Configure login and registration flows by client_api section not Derived

clientapi/auth/authtypes/flow.go

@@ -17,5 +17,5 @@ package authtypes
 // Flow represents one possible way that the client can authenticate a request.
 // https://matrix.org/docs/spec/client_server/r0.3.0.html#user-interactive-authentication-api
 type Flow struct {
-	Stages []LoginType `json:"stages"`
+	Stages []LoginType `json:"stages" yaml:"stages`
 }

clientapi/auth/authtypes/interactive_auth.go

@@ -0,0 +1,27 @@
+// Copyright Piotr Kozimor <piotr.kozimor@globekeeper.com>
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package authtypes
+
+type InteractiveAuth struct {
+	// Flows is a slice of flows, which represent one possible way that the client can authenticate a request.
+	// http://matrix.org/docs/spec/HEAD/client_server/r0.3.0.html#user-interactive-authentication-api
+	// As long as the generated flows only rely on config file options,
+	// we can generate them on startup and store them until needed
+	Flows []Flow `json:"flows"`
+
+	// Params that need to be returned to the client during
+	// registration in order to complete registration stages.
+	Params map[string]interface{} `json:"params"`
+}

clientapi/routing/register.go

@@ -823,7 +823,7 @@ func checkAndCompleteFlow(
 	cfg *config.ClientAPI,
 	userAPI userapi.UserInternalAPI,
 ) util.JSONResponse {
-	if checkFlowCompleted(flow, cfg.Derived.Registration.Flows) {
+	if checkFlowCompleted(flow, cfg.Registration.Flows) {
 		// This flow was completed, registration can continue
 		return completeRegistration(
 			req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(),
@@ -836,7 +836,7 @@ func checkAndCompleteFlow(
 	return util.JSONResponse{
 		Code: http.StatusUnauthorized,
 		JSON: newUserInteractiveResponse(sessionID,
-			cfg.Derived.Registration.Flows, cfg.Derived.Registration.Params),
+			cfg.Registration.Flows, cfg.Registration.Params),
 	}
 }
 

dendrite-config.yaml

@@ -140,7 +140,14 @@ client_api:
     connect: http://localhost:7771
   external_api:
     listen: http://[::]:8071
-
+  registration:
+    flows:
+      - stages:
+        - m.login.email.identity
+  login:
+    flows:
+      - stages:
+        - m.login.password
   # Prevents new users from being able to register on this homeserver, except when
   # using the registration shared secret below.
   registration_disabled: false

setup/config/config_clientapi.go

@@ -3,6 +3,8 @@ package config
 import (
 	"fmt"
 	"time"
+
+	"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
 )
 
 type ClientAPI struct {
@@ -35,6 +37,13 @@ type ClientAPI struct {
 	// TURN options
 	TURN TURN `yaml:"turn"`
 
+	// Allowable flows for registration
+	// https://spec.matrix.org/unstable/client-server-api/#get_matrixclientr0login
+	Registration authtypes.InteractiveAuth `yaml:"registration"`
+	// Allowable flows for login
+	// https://spec.matrix.org/unstable/client-server-api/#post_matrixclientr0register
+	Login authtypes.InteractiveAuth `yaml:"login"`
+
 	// Rate-limiting options
 	RateLimiting RateLimiting `yaml:"rate_limiting"`