Merge branch 'registration_appservice_token_check' into 'next'

fix: reject /register requests when there is no token and the type is appservice

Closes #430

See merge request famedly/conduit!609
This commit is contained in:
Timo Kösters 2024-03-31 09:42:21 +00:00
commit 71546a9fb7
2 changed files with 11 additions and 3 deletions

View file

@ -3,7 +3,8 @@ use crate::{api::client_server, services, utils, Error, Result, Ruma};
use ruma::{
api::client::{
account::{
change_password, deactivate, get_3pids, get_username_availability, register,
change_password, deactivate, get_3pids, get_username_availability,
register::{self, LoginType},
request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn,
whoami, ThirdPartyIdRemovalStatus,
},
@ -84,6 +85,13 @@ pub async fn register_route(body: Ruma<register::v3::Request>) -> Result<registe
));
}
if body.body.login_type == Some(LoginType::ApplicationService) && !body.from_appservice {
return Err(Error::BadRequest(
ErrorKind::MissingToken,
"Missing appservice token.",
));
}
let is_guest = body.kind == RegistrationKind::Guest;
let user_id = match (&body.username, is_guest) {

View file

@ -118,8 +118,8 @@ pub async fn login_route(body: Ruma<login::v3::Request>) -> Result<login::v3::Re
}) => {
if !body.from_appservice {
return Err(Error::BadRequest(
ErrorKind::Forbidden,
"Forbidden login type.",
ErrorKind::MissingToken,
"Missing appservice token.",
));
};
if let Some(UserIdentifier::UserIdOrLocalpart(user_id)) = identifier {