Add new login type "m.login.terms"

This commit is contained in:
Till Faelligen 2022-02-15 14:14:39 +01:00
parent cbdbbb0839
commit 535d388ec0
2 changed files with 24 additions and 10 deletions

View file

@ -11,4 +11,5 @@ const (
LoginTypeRecaptcha = "m.login.recaptcha" LoginTypeRecaptcha = "m.login.recaptcha"
LoginTypeApplicationService = "m.login.application_service" LoginTypeApplicationService = "m.login.application_service"
LoginTypeToken = "m.login.token" LoginTypeToken = "m.login.token"
LoginTypeTerms = "m.login.terms"
) )

View file

@ -153,7 +153,7 @@ type authDict struct {
// http://matrix.org/speculator/spec/HEAD/client_server/unstable.html#user-interactive-authentication-api // http://matrix.org/speculator/spec/HEAD/client_server/unstable.html#user-interactive-authentication-api
type userInteractiveResponse struct { type userInteractiveResponse struct {
Flows []authtypes.Flow `json:"flows"` Flows []authtypes.Flow `json:"flows"`
Completed []authtypes.LoginType `json:"completed"` Completed []authtypes.LoginType `json:"completed,omitempty"`
Params map[string]interface{} `json:"params"` Params map[string]interface{} `json:"params"`
Session string `json:"session"` Session string `json:"session"`
} }
@ -629,6 +629,8 @@ func handleRegistrationFlow(
} }
switch r.Auth.Type { switch r.Auth.Type {
case authtypes.LoginTypeTerms:
AddCompletedSessionStage(sessionID, authtypes.LoginTypeTerms)
case authtypes.LoginTypeRecaptcha: case authtypes.LoginTypeRecaptcha:
// Check given captcha response // Check given captcha response
resErr := validateRecaptcha(cfg, r.Auth.Response, req.RemoteAddr) resErr := validateRecaptcha(cfg, r.Auth.Response, req.RemoteAddr)
@ -696,11 +698,16 @@ func handleApplicationServiceRegistration(
return *err return *err
} }
policyVersion := ""
if cfg.Matrix.UserConsentOptions.Enabled() {
policyVersion = cfg.Matrix.UserConsentOptions.Version
}
// If no error, application service was successfully validated. // If no error, application service was successfully validated.
// Don't need to worry about appending to registration stages as // Don't need to worry about appending to registration stages as
// application service registration is entirely separate. // application service registration is entirely separate.
return completeRegistration( return completeRegistration(
req.Context(), userAPI, r.Username, "", appserviceID, req.RemoteAddr, req.UserAgent(), req.Context(), userAPI, r.Username, "", appserviceID, req.RemoteAddr, req.UserAgent(), policyVersion,
r.InhibitLogin, r.InitialDisplayName, r.DeviceID, r.InhibitLogin, r.InitialDisplayName, r.DeviceID,
) )
} }
@ -717,9 +724,14 @@ func checkAndCompleteFlow(
userAPI userapi.UserInternalAPI, userAPI userapi.UserInternalAPI,
) util.JSONResponse { ) util.JSONResponse {
if checkFlowCompleted(flow, cfg.Derived.Registration.Flows) { if checkFlowCompleted(flow, cfg.Derived.Registration.Flows) {
policyVersion := ""
if cfg.Matrix.UserConsentOptions.Enabled() {
policyVersion = cfg.Matrix.UserConsentOptions.Version
}
// This flow was completed, registration can continue // This flow was completed, registration can continue
return completeRegistration( return completeRegistration(
req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(), req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(), policyVersion,
r.InhibitLogin, r.InitialDisplayName, r.DeviceID, r.InhibitLogin, r.InitialDisplayName, r.DeviceID,
) )
} }
@ -742,7 +754,7 @@ func checkAndCompleteFlow(
func completeRegistration( func completeRegistration(
ctx context.Context, ctx context.Context,
userAPI userapi.UserInternalAPI, userAPI userapi.UserInternalAPI,
username, password, appserviceID, ipAddr, userAgent string, username, password, appserviceID, ipAddr, userAgent, policyVersion string,
inhibitLogin eventutil.WeakBoolean, inhibitLogin eventutil.WeakBoolean,
displayName, deviceID *string, displayName, deviceID *string,
) util.JSONResponse { ) util.JSONResponse {
@ -767,6 +779,7 @@ func completeRegistration(
Password: password, Password: password,
AccountType: userapi.AccountTypeUser, AccountType: userapi.AccountTypeUser,
OnConflict: userapi.ConflictAbort, OnConflict: userapi.ConflictAbort,
PolicyVersion: policyVersion,
}, &accRes) }, &accRes)
if err != nil { if err != nil {
if _, ok := err.(*userapi.ErrorConflict); ok { // user already exists if _, ok := err.(*userapi.ErrorConflict); ok { // user already exists
@ -963,5 +976,5 @@ func handleSharedSecretRegistration(userAPI userapi.UserInternalAPI, sr *SharedS
return *resErr return *resErr
} }
deviceID := "shared_secret_registration" deviceID := "shared_secret_registration"
return completeRegistration(req.Context(), userAPI, ssrr.User, ssrr.Password, "", req.RemoteAddr, req.UserAgent(), false, &ssrr.User, &deviceID) return completeRegistration(req.Context(), userAPI, ssrr.User, ssrr.Password, "", req.RemoteAddr, req.UserAgent(), "", false, &ssrr.User, &deviceID)
} }