Should return error if we didn't find an Application Service, not the
other way around. Reported by @APWhitehat
Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>
When a user registered on a homeserver with no application services
registered, registration would check if the meta-regexp object matched
the proposed user's new username.
Apparently "" is a regex that matches everything, so every user was
then barred from registering as they were supposedly registering inside
an AS' exclusive namespace.
This change prevents that check from happening by setting the exclusive
regex to ^$ instead, preventing any matches from occurring.
We also prevent the check for exclusivity if there are no namespaces
registered for performance.
Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>
* Add ability for App Services to register users
AS Tokens are pulled from their respective configs, which are then
checked against when an AS tries to register using
m.login.application_service. If the token exists and the new username is
within their specified namespace, then the user is created as a
password-less user.
Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>
* Validate loaded Application Services
* Ensure no two app services have the same token or ID
* Check namespaces are valid regex
* Ensure users can't register inside an exclusive app service namespace
* Ensure exclusive app service namespaces are exclusive with each other
* Precompile application service namespace regexes so we don't need to
do so every time a user is registered
Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>
* Add base component
* Convert clientapi to using base component
* Convert federationapi to using base component
* Convert federationsender to using base component
* Convert mediaapi to using base component
* Convert publicroomsapi to using base component
* Convert roomserver to using base component
* Convert syncapi to using base component
* Convert monolith to using base component
* Split out config parsing and roomserver API creation
When registering a new user using POST `/_matrix/client/r0/register`, the server was returning a 500 error when user name was already taken.
I added a check in `completeRegistration` to verify if the username is available before inserting it, and return a 400 `M_USER_IN_USE` error if there is a conflict, as [defined in matrix-doc](https://matrix.org/speculator/spec/HEAD/client_server/unstable.html#post-matrix-client-r0-register)
Signed-off-by: Thibaut CHARLES cromfr@gmail.com
* Refactor registration to align with the spec
* We now keep track of sessions and their completed registration stages.
* We only complete registration if the client has completed a full flow.
* New Derived section in config for data derived from config options.
* New config options for captcha.
* Send params back to client for each registration stage.
Signed-off-by: Andrew Morgan (https://amorgan.xyz) <andrew@amorgan.xyz>
* Bump gomatrixserverlib
Mostly because I want to use Erik's go-faster jsoning.
* Update KeyDB for new KeyFetcher API
we now need to implement FetcherName.
* Attempt to fix integ tests
CanonicalJSON doesn't like the empty string, apparently, and anyway
canonicalising it is pointless.
* More integ test fix
* Implement query to get state and auth chain
* Add routing for queryStateAndAuthChain
* Comments
* Fix fetching wrong set of events
* Add tests
* Shuffle and comment
* Fix /sync when we have no events
We used a since token of 0 to mean that no token was given. However, naffka
streams start at 0. This causes clients to get stuck spinning forever until an
event is sent.
This changes it so that we pass around pointers instead, with nil meaning a
since token wasn't given.
* Comment
* Fix unit tests
* Comments
* Fix typo
* Add room alias query endpoint
* Try to fix indentation problems
* Fix linting errors and use of httpReq.FormValue
Signed-off-by: Ross Schulman <ross@rbs.io>
* Run gofmt
* Check for empty alias parameter and fix route URL
Signed-off-by: Ross Schulman <ross@rbs.io>
* Fix some linting errors
Signed-off-by: Ross Schulman <ross@rbs.io>
* Delete extra copy of directory route
* bump gomatrixserverlib
(changes to KeyFetcher and KeyDatabase interfaces)
* Store keys rather than json in the keydatabase
Rather than storing the raw JSON returned from a /keys/v1/query call in the
table, store the key itself.
This makes keydb.Database implement the updated KeyDatabase interface.