From 76a9fc771ddcd34b22c14fba60e0fdf21f172002 Mon Sep 17 00:00:00 2001 From: Kegan Dougal Date: Thu, 8 Apr 2021 17:40:37 +0100 Subject: [PATCH] Remove legacy register endpoint We only support `/r0` CS API paths, not `/v1`. --- clientapi/routing/register.go | 79 ----------------------------------- clientapi/routing/routing.go | 8 ---- 2 files changed, 87 deletions(-) diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go index 8e5a6b9b1..3d301add5 100644 --- a/clientapi/routing/register.go +++ b/clientapi/routing/register.go @@ -757,85 +757,6 @@ func checkAndCompleteFlow( } } -// LegacyRegister process register requests from the legacy v1 API -func LegacyRegister( - req *http.Request, - userAPI userapi.UserInternalAPI, - cfg *config.ClientAPI, -) util.JSONResponse { - var r legacyRegisterRequest - resErr := parseAndValidateLegacyLogin(req, &r) - if resErr != nil { - return *resErr - } - - logger := util.GetLogger(req.Context()) - logger.WithFields(log.Fields{ - "username": r.Username, - "auth.type": r.Type, - }).Info("Processing registration request") - - if cfg.RegistrationDisabled && r.Type != authtypes.LoginTypeSharedSecret { - return util.MessageResponse(http.StatusForbidden, "Registration has been disabled") - } - - switch r.Type { - case authtypes.LoginTypeSharedSecret: - if cfg.RegistrationSharedSecret == "" { - return util.MessageResponse(http.StatusBadRequest, "Shared secret registration is disabled") - } - - valid, err := isValidMacLogin(cfg, r.Username, r.Password, r.Admin, r.Mac) - if err != nil { - util.GetLogger(req.Context()).WithError(err).Error("isValidMacLogin failed") - return jsonerror.InternalServerError() - } - - if !valid { - return util.MessageResponse(http.StatusForbidden, "HMAC incorrect") - } - - return completeRegistration(req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(), false, nil, nil) - case authtypes.LoginTypeDummy: - // there is nothing to do - return completeRegistration(req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(), false, nil, nil) - default: - return util.JSONResponse{ - Code: http.StatusNotImplemented, - JSON: jsonerror.Unknown("unknown/unimplemented auth type"), - } - } -} - -// parseAndValidateLegacyLogin parses the request into r and checks that the -// request is valid (e.g. valid user names, etc) -func parseAndValidateLegacyLogin(req *http.Request, r *legacyRegisterRequest) *util.JSONResponse { - resErr := httputil.UnmarshalJSONRequest(req, &r) - if resErr != nil { - return resErr - } - - // Squash username to all lowercase letters - r.Username = strings.ToLower(r.Username) - - if resErr = validateUsername(r.Username); resErr != nil { - return resErr - } - if resErr = validatePassword(r.Password); resErr != nil { - return resErr - } - - // All registration requests must specify what auth they are using to perform this request - if r.Type == "" { - return &util.JSONResponse{ - Code: http.StatusBadRequest, - JSON: jsonerror.BadJSON("invalid type"), - } - } - - return nil -} - // completeRegistration runs some rudimentary checks against the submitted // input, then if successful creates an account and a newly associated device // We pass in each individual part of the request here instead of just passing a diff --git a/clientapi/routing/routing.go b/clientapi/routing/routing.go index 5d4f90a45..9f980e0a9 100644 --- a/clientapi/routing/routing.go +++ b/clientapi/routing/routing.go @@ -89,7 +89,6 @@ func Setup( ).Methods(http.MethodGet, http.MethodOptions) r0mux := publicAPIMux.PathPrefix("/r0").Subrouter() - v1mux := publicAPIMux.PathPrefix("/api/v1").Subrouter() unstableMux := publicAPIMux.PathPrefix("/unstable").Subrouter() r0mux.Handle("/createRoom", @@ -306,13 +305,6 @@ func Setup( return Register(req, userAPI, accountDB, cfg) })).Methods(http.MethodPost, http.MethodOptions) - v1mux.Handle("/register", httputil.MakeExternalAPI("register", func(req *http.Request) util.JSONResponse { - if r := rateLimits.rateLimit(req); r != nil { - return *r - } - return LegacyRegister(req, userAPI, cfg) - })).Methods(http.MethodPost, http.MethodOptions) - r0mux.Handle("/register/available", httputil.MakeExternalAPI("registerAvailable", func(req *http.Request) util.JSONResponse { if r := rateLimits.rateLimit(req); r != nil { return *r