Merge pull request #83 from globekeeper/daniel/password-support-as-registration

🏗️ Allow saving password and threepid info on application service reg…
2025-12-06 06:23:10 -06:00 · 2024-01-26 00:54:04 +02:00 · 2024-01-26 00:54:04 +02:00 · 0aaf18172c
parent 7e16873f2f 733ad9a5a3
commit 0aaf18172c
2 changed files with 41 additions and 18 deletions
--- a/clientapi/routing/key_crosssigning.go
+++ b/clientapi/routing/key_crosssigning.go
@ -25,6 +25,7 @@ import (
 	"github.com/matrix-org/dendrite/clientapi/httputil"
 	"github.com/matrix-org/dendrite/setup/config"
 	"github.com/matrix-org/dendrite/userapi/api"
+	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib/spec"
 	"github.com/matrix-org/util"
 )
@ -50,26 +51,30 @@ func UploadCrossSigningDeviceKeys(
 	if sessionID == "" {
 		sessionID = util.RandomString(sessionIDLength)
 	}
-	if uploadReq.Auth.Type != authtypes.LoginTypePassword {
-		return util.JSONResponse{
-			Code: http.StatusUnauthorized,
-			JSON: newUserInteractiveResponse(
-				sessionID,
-				[]authtypes.Flow{
-					{
-						Stages: []authtypes.LoginType{authtypes.LoginTypePassword},
+
+	//! GlobeKeeper Customization: If user was registered with appservice (like BridgeAS), then we allow it to upload keys without a password
+	if device.AccountType != userapi.AccountTypeAppService {
+		if uploadReq.Auth.Type != authtypes.LoginTypePassword {
+			return util.JSONResponse{
+				Code: http.StatusUnauthorized,
+				JSON: newUserInteractiveResponse(
+					sessionID,
+					[]authtypes.Flow{
+						{
+							Stages: []authtypes.LoginType{authtypes.LoginTypePassword},
+						},
 					},
-				},
-				nil,
-			),
+					nil,
+				),
+			}
+		}
+		typePassword := auth.LoginTypePassword{
+			UserApi: accountAPI,
+			Config:  cfg,
+		}
+		if _, authErr := typePassword.Login(req.Context(), &uploadReq.Auth.PasswordRequest); authErr != nil {
+			return *authErr
 		}
-	}
-	typePassword := auth.LoginTypePassword{
-		UserApi: accountAPI,
-		Config:  cfg,
-	}
-	if _, authErr := typePassword.Login(req.Context(), &uploadReq.Auth.PasswordRequest); authErr != nil {
-		return *authErr
 	}
 	sessions.addCompletedSessionStage(sessionID, authtypes.LoginTypePassword)

--- a/clientapi/routing/register.go
+++ b/clientapi/routing/register.go
@ -225,6 +225,9 @@ type registerRequest struct {
 	// Application Services place Type in the root of their registration
 	// request, whereas clients place it in the authDict struct.
 	Type authtypes.LoginType `json:"type"`
+
+	// GlobeKeeper custom
+	Email string `json:"email"`
 }

 type authDict struct {
@ -818,6 +821,21 @@ func handleApplicationServiceRegistration(
 		return *err
 	}

+	//! Custom GlobeKeeper logic to support AS registration with email (3pid) & password.
+	if r.Email != "" && r.Password != "" {
+		// If no error, application service was successfully validated.
+		// Don't need to worry about appending to registration stages as
+		// application service registration is entirely separate.
+		return completeRegistration(
+			req.Context(), userAPI, r.Username, r.ServerName, "", r.Password, appserviceID, req.RemoteAddr, req.UserAgent(), r.Auth.Session,
+			r.InhibitLogin, r.InitialDisplayName, r.DeviceID, userapi.AccountTypeAppService, &authtypes.ThreePID{
+				Address:     r.Email,
+				Medium:      "email",
+				AddedAt:     time.Now().Unix(),
+				ValidatedAt: time.Now().Unix(),
+			},
+		)
+	}
 	// If no error, application service was successfully validated.
 	// Don't need to worry about appending to registration stages as
 	// application service registration is entirely separate.