Add option to enable token registration without requiring 3pids (#12526)

pull/12589/head
Will Hunt 2022-04-27 13:57:53 +01:00 committed by GitHub
parent b76f1a4d5f
commit e8d1ec0e92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 25 additions and 2 deletions

View File

@ -0,0 +1 @@
Add new `enable_registration_token_3pid_bypass` configuration option to allow registrations via token as an alternative to verifying a 3pid.

View File

@ -1323,6 +1323,12 @@ oembed:
# #
#registration_requires_token: true #registration_requires_token: true
# Allow users to submit a token during registration to bypass any required 3pid
# steps configured in `registrations_require_3pid`.
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
#
#enable_registration_token_3pid_bypass: false
# If set, allows registration of standard or admin accounts by anyone who # If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled. # has the shared secret, even if registration is otherwise disabled.
# #

View File

@ -43,6 +43,9 @@ class RegistrationConfig(Config):
self.registration_requires_token = config.get( self.registration_requires_token = config.get(
"registration_requires_token", False "registration_requires_token", False
) )
self.enable_registration_token_3pid_bypasss = config.get(
"enable_registration_token_3pid_bypasss", False
)
self.registration_shared_secret = config.get("registration_shared_secret") self.registration_shared_secret = config.get("registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12) self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
@ -309,6 +312,12 @@ class RegistrationConfig(Config):
# #
#registration_requires_token: true #registration_requires_token: true
# Allow users to submit a token during registration to bypass any required 3pid
# steps configured in `registrations_require_3pid`.
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
#
#enable_registration_token_3pid_bypass: false
# If set, allows registration of standard or admin accounts by anyone who # If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled. # has the shared secret, even if registration is otherwise disabled.
# #

View File

@ -256,7 +256,9 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
super().__init__(hs) super().__init__(hs)
self.hs = hs self.hs = hs
self._enabled = bool(hs.config.registration.registration_requires_token) self._enabled = bool(
hs.config.registration.registration_requires_token
) or bool(hs.config.registration.enable_registration_token_3pid_bypasss)
self.store = hs.get_datastores().main self.store = hs.get_datastores().main
def is_enabled(self) -> bool: def is_enabled(self) -> bool:

View File

@ -929,6 +929,10 @@ def _calculate_registration_flows(
# always let users provide both MSISDN & email # always let users provide both MSISDN & email
flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY]) flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY])
# Add a flow that doesn't require any 3pids, if the config requests it.
if config.registration.enable_registration_token_3pid_bypasss:
flows.append([LoginType.REGISTRATION_TOKEN])
# Prepend m.login.terms to all flows if we're requiring consent # Prepend m.login.terms to all flows if we're requiring consent
if config.consent.user_consent_at_registration: if config.consent.user_consent_at_registration:
for flow in flows: for flow in flows:
@ -942,7 +946,8 @@ def _calculate_registration_flows(
# Prepend registration token to all flows if we're requiring a token # Prepend registration token to all flows if we're requiring a token
if config.registration.registration_requires_token: if config.registration.registration_requires_token:
for flow in flows: for flow in flows:
flow.insert(0, LoginType.REGISTRATION_TOKEN) if LoginType.REGISTRATION_TOKEN not in flow:
flow.insert(0, LoginType.REGISTRATION_TOKEN)
return flows return flows