapping registrationRequest parameters into session parameters