2016-01-07 05:26:29 +01:00
|
|
|
# Copyright 2015, 2016 OpenMarket Ltd
|
2021-12-01 13:28:23 +01:00
|
|
|
# Copyright 2021 The Matrix.org Foundation C.I.C.
|
2015-02-19 15:16:53 +01:00
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
2021-12-01 13:28:23 +01:00
|
|
|
import argparse
|
2022-04-11 18:07:23 +02:00
|
|
|
from typing import Any, Optional
|
2015-02-19 15:16:53 +01:00
|
|
|
|
2020-06-30 21:41:36 +02:00
|
|
|
from synapse.api.constants import RoomCreationPreset
|
2018-10-24 17:09:21 +02:00
|
|
|
from synapse.config._base import Config, ConfigError
|
2022-04-11 18:07:23 +02:00
|
|
|
from synapse.types import JsonDict, RoomAlias, UserID
|
2021-01-15 16:59:20 +01:00
|
|
|
from synapse.util.stringutils import random_string_with_symbols, strtobool
|
2015-03-13 16:23:37 +01:00
|
|
|
|
2015-02-19 15:16:53 +01:00
|
|
|
|
|
|
|
class RegistrationConfig(Config):
|
2019-10-10 10:39:35 +02:00
|
|
|
section = "registration"
|
|
|
|
|
2022-04-11 18:07:23 +02:00
|
|
|
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
|
2021-01-15 16:59:20 +01:00
|
|
|
self.enable_registration = strtobool(
|
|
|
|
str(config.get("enable_registration", False))
|
2015-02-19 15:16:53 +01:00
|
|
|
)
|
2015-04-30 15:34:09 +02:00
|
|
|
if "disable_registration" in config:
|
2021-01-15 16:59:20 +01:00
|
|
|
self.enable_registration = not strtobool(
|
|
|
|
str(config["disable_registration"])
|
2015-04-30 15:34:09 +02:00
|
|
|
)
|
|
|
|
|
2022-03-25 18:11:01 +01:00
|
|
|
self.enable_registration_without_verification = strtobool(
|
|
|
|
str(config.get("enable_registration_without_verification", False))
|
|
|
|
)
|
|
|
|
|
2018-01-19 01:19:58 +01:00
|
|
|
self.registrations_require_3pid = config.get("registrations_require_3pid", [])
|
2018-01-19 16:33:55 +01:00
|
|
|
self.allowed_local_3pids = config.get("allowed_local_3pids", [])
|
2019-04-04 18:25:47 +02:00
|
|
|
self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
|
2021-08-21 23:14:43 +02:00
|
|
|
self.registration_requires_token = config.get(
|
|
|
|
"registration_requires_token", False
|
|
|
|
)
|
2022-05-05 13:11:52 +02:00
|
|
|
self.enable_registration_token_3pid_bypass = config.get(
|
|
|
|
"enable_registration_token_3pid_bypass", False
|
2022-04-27 14:57:53 +02:00
|
|
|
)
|
2015-04-30 05:24:44 +02:00
|
|
|
self.registration_shared_secret = config.get("registration_shared_secret")
|
2016-02-08 17:35:44 +01:00
|
|
|
|
2015-10-16 15:52:08 +02:00
|
|
|
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
|
2021-11-18 19:56:32 +01:00
|
|
|
|
2019-09-06 12:35:28 +02:00
|
|
|
account_threepid_delegates = config.get("account_threepid_delegates") or {}
|
|
|
|
self.account_threepid_delegate_email = account_threepid_delegates.get("email")
|
|
|
|
self.account_threepid_delegate_msisdn = account_threepid_delegates.get("msisdn")
|
2018-12-05 14:38:58 +01:00
|
|
|
self.default_identity_server = config.get("default_identity_server")
|
2015-11-04 18:29:07 +01:00
|
|
|
self.allow_guest_access = config.get("allow_guest_access", False)
|
2015-04-30 05:24:44 +02:00
|
|
|
|
2019-07-05 17:47:58 +02:00
|
|
|
if config.get("invite_3pid_guest", False):
|
|
|
|
raise ConfigError("invite_3pid_guest is no longer supported")
|
2016-03-14 16:50:40 +01:00
|
|
|
|
2017-10-16 18:57:27 +02:00
|
|
|
self.auto_join_rooms = config.get("auto_join_rooms", [])
|
2018-10-12 19:17:36 +02:00
|
|
|
for room_alias in self.auto_join_rooms:
|
|
|
|
if not RoomAlias.is_valid(room_alias):
|
2019-06-20 11:32:02 +02:00
|
|
|
raise ConfigError("Invalid auto_join_rooms entry %s" % (room_alias,))
|
2020-06-30 21:41:36 +02:00
|
|
|
|
|
|
|
# Options for creating auto-join rooms if they do not exist yet.
|
2018-09-28 16:37:28 +02:00
|
|
|
self.autocreate_auto_join_rooms = config.get("autocreate_auto_join_rooms", True)
|
2020-06-30 21:41:36 +02:00
|
|
|
self.autocreate_auto_join_rooms_federated = config.get(
|
|
|
|
"autocreate_auto_join_rooms_federated", True
|
|
|
|
)
|
|
|
|
self.autocreate_auto_join_room_preset = (
|
|
|
|
config.get("autocreate_auto_join_room_preset")
|
|
|
|
or RoomCreationPreset.PUBLIC_CHAT
|
|
|
|
)
|
|
|
|
self.auto_join_room_requires_invite = self.autocreate_auto_join_room_preset in {
|
|
|
|
RoomCreationPreset.PRIVATE_CHAT,
|
|
|
|
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
|
|
|
|
}
|
|
|
|
|
2020-10-23 18:38:40 +02:00
|
|
|
# Pull the creator/inviter from the configuration, this gets used to
|
2020-06-30 21:41:36 +02:00
|
|
|
# send invites for invite-only rooms.
|
|
|
|
mxid_localpart = config.get("auto_join_mxid_localpart")
|
|
|
|
self.auto_join_user_id = None
|
|
|
|
if mxid_localpart:
|
|
|
|
# Convert the localpart to a full mxid.
|
|
|
|
self.auto_join_user_id = UserID(
|
2021-10-06 16:47:41 +02:00
|
|
|
mxid_localpart, self.root.server.server_name
|
2020-06-30 21:41:36 +02:00
|
|
|
).to_string()
|
|
|
|
|
|
|
|
if self.autocreate_auto_join_rooms:
|
|
|
|
# Ensure the preset is a known value.
|
|
|
|
if self.autocreate_auto_join_room_preset not in {
|
|
|
|
RoomCreationPreset.PUBLIC_CHAT,
|
|
|
|
RoomCreationPreset.PRIVATE_CHAT,
|
|
|
|
RoomCreationPreset.TRUSTED_PRIVATE_CHAT,
|
|
|
|
}:
|
|
|
|
raise ConfigError("Invalid value for autocreate_auto_join_room_preset")
|
|
|
|
# If the preset requires invitations to be sent, ensure there's a
|
|
|
|
# configured user to send them from.
|
|
|
|
if self.auto_join_room_requires_invite:
|
|
|
|
if not mxid_localpart:
|
|
|
|
raise ConfigError(
|
|
|
|
"The configuration option `auto_join_mxid_localpart` is required if "
|
|
|
|
"`autocreate_auto_join_room_preset` is set to private_chat or trusted_private_chat, such that "
|
|
|
|
"Synapse knows who to send invitations from. Please "
|
|
|
|
"configure `auto_join_mxid_localpart`."
|
|
|
|
)
|
|
|
|
|
2020-06-05 19:18:15 +02:00
|
|
|
self.auto_join_rooms_for_guests = config.get("auto_join_rooms_for_guests", True)
|
2017-10-16 18:57:27 +02:00
|
|
|
|
2020-03-27 20:15:23 +01:00
|
|
|
self.enable_set_displayname = config.get("enable_set_displayname", True)
|
|
|
|
self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
|
|
|
|
self.enable_3pid_changes = config.get("enable_3pid_changes", True)
|
|
|
|
|
2019-06-20 11:32:02 +02:00
|
|
|
self.disable_msisdn_registration = config.get(
|
|
|
|
"disable_msisdn_registration", False
|
2019-01-21 16:17:20 +01:00
|
|
|
)
|
2019-01-21 15:59:37 +01:00
|
|
|
|
2019-07-12 18:26:02 +02:00
|
|
|
session_lifetime = config.get("session_lifetime")
|
|
|
|
if session_lifetime is not None:
|
|
|
|
session_lifetime = self.parse_duration(session_lifetime)
|
|
|
|
self.session_lifetime = session_lifetime
|
|
|
|
|
2021-11-23 18:01:34 +01:00
|
|
|
# The `refreshable_access_token_lifetime` applies for tokens that can be renewed
|
2021-11-26 15:27:14 +01:00
|
|
|
# using a refresh token, as per MSC2918.
|
|
|
|
# If it is `None`, the refresh token mechanism is disabled.
|
2021-11-23 18:01:34 +01:00
|
|
|
refreshable_access_token_lifetime = config.get(
|
|
|
|
"refreshable_access_token_lifetime",
|
2021-11-26 15:27:14 +01:00
|
|
|
"5m",
|
2021-06-24 15:33:20 +02:00
|
|
|
)
|
2021-11-23 18:01:34 +01:00
|
|
|
if refreshable_access_token_lifetime is not None:
|
|
|
|
refreshable_access_token_lifetime = self.parse_duration(
|
|
|
|
refreshable_access_token_lifetime
|
|
|
|
)
|
2021-11-29 14:34:14 +01:00
|
|
|
self.refreshable_access_token_lifetime: Optional[
|
|
|
|
int
|
|
|
|
] = refreshable_access_token_lifetime
|
2021-06-24 15:33:20 +02:00
|
|
|
|
2021-12-03 17:42:44 +01:00
|
|
|
if (
|
|
|
|
self.session_lifetime is not None
|
|
|
|
and "refreshable_access_token_lifetime" in config
|
|
|
|
):
|
|
|
|
if self.session_lifetime < self.refreshable_access_token_lifetime:
|
|
|
|
raise ConfigError(
|
|
|
|
"Both `session_lifetime` and `refreshable_access_token_lifetime` "
|
|
|
|
"configuration options have been set, but `refreshable_access_token_lifetime` "
|
|
|
|
" exceeds `session_lifetime`!"
|
|
|
|
)
|
|
|
|
|
|
|
|
# The `nonrefreshable_access_token_lifetime` applies for tokens that can NOT be
|
|
|
|
# refreshed using a refresh token.
|
|
|
|
# If it is None, then these tokens last for the entire length of the session,
|
|
|
|
# which is infinite by default.
|
|
|
|
# The intention behind this configuration option is to help with requiring
|
|
|
|
# all clients to use refresh tokens, if the homeserver administrator requires.
|
|
|
|
nonrefreshable_access_token_lifetime = config.get(
|
|
|
|
"nonrefreshable_access_token_lifetime",
|
|
|
|
None,
|
|
|
|
)
|
|
|
|
if nonrefreshable_access_token_lifetime is not None:
|
|
|
|
nonrefreshable_access_token_lifetime = self.parse_duration(
|
|
|
|
nonrefreshable_access_token_lifetime
|
|
|
|
)
|
|
|
|
self.nonrefreshable_access_token_lifetime = nonrefreshable_access_token_lifetime
|
|
|
|
|
|
|
|
if (
|
|
|
|
self.session_lifetime is not None
|
|
|
|
and self.nonrefreshable_access_token_lifetime is not None
|
|
|
|
):
|
|
|
|
if self.session_lifetime < self.nonrefreshable_access_token_lifetime:
|
|
|
|
raise ConfigError(
|
|
|
|
"Both `session_lifetime` and `nonrefreshable_access_token_lifetime` "
|
|
|
|
"configuration options have been set, but `nonrefreshable_access_token_lifetime` "
|
|
|
|
" exceeds `session_lifetime`!"
|
|
|
|
)
|
|
|
|
|
2021-11-26 15:27:14 +01:00
|
|
|
refresh_token_lifetime = config.get("refresh_token_lifetime")
|
|
|
|
if refresh_token_lifetime is not None:
|
|
|
|
refresh_token_lifetime = self.parse_duration(refresh_token_lifetime)
|
2021-11-29 14:34:14 +01:00
|
|
|
self.refresh_token_lifetime: Optional[int] = refresh_token_lifetime
|
2021-06-24 15:33:20 +02:00
|
|
|
|
2021-12-03 17:42:44 +01:00
|
|
|
if (
|
|
|
|
self.session_lifetime is not None
|
|
|
|
and self.refresh_token_lifetime is not None
|
|
|
|
):
|
|
|
|
if self.session_lifetime < self.refresh_token_lifetime:
|
|
|
|
raise ConfigError(
|
|
|
|
"Both `session_lifetime` and `refresh_token_lifetime` "
|
|
|
|
"configuration options have been set, but `refresh_token_lifetime` "
|
|
|
|
" exceeds `session_lifetime`!"
|
|
|
|
)
|
|
|
|
|
2021-08-21 23:14:43 +02:00
|
|
|
# The fallback template used for authenticating using a registration token
|
|
|
|
self.registration_token_template = self.read_template("registration_token.html")
|
|
|
|
|
2020-10-02 12:15:53 +02:00
|
|
|
# The success template used during fallback auth.
|
2021-01-27 16:59:50 +01:00
|
|
|
self.fallback_success_template = self.read_template("auth_success.html")
|
2020-10-02 12:15:53 +02:00
|
|
|
|
2022-01-26 13:02:54 +01:00
|
|
|
self.inhibit_user_in_use_error = config.get("inhibit_user_in_use_error", False)
|
|
|
|
|
2022-04-11 18:07:23 +02:00
|
|
|
def generate_config_section(
|
|
|
|
self, generate_secrets: bool = False, **kwargs: Any
|
|
|
|
) -> str:
|
2018-12-21 16:04:57 +01:00
|
|
|
if generate_secrets:
|
|
|
|
registration_shared_secret = 'registration_shared_secret: "%s"' % (
|
|
|
|
random_string_with_symbols(50),
|
|
|
|
)
|
2022-06-14 16:53:42 +02:00
|
|
|
return registration_shared_secret
|
2018-12-21 16:04:57 +01:00
|
|
|
else:
|
2022-06-14 16:53:42 +02:00
|
|
|
return ""
|
2015-04-30 16:04:06 +02:00
|
|
|
|
2019-07-15 14:15:34 +02:00
|
|
|
@staticmethod
|
2021-12-01 13:28:23 +01:00
|
|
|
def add_arguments(parser: argparse.ArgumentParser) -> None:
|
2015-04-30 16:04:06 +02:00
|
|
|
reg_group = parser.add_argument_group("registration")
|
|
|
|
reg_group.add_argument(
|
2019-06-20 11:32:02 +02:00
|
|
|
"--enable-registration",
|
|
|
|
action="store_true",
|
|
|
|
default=None,
|
|
|
|
help="Enable registration for new users.",
|
2015-04-30 16:04:06 +02:00
|
|
|
)
|
|
|
|
|
2021-12-01 13:28:23 +01:00
|
|
|
def read_arguments(self, args: argparse.Namespace) -> None:
|
2015-04-30 16:04:06 +02:00
|
|
|
if args.enable_registration is not None:
|
2021-05-14 11:58:57 +02:00
|
|
|
self.enable_registration = strtobool(str(args.enable_registration))
|