diff --git a/clientapi/auth/authtypes/flow.go b/clientapi/auth/authtypes/flow.go index d5766fcc2..1e5278ed9 100644 --- a/clientapi/auth/authtypes/flow.go +++ b/clientapi/auth/authtypes/flow.go @@ -17,5 +17,5 @@ package authtypes // Flow represents one possible way that the client can authenticate a request. // https://matrix.org/docs/spec/client_server/r0.3.0.html#user-interactive-authentication-api type Flow struct { - Stages []LoginType `json:"stages"` + Stages []LoginType `json:"stages" yaml:"stages` } diff --git a/clientapi/auth/authtypes/interactive_auth.go b/clientapi/auth/authtypes/interactive_auth.go new file mode 100644 index 000000000..29f47117a --- /dev/null +++ b/clientapi/auth/authtypes/interactive_auth.go @@ -0,0 +1,27 @@ +// Copyright Piotr Kozimor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package authtypes + +type InteractiveAuth struct { + // Flows is a slice of flows, which represent one possible way that the client can authenticate a request. + // http://matrix.org/docs/spec/HEAD/client_server/r0.3.0.html#user-interactive-authentication-api + // As long as the generated flows only rely on config file options, + // we can generate them on startup and store them until needed + Flows []Flow `json:"flows"` + + // Params that need to be returned to the client during + // registration in order to complete registration stages. + Params map[string]interface{} `json:"params"` +} diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go index cd5dd6502..7bbda78f8 100644 --- a/clientapi/routing/register.go +++ b/clientapi/routing/register.go @@ -823,7 +823,7 @@ func checkAndCompleteFlow( cfg *config.ClientAPI, userAPI userapi.UserInternalAPI, ) util.JSONResponse { - if checkFlowCompleted(flow, cfg.Derived.Registration.Flows) { + if checkFlowCompleted(flow, cfg.Registration.Flows) { // This flow was completed, registration can continue return completeRegistration( req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(), @@ -836,7 +836,7 @@ func checkAndCompleteFlow( return util.JSONResponse{ Code: http.StatusUnauthorized, JSON: newUserInteractiveResponse(sessionID, - cfg.Derived.Registration.Flows, cfg.Derived.Registration.Params), + cfg.Registration.Flows, cfg.Registration.Params), } } diff --git a/dendrite-config.yaml b/dendrite-config.yaml index 0ea584aa9..2521e7faa 100644 --- a/dendrite-config.yaml +++ b/dendrite-config.yaml @@ -140,7 +140,14 @@ client_api: connect: http://localhost:7771 external_api: listen: http://[::]:8071 - + registration: + flows: + - stages: + - m.login.email.identity + login: + flows: + - stages: + - m.login.password # Prevents new users from being able to register on this homeserver, except when # using the registration shared secret below. registration_disabled: false diff --git a/setup/config/config_clientapi.go b/setup/config/config_clientapi.go index c7cb9c33e..9341d5081 100644 --- a/setup/config/config_clientapi.go +++ b/setup/config/config_clientapi.go @@ -3,6 +3,8 @@ package config import ( "fmt" "time" + + "github.com/matrix-org/dendrite/clientapi/auth/authtypes" ) type ClientAPI struct { @@ -35,6 +37,13 @@ type ClientAPI struct { // TURN options TURN TURN `yaml:"turn"` + // Allowable flows for registration + // https://spec.matrix.org/unstable/client-server-api/#get_matrixclientr0login + Registration authtypes.InteractiveAuth `yaml:"registration"` + // Allowable flows for login + // https://spec.matrix.org/unstable/client-server-api/#post_matrixclientr0register + Login authtypes.InteractiveAuth `yaml:"login"` + // Rate-limiting options RateLimiting RateLimiting `yaml:"rate_limiting"`