From 99005d6a91bbd64628fd8e30bef6f3c22db7e131 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Tue, 17 Jul 2018 08:39:49 -0700 Subject: [PATCH] Allow appservices to register without a login type (#529) * Allow appservices to register without a logintype Signed-off-by: Andrew Morgan * Reduce cyclomatic complexity on Register function * Fix some grammar --- .../dendrite/clientapi/routing/register.go | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/src/github.com/matrix-org/dendrite/clientapi/routing/register.go b/src/github.com/matrix-org/dendrite/clientapi/routing/register.go index 3e3a7c4c6..b546385e9 100644 --- a/src/github.com/matrix-org/dendrite/clientapi/routing/register.go +++ b/src/github.com/matrix-org/dendrite/clientapi/routing/register.go @@ -415,6 +415,22 @@ func validateApplicationService( return matchedApplicationService.ID, nil } +// authTypeIsValid checks the registration authentication type of the request +// and returns true or false depending on whether the auth type is valid +func authTypeIsValid(authType *authtypes.LoginType, req *http.Request) bool { + // If no auth type is specified by the client, send back the list of available flows + if *authType == "" && req.URL.Query().Get("access_token") != "" { + // Assume this is an application service registering a user if an empty login + // type was provided alongside an access token + *authType = authtypes.LoginTypeApplicationService + } else if *authType == "" { + // Not an access token, and no login type. Send back the flows + return false + } + + return true +} + // Register processes a /register request. // http://matrix.org/speculator/spec/HEAD/client_server/unstable.html#post-matrix-client-unstable-register func Register( @@ -454,8 +470,9 @@ func Register( r.Username = strconv.FormatInt(id, 10) } - // If no auth type is specified by the client, send back the list of available flows - if r.Auth.Type == "" { + // Check r.Auth.Type is correct for the client requesting (handles application + // services requesting without an auth type) + if !authTypeIsValid(&r.Auth.Type, req) { return util.JSONResponse{ Code: http.StatusUnauthorized, JSON: newUserInteractiveResponse(sessionID, @@ -475,7 +492,7 @@ func Register( // Make sure normal user isn't registering under an exclusive application // service namespace. Skip this check if no app services are registered. - if r.Auth.Type != "m.login.application_service" && + if r.Auth.Type != authtypes.LoginTypeApplicationService && len(cfg.Derived.ApplicationServices) != 0 && UsernameMatchesExclusiveNamespaces(cfg, r.Username) { return util.JSONResponse{