Incorporate Dave's work for GDPR login flows

As per https://github.com/vector-im/riot-web/issues/7168#issuecomment-419996117
2018-09-27 14:53:58 -06:00 · 2018-09-27 14:53:58 -06:00 · fd99787162
parent 8935ec5a93
commit fd99787162
4 changed files with 40 additions and 0 deletions
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@ -51,6 +51,7 @@ class LoginType(object):
    EMAIL_IDENTITY = u"m.login.email.identity"
    MSISDN = u"m.login.msisdn"
    RECAPTCHA = u"m.login.recaptcha"
+    TERMS = u"m.login.terms"
    DUMMY = u"m.login.dummy"

    # Only for C/S API v1
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -59,6 +59,7 @@ class AuthHandler(BaseHandler):
            LoginType.EMAIL_IDENTITY: self._check_email_identity,
            LoginType.MSISDN: self._check_msisdn,
            LoginType.DUMMY: self._check_dummy_auth,
+            LoginType.TERMS: self._check_terms_auth,
        }
        self.bcrypt_rounds = hs.config.bcrypt_rounds

@ -431,6 +432,9 @@ class AuthHandler(BaseHandler):
    def _check_dummy_auth(self, authdict, _):
        return defer.succeed(True)

+    def _check_terms_auth(self, authdict, _):
+        return defer.succeed(True)
+
    @defer.inlineCallbacks
    def _check_threepid(self, medium, authdict):
        if 'threepid_creds' not in authdict:
--- a/synapse/rest/client/v2_alpha/auth.py
+++ b/synapse/rest/client/v2_alpha/auth.py
@ -130,6 +130,26 @@ class AuthRestServlet(RestServlet):
            request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
            request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))

+            request.write(html_bytes)
+            finish_request(request)
+            defer.returnValue(None)
+        elif stagetype == LoginType.TERMS:
+            session = request.args['session'][0]
+            authdict = {
+                'session': session,
+            }
+            success = yield self.auth_handler.add_oob_auth(
+                LoginType.TERMS,
+                authdict,
+                self.hs.get_ip_from_request(request)
+            )
+
+            html = "<html><body>hai</body></html>"
+            html_bytes = html.encode("utf8")
+            request.setResponseCode(200)
+            request.setHeader(b"Content-Type", b"text/html; charset=utf-8")
+            request.setHeader(b"Content-Length", b"%d" % (len(html_bytes),))
+
            request.write(html_bytes)
            finish_request(request)
            defer.returnValue(None)
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@ -359,6 +359,21 @@ class RegisterRestServlet(RestServlet):
                    [LoginType.MSISDN, LoginType.EMAIL_IDENTITY]
                ])

+        if self.hs.config.block_events_without_consent_error is not None:
+            new_flows = []
+            for flow in flows:
+                # To only allow registration if completing GDPR auth,
+                # making clients that don't support it use fallback auth.
+                #flow.append(LoginType.TERMS)
+
+                # or to duplicate all the flows above with the GDPR flow on the
+                # end so clients that support it can use it but clients that don't
+                # continue to consent via the DM from server notices bot.
+                new_flows.extend([
+                    flow + [LoginType.TERMS]
+                ])
+            flows.extend(new_flows)
+
        auth_result, params, session_id = yield self.auth_handler.check_auth(
            flows, body, self.hs.get_ip_from_request(request)
        )