Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Add option to enable token registration without requiring 3pids (#12526)
Browse files Browse the repository at this point in the history
  • Loading branch information
Half-Shot authored Apr 27, 2022
1 parent b76f1a4 commit e8d1ec0
Show file tree
Hide file tree
Showing 5 changed files with 25 additions and 2 deletions.
1 change: 1 addition & 0 deletions changelog.d/12526.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Add new `enable_registration_token_3pid_bypass` configuration option to allow registrations via token as an alternative to verifying a 3pid.
6 changes: 6 additions & 0 deletions docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1323,6 +1323,12 @@ oembed:
#
#registration_requires_token: true

# Allow users to submit a token during registration to bypass any required 3pid
# steps configured in `registrations_require_3pid`.
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
#
#enable_registration_token_3pid_bypass: false

# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
Expand Down
9 changes: 9 additions & 0 deletions synapse/config/registration.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.registration_requires_token = config.get(
"registration_requires_token", False
)
self.enable_registration_token_3pid_bypasss = config.get(
"enable_registration_token_3pid_bypasss", False
)
self.registration_shared_secret = config.get("registration_shared_secret")

self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
Expand Down Expand Up @@ -309,6 +312,12 @@ def generate_config_section(
#
#registration_requires_token: true
# Allow users to submit a token during registration to bypass any required 3pid
# steps configured in `registrations_require_3pid`.
# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow.
#
#enable_registration_token_3pid_bypass: false
# If set, allows registration of standard or admin accounts by anyone who
# has the shared secret, even if registration is otherwise disabled.
#
Expand Down
4 changes: 3 additions & 1 deletion synapse/handlers/ui_auth/checkers.py
Original file line number Diff line number Diff line change
Expand Up @@ -256,7 +256,9 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
def __init__(self, hs: "HomeServer"):
super().__init__(hs)
self.hs = hs
self._enabled = bool(hs.config.registration.registration_requires_token)
self._enabled = bool(
hs.config.registration.registration_requires_token
) or bool(hs.config.registration.enable_registration_token_3pid_bypasss)
self.store = hs.get_datastores().main

def is_enabled(self) -> bool:
Expand Down
7 changes: 6 additions & 1 deletion synapse/rest/client/register.py
Original file line number Diff line number Diff line change
Expand Up @@ -929,6 +929,10 @@ def _calculate_registration_flows(
# always let users provide both MSISDN & email
flows.append([LoginType.MSISDN, LoginType.EMAIL_IDENTITY])

# Add a flow that doesn't require any 3pids, if the config requests it.
if config.registration.enable_registration_token_3pid_bypasss:
flows.append([LoginType.REGISTRATION_TOKEN])

# Prepend m.login.terms to all flows if we're requiring consent
if config.consent.user_consent_at_registration:
for flow in flows:
Expand All @@ -942,7 +946,8 @@ def _calculate_registration_flows(
# Prepend registration token to all flows if we're requiring a token
if config.registration.registration_requires_token:
for flow in flows:
flow.insert(0, LoginType.REGISTRATION_TOKEN)
if LoginType.REGISTRATION_TOKEN not in flow:
flow.insert(0, LoginType.REGISTRATION_TOKEN)

return flows

Expand Down

0 comments on commit e8d1ec0

Please sign in to comment.