Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Use direct references for configuration variables (part 7). #10959

Merged
merged 6 commits into from
Oct 4, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/10959.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Use direct references to config flags.
2 changes: 1 addition & 1 deletion synapse/handlers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ def __init__(self, hs: "HomeServer"):
if inst.is_enabled():
self.checkers[inst.AUTH_TYPE] = inst # type: ignore

self.bcrypt_rounds = hs.config.bcrypt_rounds
self.bcrypt_rounds = hs.config.registration.bcrypt_rounds

# we can't use hs.get_module_api() here, because to do so will create an
# import loop.
Expand Down
13 changes: 10 additions & 3 deletions synapse/handlers/identity.py
Original file line number Diff line number Diff line change
Expand Up @@ -573,9 +573,15 @@ async def validate_threepid_session(

# Try to validate as email
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
# Remote emails will only be used if a valid identity server is provided.
assert (
self.hs.config.registration.account_threepid_delegate_email is not None
)

# Ask our delegated email identity server
validation_session = await self.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds
self.hs.config.registration.account_threepid_delegate_email,
threepid_creds,
)
elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
# Get a validated session matching these details
Expand All @@ -587,10 +593,11 @@ async def validate_threepid_session(
return validation_session

# Try to validate as msisdn
if self.hs.config.account_threepid_delegate_msisdn:
if self.hs.config.registration.account_threepid_delegate_msisdn:
# Ask our delegated msisdn identity server
validation_session = await self.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
self.hs.config.registration.account_threepid_delegate_msisdn,
threepid_creds,
)

return validation_session
Expand Down
4 changes: 2 additions & 2 deletions synapse/handlers/profile.py
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ async def set_displayname(
if not by_admin and target_user != requester.user:
raise AuthError(400, "Cannot set another user's displayname")

if not by_admin and not self.hs.config.enable_set_displayname:
if not by_admin and not self.hs.config.registration.enable_set_displayname:
profile = await self.store.get_profileinfo(target_user.localpart)
if profile.display_name:
raise SynapseError(
Expand Down Expand Up @@ -268,7 +268,7 @@ async def set_avatar_url(
if not by_admin and target_user != requester.user:
raise AuthError(400, "Cannot set another user's avatar_url")

if not by_admin and not self.hs.config.enable_set_avatar_url:
if not by_admin and not self.hs.config.registration.enable_set_avatar_url:
profile = await self.store.get_profileinfo(target_user.localpart)
if profile.avatar_url:
raise SynapseError(
Expand Down
9 changes: 6 additions & 3 deletions synapse/handlers/register.py
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,8 @@ def __init__(self, hs: "HomeServer"):
self._register_device_client = self.register_device_inner
self.pusher_pool = hs.get_pusherpool()

self.session_lifetime = hs.config.session_lifetime
self.access_token_lifetime = hs.config.access_token_lifetime
self.session_lifetime = hs.config.registration.session_lifetime
self.access_token_lifetime = hs.config.registration.access_token_lifetime

init_counters_for_auth_provider("")

Expand Down Expand Up @@ -343,7 +343,10 @@ async def register_user(
# If the user does not need to consent at registration, auto-join any
# configured rooms.
if not self.hs.config.consent.user_consent_at_registration:
if not self.hs.config.auto_join_rooms_for_guests and make_guest:
if (
not self.hs.config.registration.auto_join_rooms_for_guests
and make_guest
):
logger.info(
"Skipping auto-join for %s because auto-join for guests is disabled",
user_id,
Expand Down
2 changes: 1 addition & 1 deletion synapse/handlers/room_member.py
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ def __init__(self, hs: "HomeServer"):
self.spam_checker = hs.get_spam_checker()
self.third_party_event_rules = hs.get_third_party_event_rules()
self._server_notices_mxid = self.config.servernotices.server_notices_mxid
self._enable_lookup = hs.config.enable_3pid_lookup
self._enable_lookup = hs.config.registration.enable_3pid_lookup
self.allow_per_room_profiles = self.config.server.allow_per_room_profiles

self._join_rate_limiter_local = Ratelimiter(
Expand Down
14 changes: 8 additions & 6 deletions synapse/handlers/ui_auth/checkers.py
Original file line number Diff line number Diff line change
Expand Up @@ -153,21 +153,23 @@ async def _check_threepid(self, medium: str, authdict: dict) -> dict:

# msisdns are currently always ThreepidBehaviour.REMOTE
if medium == "msisdn":
if not self.hs.config.account_threepid_delegate_msisdn:
if not self.hs.config.registration.account_threepid_delegate_msisdn:
raise SynapseError(
400, "Phone number verification is not enabled on this homeserver"
)
threepid = await identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
self.hs.config.registration.account_threepid_delegate_msisdn,
threepid_creds,
)
elif medium == "email":
if (
self.hs.config.email.threepid_behaviour_email
== ThreepidBehaviour.REMOTE
):
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email
threepid = await identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds
self.hs.config.registration.account_threepid_delegate_email,
threepid_creds,
)
elif (
self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
Expand Down Expand Up @@ -240,7 +242,7 @@ def __init__(self, hs: "HomeServer"):
_BaseThreepidAuthChecker.__init__(self, hs)

def is_enabled(self) -> bool:
return bool(self.hs.config.account_threepid_delegate_msisdn)
return bool(self.hs.config.registration.account_threepid_delegate_msisdn)

async def check_auth(self, authdict: dict, clientip: str) -> Any:
return await self._check_threepid("msisdn", authdict)
Expand All @@ -252,7 +254,7 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
def __init__(self, hs: "HomeServer"):
super().__init__(hs)
self.hs = hs
self._enabled = bool(hs.config.registration_requires_token)
self._enabled = bool(hs.config.registration.registration_requires_token)
self.store = hs.get_datastore()

def is_enabled(self) -> bool:
Expand Down
4 changes: 2 additions & 2 deletions synapse/rest/admin/users.py
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
self._clear_old_nonces()

if not self.hs.config.registration_shared_secret:
if not self.hs.config.registration.registration_shared_secret:
raise SynapseError(400, "Shared secret registration is not enabled")

body = parse_json_object_from_request(request)
Expand Down Expand Up @@ -498,7 +498,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
got_mac = body["mac"]

want_mac_builder = hmac.new(
key=self.hs.config.registration_shared_secret.encode(),
key=self.hs.config.registration.registration_shared_secret.encode(),
digestmod=hashlib.sha1,
)
want_mac_builder.update(nonce.encode("utf8"))
Expand Down
22 changes: 11 additions & 11 deletions synapse/rest/client/account.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,11 +130,11 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)

if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email

# Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email,
self.hs.config.registration.account_threepid_delegate_email,
email,
client_secret,
send_attempt,
Expand Down Expand Up @@ -414,11 +414,11 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)

if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email

# Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email,
self.hs.config.registration.account_threepid_delegate_email,
email,
client_secret,
send_attempt,
Expand Down Expand Up @@ -496,7 +496,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)

if not self.hs.config.account_threepid_delegate_msisdn:
if not self.hs.config.registration.account_threepid_delegate_msisdn:
logger.warning(
"No upstream msisdn account_threepid_delegate configured on the server to "
"handle this request"
Expand All @@ -507,7 +507,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
)

ret = await self.identity_handler.requestMsisdnToken(
self.hs.config.account_threepid_delegate_msisdn,
self.hs.config.registration.account_threepid_delegate_msisdn,
country,
phone_number,
client_secret,
Expand Down Expand Up @@ -604,7 +604,7 @@ def __init__(self, hs: "HomeServer"):
self.identity_handler = hs.get_identity_handler()

async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:
if not self.config.account_threepid_delegate_msisdn:
if not self.config.registration.account_threepid_delegate_msisdn:
raise SynapseError(
400,
"This homeserver is not validating phone numbers. Use an identity server "
Expand All @@ -617,7 +617,7 @@ async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:

# Proxy submit_token request to msisdn threepid delegate
response = await self.identity_handler.proxy_msisdn_submit_token(
self.config.account_threepid_delegate_msisdn,
self.config.registration.account_threepid_delegate_msisdn,
body["client_secret"],
body["sid"],
body["token"],
Expand All @@ -644,7 +644,7 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
return 200, {"threepids": threepids}

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
)
Expand Down Expand Up @@ -693,7 +693,7 @@ def __init__(self, hs: "HomeServer"):

@interactive_auth_handler
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
)
Expand Down Expand Up @@ -801,7 +801,7 @@ def __init__(self, hs: "HomeServer"):
self.auth_handler = hs.get_auth_handler()

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
)
Expand Down
6 changes: 4 additions & 2 deletions synapse/rest/client/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,10 @@ def __init__(self, hs: "HomeServer"):
self.registration_handler = hs.get_registration_handler()
self.recaptcha_template = hs.config.captcha.recaptcha_template
self.terms_template = hs.config.terms_template
self.registration_token_template = hs.config.registration_token_template
self.success_template = hs.config.fallback_success_template
self.registration_token_template = (
hs.config.registration.registration_token_template
)
self.success_template = hs.config.registration.fallback_success_template

async def on_GET(self, request: SynapseRequest, stagetype: str) -> None:
session = parse_string(request, "session")
Expand Down
6 changes: 3 additions & 3 deletions synapse/rest/client/capabilities.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,13 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

if self.config.experimental.msc3283_enabled:
response["capabilities"]["org.matrix.msc3283.set_displayname"] = {
"enabled": self.config.enable_set_displayname
"enabled": self.config.registration.enable_set_displayname
}
response["capabilities"]["org.matrix.msc3283.set_avatar_url"] = {
"enabled": self.config.enable_set_avatar_url
"enabled": self.config.registration.enable_set_avatar_url
}
response["capabilities"]["org.matrix.msc3283.3pid_changes"] = {
"enabled": self.config.enable_3pid_changes
"enabled": self.config.registration.enable_3pid_changes
}

return 200, response
Expand Down
6 changes: 3 additions & 3 deletions synapse/rest/client/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ def __init__(self, hs: "HomeServer"):
self.saml2_enabled = hs.config.saml2.saml2_enabled
self.cas_enabled = hs.config.cas.cas_enabled
self.oidc_enabled = hs.config.oidc.oidc_enabled
self._msc2918_enabled = hs.config.access_token_lifetime is not None
self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None

self.auth = hs.get_auth()

Expand Down Expand Up @@ -447,7 +447,7 @@ class RefreshTokenServlet(RestServlet):
def __init__(self, hs: "HomeServer"):
self._auth_handler = hs.get_auth_handler()
self._clock = hs.get_clock()
self.access_token_lifetime = hs.config.access_token_lifetime
self.access_token_lifetime = hs.config.registration.access_token_lifetime

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
refresh_submission = parse_json_object_from_request(request)
Expand Down Expand Up @@ -556,7 +556,7 @@ async def on_GET(self, request: SynapseRequest) -> None:

def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
LoginRestServlet(hs).register(http_server)
if hs.config.access_token_lifetime is not None:
if hs.config.registration.access_token_lifetime is not None:
RefreshTokenServlet(hs).register(http_server)
SsoRedirectServlet(hs).register(http_server)
if hs.config.cas.cas_enabled:
Expand Down
26 changes: 13 additions & 13 deletions synapse/rest/client/register.py
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,11 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)

if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email

# Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email,
self.hs.config.registration.account_threepid_delegate_email,
email,
client_secret,
send_attempt,
Expand Down Expand Up @@ -221,7 +221,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
400, "Phone number is already in use", Codes.THREEPID_IN_USE
)

if not self.hs.config.account_threepid_delegate_msisdn:
if not self.hs.config.registration.account_threepid_delegate_msisdn:
logger.warning(
"No upstream msisdn account_threepid_delegate configured on the server to "
"handle this request"
Expand All @@ -231,7 +231,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
)

ret = await self.identity_handler.requestMsisdnToken(
self.hs.config.account_threepid_delegate_msisdn,
self.hs.config.registration.account_threepid_delegate_msisdn,
country,
phone_number,
client_secret,
Expand Down Expand Up @@ -341,7 +341,7 @@ def __init__(self, hs: "HomeServer"):
)

async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_registration:
if not self.hs.config.registration.enable_registration:
raise SynapseError(
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
)
Expand Down Expand Up @@ -391,7 +391,7 @@ def __init__(self, hs: "HomeServer"):
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
await self.ratelimiter.ratelimit(None, (request.getClientIP(),))

if not self.hs.config.enable_registration:
if not self.hs.config.registration.enable_registration:
raise SynapseError(
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
)
Expand Down Expand Up @@ -419,8 +419,8 @@ def __init__(self, hs: "HomeServer"):
self.ratelimiter = hs.get_registration_ratelimiter()
self.password_policy_handler = hs.get_password_policy_handler()
self.clock = hs.get_clock()
self._registration_enabled = self.hs.config.enable_registration
self._msc2918_enabled = hs.config.access_token_lifetime is not None
self._registration_enabled = self.hs.config.registration.enable_registration
self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None

self._registration_flows = _calculate_registration_flows(
hs.config, self.auth_handler
Expand Down Expand Up @@ -800,7 +800,7 @@ async def _create_registration_details(
async def _do_guest_registration(
self, params: JsonDict, address: Optional[str] = None
) -> Tuple[int, JsonDict]:
if not self.hs.config.allow_guest_access:
if not self.hs.config.registration.allow_guest_access:
raise SynapseError(403, "Guest access is disabled")
user_id = await self.registration_handler.register_user(
make_guest=True, address=address
Expand Down Expand Up @@ -849,13 +849,13 @@ def _calculate_registration_flows(
"""
# FIXME: need a better error than "no auth flow found" for scenarios
# where we required 3PID for registration but the user didn't give one
require_email = "email" in config.registrations_require_3pid
require_msisdn = "msisdn" in config.registrations_require_3pid
require_email = "email" in config.registration.registrations_require_3pid
require_msisdn = "msisdn" in config.registration.registrations_require_3pid

show_msisdn = True
show_email = True

if config.disable_msisdn_registration:
if config.registration.disable_msisdn_registration:
show_msisdn = False
require_msisdn = False

Expand Down Expand Up @@ -909,7 +909,7 @@ def _calculate_registration_flows(
flow.insert(0, LoginType.RECAPTCHA)

# Prepend registration token to all flows if we're requiring a token
if config.registration_requires_token:
if config.registration.registration_requires_token:
for flow in flows:
flow.insert(0, LoginType.REGISTRATION_TOKEN)

Expand Down
Loading