Use direct references for configuration variables (part 7). (#10959)

This commit is contained in:
Patrick Cloke 2021-10-04 07:18:54 -04:00 committed by GitHub
parent a071144a5c
commit a0f48ee89d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 83 additions and 68 deletions

1
changelog.d/10959.misc Normal file
View File

@ -0,0 +1 @@
Use direct references to config flags.

View File

@ -198,7 +198,7 @@ class AuthHandler(BaseHandler):
if inst.is_enabled(): if inst.is_enabled():
self.checkers[inst.AUTH_TYPE] = inst # type: ignore self.checkers[inst.AUTH_TYPE] = inst # type: ignore
self.bcrypt_rounds = hs.config.bcrypt_rounds self.bcrypt_rounds = hs.config.registration.bcrypt_rounds
# we can't use hs.get_module_api() here, because to do so will create an # we can't use hs.get_module_api() here, because to do so will create an
# import loop. # import loop.

View File

@ -573,9 +573,15 @@ class IdentityHandler(BaseHandler):
# Try to validate as email # Try to validate as email
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
# Remote emails will only be used if a valid identity server is provided.
assert (
self.hs.config.registration.account_threepid_delegate_email is not None
)
# Ask our delegated email identity server # Ask our delegated email identity server
validation_session = await self.threepid_from_creds( validation_session = await self.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds self.hs.config.registration.account_threepid_delegate_email,
threepid_creds,
) )
elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL: elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
# Get a validated session matching these details # Get a validated session matching these details
@ -587,10 +593,11 @@ class IdentityHandler(BaseHandler):
return validation_session return validation_session
# Try to validate as msisdn # Try to validate as msisdn
if self.hs.config.account_threepid_delegate_msisdn: if self.hs.config.registration.account_threepid_delegate_msisdn:
# Ask our delegated msisdn identity server # Ask our delegated msisdn identity server
validation_session = await self.threepid_from_creds( validation_session = await self.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds self.hs.config.registration.account_threepid_delegate_msisdn,
threepid_creds,
) )
return validation_session return validation_session

View File

@ -178,7 +178,7 @@ class ProfileHandler(BaseHandler):
if not by_admin and target_user != requester.user: if not by_admin and target_user != requester.user:
raise AuthError(400, "Cannot set another user's displayname") raise AuthError(400, "Cannot set another user's displayname")
if not by_admin and not self.hs.config.enable_set_displayname: if not by_admin and not self.hs.config.registration.enable_set_displayname:
profile = await self.store.get_profileinfo(target_user.localpart) profile = await self.store.get_profileinfo(target_user.localpart)
if profile.display_name: if profile.display_name:
raise SynapseError( raise SynapseError(
@ -268,7 +268,7 @@ class ProfileHandler(BaseHandler):
if not by_admin and target_user != requester.user: if not by_admin and target_user != requester.user:
raise AuthError(400, "Cannot set another user's avatar_url") raise AuthError(400, "Cannot set another user's avatar_url")
if not by_admin and not self.hs.config.enable_set_avatar_url: if not by_admin and not self.hs.config.registration.enable_set_avatar_url:
profile = await self.store.get_profileinfo(target_user.localpart) profile = await self.store.get_profileinfo(target_user.localpart)
if profile.avatar_url: if profile.avatar_url:
raise SynapseError( raise SynapseError(

View File

@ -116,8 +116,8 @@ class RegistrationHandler(BaseHandler):
self._register_device_client = self.register_device_inner self._register_device_client = self.register_device_inner
self.pusher_pool = hs.get_pusherpool() self.pusher_pool = hs.get_pusherpool()
self.session_lifetime = hs.config.session_lifetime self.session_lifetime = hs.config.registration.session_lifetime
self.access_token_lifetime = hs.config.access_token_lifetime self.access_token_lifetime = hs.config.registration.access_token_lifetime
init_counters_for_auth_provider("") init_counters_for_auth_provider("")
@ -343,7 +343,10 @@ class RegistrationHandler(BaseHandler):
# If the user does not need to consent at registration, auto-join any # If the user does not need to consent at registration, auto-join any
# configured rooms. # configured rooms.
if not self.hs.config.consent.user_consent_at_registration: if not self.hs.config.consent.user_consent_at_registration:
if not self.hs.config.auto_join_rooms_for_guests and make_guest: if (
not self.hs.config.registration.auto_join_rooms_for_guests
and make_guest
):
logger.info( logger.info(
"Skipping auto-join for %s because auto-join for guests is disabled", "Skipping auto-join for %s because auto-join for guests is disabled",
user_id, user_id,

View File

@ -89,7 +89,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
self.spam_checker = hs.get_spam_checker() self.spam_checker = hs.get_spam_checker()
self.third_party_event_rules = hs.get_third_party_event_rules() self.third_party_event_rules = hs.get_third_party_event_rules()
self._server_notices_mxid = self.config.servernotices.server_notices_mxid self._server_notices_mxid = self.config.servernotices.server_notices_mxid
self._enable_lookup = hs.config.enable_3pid_lookup self._enable_lookup = hs.config.registration.enable_3pid_lookup
self.allow_per_room_profiles = self.config.server.allow_per_room_profiles self.allow_per_room_profiles = self.config.server.allow_per_room_profiles
self._join_rate_limiter_local = Ratelimiter( self._join_rate_limiter_local = Ratelimiter(

View File

@ -153,21 +153,23 @@ class _BaseThreepidAuthChecker:
# msisdns are currently always ThreepidBehaviour.REMOTE # msisdns are currently always ThreepidBehaviour.REMOTE
if medium == "msisdn": if medium == "msisdn":
if not self.hs.config.account_threepid_delegate_msisdn: if not self.hs.config.registration.account_threepid_delegate_msisdn:
raise SynapseError( raise SynapseError(
400, "Phone number verification is not enabled on this homeserver" 400, "Phone number verification is not enabled on this homeserver"
) )
threepid = await identity_handler.threepid_from_creds( threepid = await identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds self.hs.config.registration.account_threepid_delegate_msisdn,
threepid_creds,
) )
elif medium == "email": elif medium == "email":
if ( if (
self.hs.config.email.threepid_behaviour_email self.hs.config.email.threepid_behaviour_email
== ThreepidBehaviour.REMOTE == ThreepidBehaviour.REMOTE
): ):
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.registration.account_threepid_delegate_email
threepid = await identity_handler.threepid_from_creds( threepid = await identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds self.hs.config.registration.account_threepid_delegate_email,
threepid_creds,
) )
elif ( elif (
self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
@ -240,7 +242,7 @@ class MsisdnAuthChecker(UserInteractiveAuthChecker, _BaseThreepidAuthChecker):
_BaseThreepidAuthChecker.__init__(self, hs) _BaseThreepidAuthChecker.__init__(self, hs)
def is_enabled(self) -> bool: def is_enabled(self) -> bool:
return bool(self.hs.config.account_threepid_delegate_msisdn) return bool(self.hs.config.registration.account_threepid_delegate_msisdn)
async def check_auth(self, authdict: dict, clientip: str) -> Any: async def check_auth(self, authdict: dict, clientip: str) -> Any:
return await self._check_threepid("msisdn", authdict) return await self._check_threepid("msisdn", authdict)
@ -252,7 +254,7 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
super().__init__(hs) super().__init__(hs)
self.hs = hs self.hs = hs
self._enabled = bool(hs.config.registration_requires_token) self._enabled = bool(hs.config.registration.registration_requires_token)
self.store = hs.get_datastore() self.store = hs.get_datastore()
def is_enabled(self) -> bool: def is_enabled(self) -> bool:

View File

@ -442,7 +442,7 @@ class UserRegisterServlet(RestServlet):
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
self._clear_old_nonces() self._clear_old_nonces()
if not self.hs.config.registration_shared_secret: if not self.hs.config.registration.registration_shared_secret:
raise SynapseError(400, "Shared secret registration is not enabled") raise SynapseError(400, "Shared secret registration is not enabled")
body = parse_json_object_from_request(request) body = parse_json_object_from_request(request)
@ -498,7 +498,7 @@ class UserRegisterServlet(RestServlet):
got_mac = body["mac"] got_mac = body["mac"]
want_mac_builder = hmac.new( want_mac_builder = hmac.new(
key=self.hs.config.registration_shared_secret.encode(), key=self.hs.config.registration.registration_shared_secret.encode(),
digestmod=hashlib.sha1, digestmod=hashlib.sha1,
) )
want_mac_builder.update(nonce.encode("utf8")) want_mac_builder.update(nonce.encode("utf8"))

View File

@ -130,11 +130,11 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND) raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.registration.account_threepid_delegate_email
# Have the configured identity server handle the request # Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken( ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email, self.hs.config.registration.account_threepid_delegate_email,
email, email,
client_secret, client_secret,
send_attempt, send_attempt,
@ -414,11 +414,11 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE) raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.registration.account_threepid_delegate_email
# Have the configured identity server handle the request # Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken( ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email, self.hs.config.registration.account_threepid_delegate_email,
email, email,
client_secret, client_secret,
send_attempt, send_attempt,
@ -496,7 +496,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE) raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)
if not self.hs.config.account_threepid_delegate_msisdn: if not self.hs.config.registration.account_threepid_delegate_msisdn:
logger.warning( logger.warning(
"No upstream msisdn account_threepid_delegate configured on the server to " "No upstream msisdn account_threepid_delegate configured on the server to "
"handle this request" "handle this request"
@ -507,7 +507,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
) )
ret = await self.identity_handler.requestMsisdnToken( ret = await self.identity_handler.requestMsisdnToken(
self.hs.config.account_threepid_delegate_msisdn, self.hs.config.registration.account_threepid_delegate_msisdn,
country, country,
phone_number, phone_number,
client_secret, client_secret,
@ -604,7 +604,7 @@ class AddThreepidMsisdnSubmitTokenServlet(RestServlet):
self.identity_handler = hs.get_identity_handler() self.identity_handler = hs.get_identity_handler()
async def on_POST(self, request: Request) -> Tuple[int, JsonDict]: async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:
if not self.config.account_threepid_delegate_msisdn: if not self.config.registration.account_threepid_delegate_msisdn:
raise SynapseError( raise SynapseError(
400, 400,
"This homeserver is not validating phone numbers. Use an identity server " "This homeserver is not validating phone numbers. Use an identity server "
@ -617,7 +617,7 @@ class AddThreepidMsisdnSubmitTokenServlet(RestServlet):
# Proxy submit_token request to msisdn threepid delegate # Proxy submit_token request to msisdn threepid delegate
response = await self.identity_handler.proxy_msisdn_submit_token( response = await self.identity_handler.proxy_msisdn_submit_token(
self.config.account_threepid_delegate_msisdn, self.config.registration.account_threepid_delegate_msisdn,
body["client_secret"], body["client_secret"],
body["sid"], body["sid"],
body["token"], body["token"],
@ -644,7 +644,7 @@ class ThreepidRestServlet(RestServlet):
return 200, {"threepids": threepids} return 200, {"threepids": threepids}
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes: if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError( raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN 400, "3PID changes are disabled on this server", Codes.FORBIDDEN
) )
@ -693,7 +693,7 @@ class ThreepidAddRestServlet(RestServlet):
@interactive_auth_handler @interactive_auth_handler
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes: if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError( raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN 400, "3PID changes are disabled on this server", Codes.FORBIDDEN
) )
@ -801,7 +801,7 @@ class ThreepidDeleteRestServlet(RestServlet):
self.auth_handler = hs.get_auth_handler() self.auth_handler = hs.get_auth_handler()
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes: if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError( raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN 400, "3PID changes are disabled on this server", Codes.FORBIDDEN
) )

View File

@ -49,8 +49,10 @@ class AuthRestServlet(RestServlet):
self.registration_handler = hs.get_registration_handler() self.registration_handler = hs.get_registration_handler()
self.recaptcha_template = hs.config.captcha.recaptcha_template self.recaptcha_template = hs.config.captcha.recaptcha_template
self.terms_template = hs.config.terms_template self.terms_template = hs.config.terms_template
self.registration_token_template = hs.config.registration_token_template self.registration_token_template = (
self.success_template = hs.config.fallback_success_template hs.config.registration.registration_token_template
)
self.success_template = hs.config.registration.fallback_success_template
async def on_GET(self, request: SynapseRequest, stagetype: str) -> None: async def on_GET(self, request: SynapseRequest, stagetype: str) -> None:
session = parse_string(request, "session") session = parse_string(request, "session")

View File

@ -64,13 +64,13 @@ class CapabilitiesRestServlet(RestServlet):
if self.config.experimental.msc3283_enabled: if self.config.experimental.msc3283_enabled:
response["capabilities"]["org.matrix.msc3283.set_displayname"] = { response["capabilities"]["org.matrix.msc3283.set_displayname"] = {
"enabled": self.config.enable_set_displayname "enabled": self.config.registration.enable_set_displayname
} }
response["capabilities"]["org.matrix.msc3283.set_avatar_url"] = { response["capabilities"]["org.matrix.msc3283.set_avatar_url"] = {
"enabled": self.config.enable_set_avatar_url "enabled": self.config.registration.enable_set_avatar_url
} }
response["capabilities"]["org.matrix.msc3283.3pid_changes"] = { response["capabilities"]["org.matrix.msc3283.3pid_changes"] = {
"enabled": self.config.enable_3pid_changes "enabled": self.config.registration.enable_3pid_changes
} }
return 200, response return 200, response

View File

@ -79,7 +79,7 @@ class LoginRestServlet(RestServlet):
self.saml2_enabled = hs.config.saml2.saml2_enabled self.saml2_enabled = hs.config.saml2.saml2_enabled
self.cas_enabled = hs.config.cas.cas_enabled self.cas_enabled = hs.config.cas.cas_enabled
self.oidc_enabled = hs.config.oidc.oidc_enabled self.oidc_enabled = hs.config.oidc.oidc_enabled
self._msc2918_enabled = hs.config.access_token_lifetime is not None self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None
self.auth = hs.get_auth() self.auth = hs.get_auth()
@ -447,7 +447,7 @@ class RefreshTokenServlet(RestServlet):
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
self._auth_handler = hs.get_auth_handler() self._auth_handler = hs.get_auth_handler()
self._clock = hs.get_clock() self._clock = hs.get_clock()
self.access_token_lifetime = hs.config.access_token_lifetime self.access_token_lifetime = hs.config.registration.access_token_lifetime
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
refresh_submission = parse_json_object_from_request(request) refresh_submission = parse_json_object_from_request(request)
@ -556,7 +556,7 @@ class CasTicketServlet(RestServlet):
def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None: def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
LoginRestServlet(hs).register(http_server) LoginRestServlet(hs).register(http_server)
if hs.config.access_token_lifetime is not None: if hs.config.registration.access_token_lifetime is not None:
RefreshTokenServlet(hs).register(http_server) RefreshTokenServlet(hs).register(http_server)
SsoRedirectServlet(hs).register(http_server) SsoRedirectServlet(hs).register(http_server)
if hs.config.cas.cas_enabled: if hs.config.cas.cas_enabled:

View File

@ -140,11 +140,11 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE) raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)
if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE: if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email assert self.hs.config.registration.account_threepid_delegate_email
# Have the configured identity server handle the request # Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken( ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email, self.hs.config.registration.account_threepid_delegate_email,
email, email,
client_secret, client_secret,
send_attempt, send_attempt,
@ -221,7 +221,7 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
400, "Phone number is already in use", Codes.THREEPID_IN_USE 400, "Phone number is already in use", Codes.THREEPID_IN_USE
) )
if not self.hs.config.account_threepid_delegate_msisdn: if not self.hs.config.registration.account_threepid_delegate_msisdn:
logger.warning( logger.warning(
"No upstream msisdn account_threepid_delegate configured on the server to " "No upstream msisdn account_threepid_delegate configured on the server to "
"handle this request" "handle this request"
@ -231,7 +231,7 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
) )
ret = await self.identity_handler.requestMsisdnToken( ret = await self.identity_handler.requestMsisdnToken(
self.hs.config.account_threepid_delegate_msisdn, self.hs.config.registration.account_threepid_delegate_msisdn,
country, country,
phone_number, phone_number,
client_secret, client_secret,
@ -341,7 +341,7 @@ class UsernameAvailabilityRestServlet(RestServlet):
) )
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]: async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_registration: if not self.hs.config.registration.enable_registration:
raise SynapseError( raise SynapseError(
403, "Registration has been disabled", errcode=Codes.FORBIDDEN 403, "Registration has been disabled", errcode=Codes.FORBIDDEN
) )
@ -391,7 +391,7 @@ class RegistrationTokenValidityRestServlet(RestServlet):
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]: async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
await self.ratelimiter.ratelimit(None, (request.getClientIP(),)) await self.ratelimiter.ratelimit(None, (request.getClientIP(),))
if not self.hs.config.enable_registration: if not self.hs.config.registration.enable_registration:
raise SynapseError( raise SynapseError(
403, "Registration has been disabled", errcode=Codes.FORBIDDEN 403, "Registration has been disabled", errcode=Codes.FORBIDDEN
) )
@ -419,8 +419,8 @@ class RegisterRestServlet(RestServlet):
self.ratelimiter = hs.get_registration_ratelimiter() self.ratelimiter = hs.get_registration_ratelimiter()
self.password_policy_handler = hs.get_password_policy_handler() self.password_policy_handler = hs.get_password_policy_handler()
self.clock = hs.get_clock() self.clock = hs.get_clock()
self._registration_enabled = self.hs.config.enable_registration self._registration_enabled = self.hs.config.registration.enable_registration
self._msc2918_enabled = hs.config.access_token_lifetime is not None self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None
self._registration_flows = _calculate_registration_flows( self._registration_flows = _calculate_registration_flows(
hs.config, self.auth_handler hs.config, self.auth_handler
@ -800,7 +800,7 @@ class RegisterRestServlet(RestServlet):
async def _do_guest_registration( async def _do_guest_registration(
self, params: JsonDict, address: Optional[str] = None self, params: JsonDict, address: Optional[str] = None
) -> Tuple[int, JsonDict]: ) -> Tuple[int, JsonDict]:
if not self.hs.config.allow_guest_access: if not self.hs.config.registration.allow_guest_access:
raise SynapseError(403, "Guest access is disabled") raise SynapseError(403, "Guest access is disabled")
user_id = await self.registration_handler.register_user( user_id = await self.registration_handler.register_user(
make_guest=True, address=address make_guest=True, address=address
@ -849,13 +849,13 @@ def _calculate_registration_flows(
""" """
# FIXME: need a better error than "no auth flow found" for scenarios # FIXME: need a better error than "no auth flow found" for scenarios
# where we required 3PID for registration but the user didn't give one # where we required 3PID for registration but the user didn't give one
require_email = "email" in config.registrations_require_3pid require_email = "email" in config.registration.registrations_require_3pid
require_msisdn = "msisdn" in config.registrations_require_3pid require_msisdn = "msisdn" in config.registration.registrations_require_3pid
show_msisdn = True show_msisdn = True
show_email = True show_email = True
if config.disable_msisdn_registration: if config.registration.disable_msisdn_registration:
show_msisdn = False show_msisdn = False
require_msisdn = False require_msisdn = False
@ -909,7 +909,7 @@ def _calculate_registration_flows(
flow.insert(0, LoginType.RECAPTCHA) flow.insert(0, LoginType.RECAPTCHA)
# Prepend registration token to all flows if we're requiring a token # Prepend registration token to all flows if we're requiring a token
if config.registration_requires_token: if config.registration.registration_requires_token:
for flow in flows: for flow in flows:
flow.insert(0, LoginType.REGISTRATION_TOKEN) flow.insert(0, LoginType.REGISTRATION_TOKEN)

View File

@ -39,9 +39,9 @@ class WellKnownBuilder:
result = {"m.homeserver": {"base_url": self._config.server.public_baseurl}} result = {"m.homeserver": {"base_url": self._config.server.public_baseurl}}
if self._config.default_identity_server: if self._config.registration.default_identity_server:
result["m.identity_server"] = { result["m.identity_server"] = {
"base_url": self._config.default_identity_server "base_url": self._config.registration.default_identity_server
} }
return result return result

View File

@ -1710,7 +1710,7 @@ class RegistrationBackgroundUpdateStore(RegistrationWorkerStore):
We do this by grandfathering in existing user threepids assuming that We do this by grandfathering in existing user threepids assuming that
they used one of the server configured trusted identity servers. they used one of the server configured trusted identity servers.
""" """
id_servers = set(self.config.trusted_third_party_id_servers) id_servers = set(self.config.registration.trusted_third_party_id_servers)
def _bg_user_threepids_grandfather_txn(txn): def _bg_user_threepids_grandfather_txn(txn):
sql = """ sql = """

View File

@ -44,8 +44,8 @@ def check_3pid_allowed(hs: "HomeServer", medium: str, address: str) -> bool:
bool: whether the 3PID medium/address is allowed to be added to this HS bool: whether the 3PID medium/address is allowed to be added to this HS
""" """
if hs.config.allowed_local_3pids: if hs.config.registration.allowed_local_3pids:
for constraint in hs.config.allowed_local_3pids: for constraint in hs.config.registration.allowed_local_3pids:
logger.debug( logger.debug(
"Checking 3PID %s (%s) against %s (%s)", "Checking 3PID %s (%s) against %s (%s)",
address, address,

View File

@ -84,16 +84,16 @@ class ConfigLoadingTestCase(unittest.TestCase):
) )
# Check that disable_registration clobbers enable_registration. # Check that disable_registration clobbers enable_registration.
config = HomeServerConfig.load_config("", ["-c", self.file]) config = HomeServerConfig.load_config("", ["-c", self.file])
self.assertFalse(config.enable_registration) self.assertFalse(config.registration.enable_registration)
config = HomeServerConfig.load_or_generate_config("", ["-c", self.file]) config = HomeServerConfig.load_or_generate_config("", ["-c", self.file])
self.assertFalse(config.enable_registration) self.assertFalse(config.registration.enable_registration)
# Check that either config value is clobbered by the command line. # Check that either config value is clobbered by the command line.
config = HomeServerConfig.load_or_generate_config( config = HomeServerConfig.load_or_generate_config(
"", ["-c", self.file, "--enable-registration"] "", ["-c", self.file, "--enable-registration"]
) )
self.assertTrue(config.enable_registration) self.assertTrue(config.registration.enable_registration)
def test_stats_enabled(self): def test_stats_enabled(self):
self.generate_config_and_remove_lines_containing("enable_metrics") self.generate_config_and_remove_lines_containing("enable_metrics")

View File

@ -110,7 +110,7 @@ class ProfileTestCase(unittest.HomeserverTestCase):
) )
def test_set_my_name_if_disabled(self): def test_set_my_name_if_disabled(self):
self.hs.config.enable_set_displayname = False self.hs.config.registration.enable_set_displayname = False
# Setting displayname for the first time is allowed # Setting displayname for the first time is allowed
self.get_success( self.get_success(
@ -225,7 +225,7 @@ class ProfileTestCase(unittest.HomeserverTestCase):
) )
def test_set_my_avatar_if_disabled(self): def test_set_my_avatar_if_disabled(self):
self.hs.config.enable_set_avatar_url = False self.hs.config.registration.enable_set_avatar_url = False
# Setting displayname for the first time is allowed # Setting displayname for the first time is allowed
self.get_success( self.get_success(

View File

@ -59,7 +59,7 @@ class UserRegisterTestCase(unittest.HomeserverTestCase):
self.hs = self.setup_test_homeserver() self.hs = self.setup_test_homeserver()
self.hs.config.registration_shared_secret = "shared" self.hs.config.registration.registration_shared_secret = "shared"
self.hs.get_media_repository = Mock() self.hs.get_media_repository = Mock()
self.hs.get_deactivate_account_handler = Mock() self.hs.get_deactivate_account_handler = Mock()
@ -71,7 +71,7 @@ class UserRegisterTestCase(unittest.HomeserverTestCase):
If there is no shared secret, registration through this method will be If there is no shared secret, registration through this method will be
prevented. prevented.
""" """
self.hs.config.registration_shared_secret = None self.hs.config.registration.registration_shared_secret = None
channel = self.make_request("POST", self.url, b"{}") channel = self.make_request("POST", self.url, b"{}")

View File

@ -664,7 +664,7 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
def test_add_email_if_disabled(self): def test_add_email_if_disabled(self):
"""Test adding email to profile when doing so is disallowed""" """Test adding email to profile when doing so is disallowed"""
self.hs.config.enable_3pid_changes = False self.hs.config.registration.enable_3pid_changes = False
client_secret = "foobar" client_secret = "foobar"
session_id = self._request_token(self.email, client_secret) session_id = self._request_token(self.email, client_secret)
@ -734,7 +734,7 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
def test_delete_email_if_disabled(self): def test_delete_email_if_disabled(self):
"""Test deleting an email from profile when disallowed""" """Test deleting an email from profile when disallowed"""
self.hs.config.enable_3pid_changes = False self.hs.config.registration.enable_3pid_changes = False
# Add a threepid # Add a threepid
self.get_success( self.get_success(

View File

@ -37,7 +37,7 @@ class IdentityTestCase(unittest.HomeserverTestCase):
return self.hs return self.hs
def test_3pid_lookup_disabled(self): def test_3pid_lookup_disabled(self):
self.hs.config.enable_3pid_lookup = False self.hs.config.registration.enable_3pid_lookup = False
self.register_user("kermit", "monkey") self.register_user("kermit", "monkey")
tok = self.login("kermit", "monkey") tok = self.login("kermit", "monkey")

View File

@ -147,7 +147,7 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
def test_POST_guest_registration(self): def test_POST_guest_registration(self):
self.hs.config.key.macaroon_secret_key = "test" self.hs.config.key.macaroon_secret_key = "test"
self.hs.config.allow_guest_access = True self.hs.config.registration.allow_guest_access = True
channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}") channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")
@ -156,7 +156,7 @@ class RegisterRestServletTestCase(unittest.HomeserverTestCase):
self.assertDictContainsSubset(det_data, channel.json_body) self.assertDictContainsSubset(det_data, channel.json_body)
def test_POST_disabled_guest_registration(self): def test_POST_disabled_guest_registration(self):
self.hs.config.allow_guest_access = False self.hs.config.registration.allow_guest_access = False
channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}") channel = self.make_request(b"POST", self.url + b"?kind=guest", b"{}")

View File

@ -560,7 +560,7 @@ class HomeserverTestCase(TestCase):
Returns: Returns:
The MXID of the new user. The MXID of the new user.
""" """
self.hs.config.registration_shared_secret = "shared" self.hs.config.registration.registration_shared_secret = "shared"
# Create the user # Create the user
channel = self.make_request("GET", "/_synapse/admin/v1/register") channel = self.make_request("GET", "/_synapse/admin/v1/register")