mirror of
https://github.com/matrix-org/dendrite.git
synced 2026-01-01 11:13:12 -06:00
Allow stored session parameters to be overwritten in the registration request
This commit is contained in:
Neil Alexander
parent
08d995d809
commit
e458d677f6
|
|
@ -31,6 +31,7 @@ import (
|
|||
|
||||
"github.com/matrix-org/dendrite/internal/eventutil"
|
||||
"github.com/matrix-org/dendrite/setup/config"
|
||||
"github.com/tidwall/gjson"
|
||||
|
||||
"github.com/matrix-org/gomatrixserverlib"
|
||||
"github.com/matrix-org/gomatrixserverlib/tokens"
|
||||
|
|
@ -40,7 +41,6 @@ import (
|
|||
|
||||
"github.com/matrix-org/dendrite/clientapi/auth"
|
||||
"github.com/matrix-org/dendrite/clientapi/auth/authtypes"
|
||||
"github.com/matrix-org/dendrite/clientapi/httputil"
|
||||
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
||||
"github.com/matrix-org/dendrite/clientapi/userutil"
|
||||
userapi "github.com/matrix-org/dendrite/userapi/api"
|
||||
|
|
@ -525,21 +525,40 @@ func Register(
|
|||
userAPI userapi.UserRegisterAPI,
|
||||
cfg *config.ClientAPI,
|
||||
) util.JSONResponse {
|
||||
reqBody, err := ioutil.ReadAll(req.Body)
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: jsonerror.BadJSON("Unable to read request body"),
|
||||
}
|
||||
}
|
||||
|
||||
var r registerRequest
|
||||
resErr := httputil.UnmarshalJSONRequest(req, &r)
|
||||
if resErr != nil {
|
||||
return *resErr
|
||||
sessionID := gjson.GetBytes(reqBody, "auth.session").String()
|
||||
if sessionID == "" {
|
||||
// Generate a new, random session ID
|
||||
sessionID = util.RandomString(sessionIDLength)
|
||||
} else if data, ok := sessions.getParams(sessionID); ok {
|
||||
// Use the parameters from the session as our defaults.
|
||||
// Some of these might end up being overwritten if the
|
||||
// values are specified again in the request body.
|
||||
r.Username = data.Username
|
||||
r.Password = data.Password
|
||||
r.DeviceID = data.DeviceID
|
||||
r.InitialDisplayName = data.InitialDisplayName
|
||||
r.InhibitLogin = data.InhibitLogin
|
||||
}
|
||||
if resErr := json.Unmarshal(reqBody, &r); resErr != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: jsonerror.BadJSON("Request body contains invalid JSON"),
|
||||
}
|
||||
}
|
||||
if req.URL.Query().Get("kind") == "guest" {
|
||||
return handleGuestRegistration(req, r, cfg, userAPI)
|
||||
}
|
||||
|
||||
// Retrieve or generate the sessionID
|
||||
sessionID := r.Auth.Session
|
||||
if sessionID == "" {
|
||||
// Generate a new, random session ID
|
||||
sessionID = util.RandomString(sessionIDLength)
|
||||
}
|
||||
|
||||
// Don't allow numeric usernames less than MAX_INT64.
|
||||
if _, err := strconv.ParseInt(r.Username, 10, 64); err == nil {
|
||||
|
|
@ -568,7 +587,7 @@ func Register(
|
|||
case r.Type == authtypes.LoginTypeApplicationService && accessTokenErr == nil:
|
||||
// Spec-compliant case (the access_token is specified and the login type
|
||||
// is correctly set, so it's an appservice registration)
|
||||
if resErr = validateApplicationServiceUsername(r.Username); resErr != nil {
|
||||
if resErr := validateApplicationServiceUsername(r.Username); resErr != nil {
|
||||
return *resErr
|
||||
}
|
||||
case accessTokenErr == nil:
|
||||
|
|
@ -581,11 +600,11 @@ func Register(
|
|||
default:
|
||||
// Spec-compliant case (neither the access_token nor the login type are
|
||||
// specified, so it's a normal user registration)
|
||||
if resErr = validateUsername(r.Username); resErr != nil {
|
||||
if resErr := validateUsername(r.Username); resErr != nil {
|
||||
return *resErr
|
||||
}
|
||||
}
|
||||
if resErr = validatePassword(r.Password); resErr != nil {
|
||||
if resErr := validatePassword(r.Password); resErr != nil {
|
||||
return *resErr
|
||||
}
|
||||
|
||||
|
|
@ -596,7 +615,12 @@ func Register(
|
|||
"session_id": r.Auth.Session,
|
||||
}).Info("Processing registration request")
|
||||
|
||||
return handleRegistrationFlow(req, r, sessionID, cfg, userAPI, accessToken, accessTokenErr)
|
||||
fmt.Printf("Request: %+v\n", r)
|
||||
|
||||
res := handleRegistrationFlow(req, r, sessionID, cfg, userAPI, accessToken, accessTokenErr)
|
||||
fmt.Printf("Response: %+v\n", res)
|
||||
|
||||
return res
|
||||
}
|
||||
|
||||
func handleGuestRegistration(
|
||||
|
|
@ -835,24 +859,17 @@ func completeRegistration(
|
|||
}
|
||||
}()
|
||||
|
||||
if data, ok := sessions.getParams(sessionID); ok {
|
||||
username = data.Username
|
||||
password = data.Password
|
||||
deviceID = data.DeviceID
|
||||
displayName = data.InitialDisplayName
|
||||
inhibitLogin = data.InhibitLogin
|
||||
}
|
||||
if username == "" {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: jsonerror.BadJSON("missing username"),
|
||||
JSON: jsonerror.MissingArgument("Missing username"),
|
||||
}
|
||||
}
|
||||
// Blank passwords are only allowed by registered application services
|
||||
if password == "" && appserviceID == "" {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusBadRequest,
|
||||
JSON: jsonerror.BadJSON("missing password"),
|
||||
JSON: jsonerror.MissingArgument("Missing password"),
|
||||
}
|
||||
}
|
||||
var accRes userapi.PerformAccountCreationResponse
|
||||
|
|
|
|||
Loading…
Reference in a new issue