Add config option to disable registration (#360)

This commit is contained in:
Erik Johnston 2017-12-04 17:07:45 +00:00 committed by GitHub
parent 791a5ee7f4
commit 7236090989
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 40 additions and 17 deletions

View File

@ -222,6 +222,11 @@ func handleRegistrationFlow(
// TODO: Handle mapping registrationRequest parameters into session parameters
// TODO: email / msisdn / recaptcha auth types.
if cfg.Matrix.RegistrationDisabled && r.Auth.Type != authtypes.LoginTypeSharedSecret {
return util.MessageResponse(403, "Registration has been disabled")
}
switch r.Auth.Type {
case authtypes.LoginTypeSharedSecret:
if cfg.Matrix.RegistrationSharedSecret == "" {
@ -277,33 +282,19 @@ func LegacyRegister(
cfg *config.Dendrite,
) util.JSONResponse {
var r legacyRegisterRequest
resErr := httputil.UnmarshalJSONRequest(req, &r)
resErr := parseAndValidateLegacyLogin(req, &r)
if resErr != nil {
return *resErr
}
// Squash username to all lowercase letters
r.Username = strings.ToLower(r.Username)
if resErr = validateUserName(r.Username); resErr != nil {
return *resErr
}
if resErr = validatePassword(r.Password); resErr != nil {
return *resErr
}
logger := util.GetLogger(req.Context())
logger.WithFields(log.Fields{
"username": r.Username,
"auth.type": r.Type,
}).Info("Processing registration request")
// All registration requests must specify what auth they are using to perform this request
if r.Type == "" {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("invalid type"),
}
if cfg.Matrix.RegistrationDisabled && r.Type != authtypes.LoginTypeSharedSecret {
return util.MessageResponse(403, "Registration has been disabled")
}
switch r.Type {
@ -333,6 +324,35 @@ func LegacyRegister(
}
}
// parseAndValidateLegacyLogin parses the request into r and checks that the
// request is valid (e.g. valid user names, etc)
func parseAndValidateLegacyLogin(req *http.Request, r *legacyRegisterRequest) *util.JSONResponse {
resErr := httputil.UnmarshalJSONRequest(req, &r)
if resErr != nil {
return resErr
}
// Squash username to all lowercase letters
r.Username = strings.ToLower(r.Username)
if resErr = validateUserName(r.Username); resErr != nil {
return resErr
}
if resErr = validatePassword(r.Password); resErr != nil {
return resErr
}
// All registration requests must specify what auth they are using to perform this request
if r.Type == "" {
return &util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("invalid type"),
}
}
return nil
}
func completeRegistration(
ctx context.Context,
accountDB *accounts.Database,

View File

@ -83,6 +83,9 @@ type Dendrite struct {
// If set, allows registration by anyone who also has the shared
// secret, even if registration is otherwise disabled.
RegistrationSharedSecret string `yaml:"registration_shared_secret"`
// If set disables new users from registering (except via shared
// secrets)
RegistrationDisabled bool `yaml:"registration_disabled"`
} `yaml:"matrix"`
// The configuration specific to the media repostitory.