improvement: registration token now only works when registration is enabled
This commit is contained in:
parent
34e0e710cb
commit
1fb5bcf98f
5 changed files with 45 additions and 21 deletions
|
@ -41,7 +41,7 @@ allow_registration = true
|
||||||
# A static registration token that new users will have to provide when creating
|
# A static registration token that new users will have to provide when creating
|
||||||
# an account. YOU NEED TO EDIT THIS.
|
# an account. YOU NEED TO EDIT THIS.
|
||||||
# - Insert a password that users will have to enter on registration
|
# - Insert a password that users will have to enter on registration
|
||||||
# - Comment out the line to remove the condition
|
# - Start the line with '#' to remove the condition
|
||||||
registration_token = ""
|
registration_token = ""
|
||||||
|
|
||||||
allow_federation = true
|
allow_federation = true
|
||||||
|
|
13
debian/postinst
vendored
13
debian/postinst
vendored
|
@ -72,9 +72,22 @@ max_request_size = 20_000_000 # in bytes
|
||||||
# Enables registration. If set to false, no users can register on this server.
|
# Enables registration. If set to false, no users can register on this server.
|
||||||
allow_registration = true
|
allow_registration = true
|
||||||
|
|
||||||
|
# A static registration token that new users will have to provide when creating
|
||||||
|
# an account.
|
||||||
|
# - Insert a password that users will have to enter on registration
|
||||||
|
# - Start the line with '#' to remove the condition
|
||||||
|
#registration_token = ""
|
||||||
|
|
||||||
allow_federation = true
|
allow_federation = true
|
||||||
allow_check_for_updates = true
|
allow_check_for_updates = true
|
||||||
|
|
||||||
|
# Enable the display name lightning bolt on registration.
|
||||||
|
enable_lightning_bolt = true
|
||||||
|
|
||||||
|
# Servers listed here will be used to gather public keys of other servers.
|
||||||
|
# Generally, copying this exactly should be enough. (Currently, Conduit doesn't
|
||||||
|
# support batched key requests, so this list should only contain Synapse
|
||||||
|
# servers.)
|
||||||
trusted_servers = ["matrix.org"]
|
trusted_servers = ["matrix.org"]
|
||||||
|
|
||||||
#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
|
#max_concurrent_requests = 100 # How many requests Conduit sends to other servers at the same time
|
||||||
|
|
|
@ -28,6 +28,7 @@ services:
|
||||||
CONDUIT_PORT: 6167
|
CONDUIT_PORT: 6167
|
||||||
CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
|
CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
|
||||||
CONDUIT_ALLOW_REGISTRATION: 'true'
|
CONDUIT_ALLOW_REGISTRATION: 'true'
|
||||||
|
#CONDUIT_REGISTRATION_TOKEN: '' # require password for registration
|
||||||
CONDUIT_ALLOW_FEDERATION: 'true'
|
CONDUIT_ALLOW_FEDERATION: 'true'
|
||||||
CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
|
CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
|
||||||
CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
|
CONDUIT_TRUSTED_SERVERS: '["matrix.org"]'
|
||||||
|
|
|
@ -31,14 +31,13 @@ services:
|
||||||
### Uncomment and change values as desired
|
### Uncomment and change values as desired
|
||||||
# CONDUIT_ADDRESS: 0.0.0.0
|
# CONDUIT_ADDRESS: 0.0.0.0
|
||||||
# CONDUIT_PORT: 6167
|
# CONDUIT_PORT: 6167
|
||||||
|
# CONDUIT_REGISTRATION_TOKEN: '' # require password for registration
|
||||||
# CONDUIT_CONFIG: '/srv/conduit/conduit.toml' # if you want to configure purely by env vars, set this to an empty string ''
|
# CONDUIT_CONFIG: '/srv/conduit/conduit.toml' # if you want to configure purely by env vars, set this to an empty string ''
|
||||||
# Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
|
# Available levels are: error, warn, info, debug, trace - more info at: https://docs.rs/env_logger/*/env_logger/#enabling-logging
|
||||||
# CONDUIT_ALLOW_JAEGER: 'false'
|
|
||||||
# CONDUIT_ALLOW_ENCRYPTION: 'true'
|
# CONDUIT_ALLOW_ENCRYPTION: 'true'
|
||||||
# CONDUIT_ALLOW_FEDERATION: 'true'
|
# CONDUIT_ALLOW_FEDERATION: 'true'
|
||||||
# CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
|
# CONDUIT_ALLOW_CHECK_FOR_UPDATES: 'true'
|
||||||
# CONDUIT_DATABASE_PATH: /srv/conduit/.local/share/conduit
|
# CONDUIT_DATABASE_PATH: /srv/conduit/.local/share/conduit
|
||||||
# CONDUIT_WORKERS: 10
|
|
||||||
# CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
|
# CONDUIT_MAX_REQUEST_SIZE: 20_000_000 # in bytes, ~20 MB
|
||||||
|
|
||||||
# We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
|
# We need some way to server the client and server .well-known json. The simplest way is to use a nginx container
|
||||||
|
|
|
@ -74,10 +74,7 @@ pub async fn get_register_available_route(
|
||||||
/// - Creates a new account and populates it with default account data
|
/// - Creates a new account and populates it with default account data
|
||||||
/// - If `inhibit_login` is false: Creates a device and returns device id and access_token
|
/// - If `inhibit_login` is false: Creates a device and returns device id and access_token
|
||||||
pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<register::v3::Response> {
|
pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<register::v3::Response> {
|
||||||
if !services().globals.allow_registration()
|
if !services().globals.allow_registration() && !body.from_appservice {
|
||||||
&& !body.from_appservice
|
|
||||||
&& services().globals.config.registration_token.is_none()
|
|
||||||
{
|
|
||||||
return Err(Error::BadRequest(
|
return Err(Error::BadRequest(
|
||||||
ErrorKind::Forbidden,
|
ErrorKind::Forbidden,
|
||||||
"Registration has been disabled.",
|
"Registration has been disabled.",
|
||||||
|
@ -122,21 +119,35 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
|
||||||
};
|
};
|
||||||
|
|
||||||
// UIAA
|
// UIAA
|
||||||
let mut uiaainfo = UiaaInfo {
|
let mut uiaainfo;
|
||||||
flows: vec![AuthFlow {
|
let skip_auth;
|
||||||
stages: if services().globals.config.registration_token.is_some() {
|
if services().globals.config.registration_token.is_some() {
|
||||||
vec![AuthType::RegistrationToken]
|
// Registration token required
|
||||||
} else {
|
uiaainfo = UiaaInfo {
|
||||||
vec![AuthType::Dummy]
|
flows: vec![AuthFlow {
|
||||||
},
|
stages: vec![AuthType::RegistrationToken],
|
||||||
}],
|
}],
|
||||||
completed: Vec::new(),
|
completed: Vec::new(),
|
||||||
params: Default::default(),
|
params: Default::default(),
|
||||||
session: None,
|
session: None,
|
||||||
auth_error: None,
|
auth_error: None,
|
||||||
};
|
};
|
||||||
|
skip_auth = body.from_appservice;
|
||||||
|
} else {
|
||||||
|
// No registration token necessary, but clients must still go through the flow
|
||||||
|
uiaainfo = UiaaInfo {
|
||||||
|
flows: vec![AuthFlow {
|
||||||
|
stages: vec![AuthType::Dummy],
|
||||||
|
}],
|
||||||
|
completed: Vec::new(),
|
||||||
|
params: Default::default(),
|
||||||
|
session: None,
|
||||||
|
auth_error: None,
|
||||||
|
};
|
||||||
|
skip_auth = body.from_appservice || is_guest;
|
||||||
|
}
|
||||||
|
|
||||||
if !body.from_appservice && !is_guest {
|
if !skip_auth {
|
||||||
if let Some(auth) = &body.auth {
|
if let Some(auth) = &body.auth {
|
||||||
let (worked, uiaainfo) = services().uiaa.try_auth(
|
let (worked, uiaainfo) = services().uiaa.try_auth(
|
||||||
&UserId::parse_with_server_name("", services().globals.server_name())
|
&UserId::parse_with_server_name("", services().globals.server_name())
|
||||||
|
|
Loading…
Add table
Reference in a new issue