|
|
@ -17,89 +17,218 @@ |
|
|
|
from twisted.internet import defer |
|
|
|
from twisted.internet import defer |
|
|
|
|
|
|
|
|
|
|
|
from synapse.api.errors import SynapseError, Codes |
|
|
|
from synapse.api.errors import SynapseError, Codes |
|
|
|
|
|
|
|
from synapse.api.constants import LoginType |
|
|
|
from base import RestServlet, client_path_pattern |
|
|
|
from base import RestServlet, client_path_pattern |
|
|
|
|
|
|
|
import synapse.util.stringutils as stringutils |
|
|
|
|
|
|
|
|
|
|
|
import json |
|
|
|
import json |
|
|
|
|
|
|
|
import logging |
|
|
|
import urllib |
|
|
|
import urllib |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class RegisterRestServlet(RestServlet): |
|
|
|
class RegisterRestServlet(RestServlet): |
|
|
|
|
|
|
|
"""Handles registration with the home server. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This servlet is in control of the registration flow; the registration |
|
|
|
|
|
|
|
handler doesn't have a concept of multi-stages or sessions. |
|
|
|
|
|
|
|
""" |
|
|
|
|
|
|
|
|
|
|
|
PATTERN = client_path_pattern("/register$") |
|
|
|
PATTERN = client_path_pattern("/register$") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def __init__(self, hs): |
|
|
|
|
|
|
|
super(RegisterRestServlet, self).__init__(hs) |
|
|
|
|
|
|
|
# sessions are stored as: |
|
|
|
|
|
|
|
# self.sessions = { |
|
|
|
|
|
|
|
# "session_id" : { __session_dict__ } |
|
|
|
|
|
|
|
# } |
|
|
|
|
|
|
|
# TODO: persistent storage |
|
|
|
|
|
|
|
self.sessions = {} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def on_GET(self, request): |
|
|
|
|
|
|
|
if self.hs.config.enable_registration_captcha: |
|
|
|
|
|
|
|
return (200, { |
|
|
|
|
|
|
|
"flows": [ |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
"type": LoginType.RECAPTCHA, |
|
|
|
|
|
|
|
"stages": ([LoginType.RECAPTCHA, |
|
|
|
|
|
|
|
LoginType.EMAIL_IDENTITY, |
|
|
|
|
|
|
|
LoginType.PASSWORD]) |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
"type": LoginType.RECAPTCHA, |
|
|
|
|
|
|
|
"stages": [LoginType.RECAPTCHA, LoginType.PASSWORD] |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
] |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
else: |
|
|
|
|
|
|
|
return (200, { |
|
|
|
|
|
|
|
"flows": [ |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
"type": LoginType.EMAIL_IDENTITY, |
|
|
|
|
|
|
|
"stages": ([LoginType.EMAIL_IDENTITY, |
|
|
|
|
|
|
|
LoginType.PASSWORD]) |
|
|
|
|
|
|
|
}, |
|
|
|
|
|
|
|
{ |
|
|
|
|
|
|
|
"type": LoginType.PASSWORD |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
] |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
|
|
@defer.inlineCallbacks |
|
|
|
@defer.inlineCallbacks |
|
|
|
def on_POST(self, request): |
|
|
|
def on_POST(self, request): |
|
|
|
desired_user_id = None |
|
|
|
register_json = _parse_json(request) |
|
|
|
password = None |
|
|
|
|
|
|
|
|
|
|
|
session = (register_json["session"] if "session" in register_json |
|
|
|
|
|
|
|
else None) |
|
|
|
|
|
|
|
login_type = None |
|
|
|
|
|
|
|
if "type" not in register_json: |
|
|
|
|
|
|
|
raise SynapseError(400, "Missing 'type' key.") |
|
|
|
|
|
|
|
|
|
|
|
try: |
|
|
|
try: |
|
|
|
register_json = json.loads(request.content.read()) |
|
|
|
login_type = register_json["type"] |
|
|
|
if "password" in register_json: |
|
|
|
stages = { |
|
|
|
password = register_json["password"].encode("utf-8") |
|
|
|
LoginType.RECAPTCHA: self._do_recaptcha, |
|
|
|
|
|
|
|
LoginType.PASSWORD: self._do_password, |
|
|
|
if type(register_json["user_id"]) == unicode: |
|
|
|
LoginType.EMAIL_IDENTITY: self._do_email_identity |
|
|
|
desired_user_id = register_json["user_id"].encode("utf-8") |
|
|
|
} |
|
|
|
if urllib.quote(desired_user_id) != desired_user_id: |
|
|
|
|
|
|
|
raise SynapseError( |
|
|
|
|
|
|
|
400, |
|
|
|
|
|
|
|
"User ID must only contain characters which do not " + |
|
|
|
|
|
|
|
"require URL encoding.") |
|
|
|
|
|
|
|
except ValueError: |
|
|
|
|
|
|
|
defer.returnValue((400, "No JSON object.")) |
|
|
|
|
|
|
|
except KeyError: |
|
|
|
|
|
|
|
pass # user_id is optional |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
threepidCreds = None |
|
|
|
session_info = self._get_session_info(request, session) |
|
|
|
if 'threepidCreds' in register_json: |
|
|
|
logger.debug("%s : session info %s request info %s", |
|
|
|
threepidCreds = register_json['threepidCreds'] |
|
|
|
login_type, session_info, register_json) |
|
|
|
|
|
|
|
response = yield stages[login_type]( |
|
|
|
captcha = {} |
|
|
|
request, |
|
|
|
if self.hs.config.enable_registration_captcha: |
|
|
|
register_json, |
|
|
|
challenge = None |
|
|
|
session_info |
|
|
|
user_response = None |
|
|
|
) |
|
|
|
try: |
|
|
|
|
|
|
|
captcha_type = register_json["captcha"]["type"] |
|
|
|
if "access_token" not in response: |
|
|
|
if captcha_type != "m.login.recaptcha": |
|
|
|
# isn't a final response |
|
|
|
raise SynapseError(400, "Sorry, only m.login.recaptcha " + |
|
|
|
response["session"] = session_info["id"] |
|
|
|
"requests are supported.") |
|
|
|
|
|
|
|
challenge = register_json["captcha"]["challenge"] |
|
|
|
defer.returnValue((200, response)) |
|
|
|
user_response = register_json["captcha"]["response"] |
|
|
|
except KeyError as e: |
|
|
|
except KeyError: |
|
|
|
logger.exception(e) |
|
|
|
raise SynapseError(400, "Captcha response is required", |
|
|
|
raise SynapseError(400, "Missing JSON keys for login type %s." % login_type) |
|
|
|
errcode=Codes.CAPTCHA_NEEDED) |
|
|
|
|
|
|
|
|
|
|
|
def on_OPTIONS(self, request): |
|
|
|
# TODO determine the source IP : May be an X-Forwarding-For header depending on config |
|
|
|
return (200, {}) |
|
|
|
ip_addr = request.getClientIP() |
|
|
|
|
|
|
|
if self.hs.config.captcha_ip_origin_is_x_forwarded: |
|
|
|
def _get_session_info(self, request, session_id): |
|
|
|
# use the header |
|
|
|
if not session_id: |
|
|
|
if request.requestHeaders.hasHeader("X-Forwarded-For"): |
|
|
|
# create a new session |
|
|
|
ip_addr = request.requestHeaders.getRawHeaders( |
|
|
|
while session_id is None or session_id in self.sessions: |
|
|
|
"X-Forwarded-For")[0] |
|
|
|
session_id = stringutils.random_string(24) |
|
|
|
|
|
|
|
self.sessions[session_id] = { |
|
|
|
captcha = { |
|
|
|
"id": session_id, |
|
|
|
"ip": ip_addr, |
|
|
|
LoginType.EMAIL_IDENTITY: False, |
|
|
|
"private_key": self.hs.config.recaptcha_private_key, |
|
|
|
LoginType.RECAPTCHA: False |
|
|
|
"challenge": challenge, |
|
|
|
|
|
|
|
"response": user_response |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
return self.sessions[session_id] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _save_session(self, session): |
|
|
|
|
|
|
|
# TODO: Persistent storage |
|
|
|
|
|
|
|
logger.debug("Saving session %s", session) |
|
|
|
|
|
|
|
self.sessions[session["id"]] = session |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _remove_session(self, session): |
|
|
|
|
|
|
|
logger.debug("Removing session %s", session) |
|
|
|
|
|
|
|
self.sessions.pop(session["id"]) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@defer.inlineCallbacks |
|
|
|
|
|
|
|
def _do_recaptcha(self, request, register_json, session): |
|
|
|
|
|
|
|
if not self.hs.config.enable_registration_captcha: |
|
|
|
|
|
|
|
raise SynapseError(400, "Captcha not required.") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
challenge = None |
|
|
|
|
|
|
|
user_response = None |
|
|
|
|
|
|
|
try: |
|
|
|
|
|
|
|
challenge = register_json["challenge"] |
|
|
|
|
|
|
|
user_response = register_json["response"] |
|
|
|
|
|
|
|
except KeyError: |
|
|
|
|
|
|
|
raise SynapseError(400, "Captcha response is required", |
|
|
|
|
|
|
|
errcode=Codes.CAPTCHA_NEEDED) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# May be an X-Forwarding-For header depending on config |
|
|
|
|
|
|
|
ip_addr = request.getClientIP() |
|
|
|
|
|
|
|
if self.hs.config.captcha_ip_origin_is_x_forwarded: |
|
|
|
|
|
|
|
# use the header |
|
|
|
|
|
|
|
if request.requestHeaders.hasHeader("X-Forwarded-For"): |
|
|
|
|
|
|
|
ip_addr = request.requestHeaders.getRawHeaders( |
|
|
|
|
|
|
|
"X-Forwarded-For")[0] |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
handler = self.handlers.registration_handler |
|
|
|
|
|
|
|
yield handler.check_recaptcha( |
|
|
|
|
|
|
|
ip_addr, |
|
|
|
|
|
|
|
self.hs.config.recaptcha_private_key, |
|
|
|
|
|
|
|
challenge, |
|
|
|
|
|
|
|
user_response |
|
|
|
|
|
|
|
) |
|
|
|
|
|
|
|
session[LoginType.RECAPTCHA] = True # mark captcha as done |
|
|
|
|
|
|
|
self._save_session(session) |
|
|
|
|
|
|
|
defer.returnValue({ |
|
|
|
|
|
|
|
"next": [LoginType.PASSWORD, LoginType.EMAIL_IDENTITY] |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@defer.inlineCallbacks |
|
|
|
|
|
|
|
def _do_email_identity(self, request, register_json, session): |
|
|
|
|
|
|
|
if (self.hs.config.enable_registration_captcha and |
|
|
|
|
|
|
|
not session[LoginType.RECAPTCHA]): |
|
|
|
|
|
|
|
raise SynapseError(400, "Captcha is required.") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
threepidCreds = register_json['threepidCreds'] |
|
|
|
|
|
|
|
handler = self.handlers.registration_handler |
|
|
|
|
|
|
|
yield handler.register_email(threepidCreds) |
|
|
|
|
|
|
|
session["threepidCreds"] = threepidCreds # store creds for next stage |
|
|
|
|
|
|
|
session[LoginType.EMAIL_IDENTITY] = True # mark email as done |
|
|
|
|
|
|
|
self._save_session(session) |
|
|
|
|
|
|
|
defer.returnValue({ |
|
|
|
|
|
|
|
"next": LoginType.PASSWORD |
|
|
|
|
|
|
|
}) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@defer.inlineCallbacks |
|
|
|
|
|
|
|
def _do_password(self, request, register_json, session): |
|
|
|
|
|
|
|
if (self.hs.config.enable_registration_captcha and |
|
|
|
|
|
|
|
not session[LoginType.RECAPTCHA]): |
|
|
|
|
|
|
|
# captcha should've been done by this stage! |
|
|
|
|
|
|
|
raise SynapseError(400, "Captcha is required.") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
password = register_json["password"].encode("utf-8") |
|
|
|
|
|
|
|
desired_user_id = (register_json["user"].encode("utf-8") if "user" |
|
|
|
|
|
|
|
in register_json else None) |
|
|
|
|
|
|
|
if desired_user_id and urllib.quote(desired_user_id) != desired_user_id: |
|
|
|
|
|
|
|
raise SynapseError( |
|
|
|
|
|
|
|
400, |
|
|
|
|
|
|
|
"User ID must only contain characters which do not " + |
|
|
|
|
|
|
|
"require URL encoding.") |
|
|
|
handler = self.handlers.registration_handler |
|
|
|
handler = self.handlers.registration_handler |
|
|
|
(user_id, token) = yield handler.register( |
|
|
|
(user_id, token) = yield handler.register( |
|
|
|
localpart=desired_user_id, |
|
|
|
localpart=desired_user_id, |
|
|
|
password=password, |
|
|
|
password=password |
|
|
|
threepidCreds=threepidCreds, |
|
|
|
) |
|
|
|
captcha_info=captcha) |
|
|
|
|
|
|
|
|
|
|
|
if session[LoginType.EMAIL_IDENTITY]: |
|
|
|
|
|
|
|
yield handler.bind_emails(user_id, session["threepidCreds"]) |
|
|
|
|
|
|
|
|
|
|
|
result = { |
|
|
|
result = { |
|
|
|
"user_id": user_id, |
|
|
|
"user_id": user_id, |
|
|
|
"access_token": token, |
|
|
|
"access_token": token, |
|
|
|
"home_server": self.hs.hostname, |
|
|
|
"home_server": self.hs.hostname, |
|
|
|
} |
|
|
|
} |
|
|
|
defer.returnValue( |
|
|
|
self._remove_session(session) |
|
|
|
(200, result) |
|
|
|
defer.returnValue(result) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def on_OPTIONS(self, request): |
|
|
|
|
|
|
|
return (200, {}) |
|
|
|
def _parse_json(request): |
|
|
|
|
|
|
|
try: |
|
|
|
|
|
|
|
content = json.loads(request.content.read()) |
|
|
|
|
|
|
|
if type(content) != dict: |
|
|
|
|
|
|
|
raise SynapseError(400, "Content must be a JSON object.") |
|
|
|
|
|
|
|
return content |
|
|
|
|
|
|
|
except ValueError: |
|
|
|
|
|
|
|
raise SynapseError(400, "Content not JSON.") |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def register_servlets(hs, http_server): |
|
|
|
def register_servlets(hs, http_server): |
|
|
|