Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Use direct references for configuration variables (part 7). (#10959)
Browse files Browse the repository at this point in the history
  • Loading branch information
clokep authored Oct 4, 2021
1 parent a071144 commit a0f48ee
Show file tree
Hide file tree
Showing 23 changed files with 83 additions and 68 deletions.
1 change: 1 addition & 0 deletions changelog.d/10959.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Use direct references to config flags.
2 changes: 1 addition & 1 deletion synapse/handlers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ def __init__(self, hs: "HomeServer"):
if inst.is_enabled():
self.checkers[inst.AUTH_TYPE] = inst # type: ignore

self.bcrypt_rounds = hs.config.bcrypt_rounds
self.bcrypt_rounds = hs.config.registration.bcrypt_rounds

# we can't use hs.get_module_api() here, because to do so will create an
# import loop.
Expand Down
13 changes: 10 additions & 3 deletions synapse/handlers/identity.py
Original file line number Diff line number Diff line change
Expand Up @@ -573,9 +573,15 @@ async def validate_threepid_session(

# Try to validate as email
if self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
# Remote emails will only be used if a valid identity server is provided.
assert (
self.hs.config.registration.account_threepid_delegate_email is not None
)

# Ask our delegated email identity server
validation_session = await self.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds
self.hs.config.registration.account_threepid_delegate_email,
threepid_creds,
)
elif self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
# Get a validated session matching these details
Expand All @@ -587,10 +593,11 @@ async def validate_threepid_session(
return validation_session

# Try to validate as msisdn
if self.hs.config.account_threepid_delegate_msisdn:
if self.hs.config.registration.account_threepid_delegate_msisdn:
# Ask our delegated msisdn identity server
validation_session = await self.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
self.hs.config.registration.account_threepid_delegate_msisdn,
threepid_creds,
)

return validation_session
Expand Down
4 changes: 2 additions & 2 deletions synapse/handlers/profile.py
Original file line number Diff line number Diff line change
Expand Up @@ -178,7 +178,7 @@ async def set_displayname(
if not by_admin and target_user != requester.user:
raise AuthError(400, "Cannot set another user's displayname")

if not by_admin and not self.hs.config.enable_set_displayname:
if not by_admin and not self.hs.config.registration.enable_set_displayname:
profile = await self.store.get_profileinfo(target_user.localpart)
if profile.display_name:
raise SynapseError(
Expand Down Expand Up @@ -268,7 +268,7 @@ async def set_avatar_url(
if not by_admin and target_user != requester.user:
raise AuthError(400, "Cannot set another user's avatar_url")

if not by_admin and not self.hs.config.enable_set_avatar_url:
if not by_admin and not self.hs.config.registration.enable_set_avatar_url:
profile = await self.store.get_profileinfo(target_user.localpart)
if profile.avatar_url:
raise SynapseError(
Expand Down
9 changes: 6 additions & 3 deletions synapse/handlers/register.py
Original file line number Diff line number Diff line change
Expand Up @@ -116,8 +116,8 @@ def __init__(self, hs: "HomeServer"):
self._register_device_client = self.register_device_inner
self.pusher_pool = hs.get_pusherpool()

self.session_lifetime = hs.config.session_lifetime
self.access_token_lifetime = hs.config.access_token_lifetime
self.session_lifetime = hs.config.registration.session_lifetime
self.access_token_lifetime = hs.config.registration.access_token_lifetime

init_counters_for_auth_provider("")

Expand Down Expand Up @@ -343,7 +343,10 @@ async def register_user(
# If the user does not need to consent at registration, auto-join any
# configured rooms.
if not self.hs.config.consent.user_consent_at_registration:
if not self.hs.config.auto_join_rooms_for_guests and make_guest:
if (
not self.hs.config.registration.auto_join_rooms_for_guests
and make_guest
):
logger.info(
"Skipping auto-join for %s because auto-join for guests is disabled",
user_id,
Expand Down
2 changes: 1 addition & 1 deletion synapse/handlers/room_member.py
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ def __init__(self, hs: "HomeServer"):
self.spam_checker = hs.get_spam_checker()
self.third_party_event_rules = hs.get_third_party_event_rules()
self._server_notices_mxid = self.config.servernotices.server_notices_mxid
self._enable_lookup = hs.config.enable_3pid_lookup
self._enable_lookup = hs.config.registration.enable_3pid_lookup
self.allow_per_room_profiles = self.config.server.allow_per_room_profiles

self._join_rate_limiter_local = Ratelimiter(
Expand Down
14 changes: 8 additions & 6 deletions synapse/handlers/ui_auth/checkers.py
Original file line number Diff line number Diff line change
Expand Up @@ -153,21 +153,23 @@ async def _check_threepid(self, medium: str, authdict: dict) -> dict:

# msisdns are currently always ThreepidBehaviour.REMOTE
if medium == "msisdn":
if not self.hs.config.account_threepid_delegate_msisdn:
if not self.hs.config.registration.account_threepid_delegate_msisdn:
raise SynapseError(
400, "Phone number verification is not enabled on this homeserver"
)
threepid = await identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
self.hs.config.registration.account_threepid_delegate_msisdn,
threepid_creds,
)
elif medium == "email":
if (
self.hs.config.email.threepid_behaviour_email
== ThreepidBehaviour.REMOTE
):
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email
threepid = await identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds
self.hs.config.registration.account_threepid_delegate_email,
threepid_creds,
)
elif (
self.hs.config.email.threepid_behaviour_email == ThreepidBehaviour.LOCAL
Expand Down Expand Up @@ -240,7 +242,7 @@ def __init__(self, hs: "HomeServer"):
_BaseThreepidAuthChecker.__init__(self, hs)

def is_enabled(self) -> bool:
return bool(self.hs.config.account_threepid_delegate_msisdn)
return bool(self.hs.config.registration.account_threepid_delegate_msisdn)

async def check_auth(self, authdict: dict, clientip: str) -> Any:
return await self._check_threepid("msisdn", authdict)
Expand All @@ -252,7 +254,7 @@ class RegistrationTokenAuthChecker(UserInteractiveAuthChecker):
def __init__(self, hs: "HomeServer"):
super().__init__(hs)
self.hs = hs
self._enabled = bool(hs.config.registration_requires_token)
self._enabled = bool(hs.config.registration.registration_requires_token)
self.store = hs.get_datastore()

def is_enabled(self) -> bool:
Expand Down
4 changes: 2 additions & 2 deletions synapse/rest/admin/users.py
Original file line number Diff line number Diff line change
Expand Up @@ -442,7 +442,7 @@ def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
self._clear_old_nonces()

if not self.hs.config.registration_shared_secret:
if not self.hs.config.registration.registration_shared_secret:
raise SynapseError(400, "Shared secret registration is not enabled")

body = parse_json_object_from_request(request)
Expand Down Expand Up @@ -498,7 +498,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
got_mac = body["mac"]

want_mac_builder = hmac.new(
key=self.hs.config.registration_shared_secret.encode(),
key=self.hs.config.registration.registration_shared_secret.encode(),
digestmod=hashlib.sha1,
)
want_mac_builder.update(nonce.encode("utf8"))
Expand Down
22 changes: 11 additions & 11 deletions synapse/rest/client/account.py
Original file line number Diff line number Diff line change
Expand Up @@ -130,11 +130,11 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)

if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email

# Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email,
self.hs.config.registration.account_threepid_delegate_email,
email,
client_secret,
send_attempt,
Expand Down Expand Up @@ -414,11 +414,11 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)

if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email

# Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email,
self.hs.config.registration.account_threepid_delegate_email,
email,
client_secret,
send_attempt,
Expand Down Expand Up @@ -496,7 +496,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)

if not self.hs.config.account_threepid_delegate_msisdn:
if not self.hs.config.registration.account_threepid_delegate_msisdn:
logger.warning(
"No upstream msisdn account_threepid_delegate configured on the server to "
"handle this request"
Expand All @@ -507,7 +507,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
)

ret = await self.identity_handler.requestMsisdnToken(
self.hs.config.account_threepid_delegate_msisdn,
self.hs.config.registration.account_threepid_delegate_msisdn,
country,
phone_number,
client_secret,
Expand Down Expand Up @@ -604,7 +604,7 @@ def __init__(self, hs: "HomeServer"):
self.identity_handler = hs.get_identity_handler()

async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:
if not self.config.account_threepid_delegate_msisdn:
if not self.config.registration.account_threepid_delegate_msisdn:
raise SynapseError(
400,
"This homeserver is not validating phone numbers. Use an identity server "
Expand All @@ -617,7 +617,7 @@ async def on_POST(self, request: Request) -> Tuple[int, JsonDict]:

# Proxy submit_token request to msisdn threepid delegate
response = await self.identity_handler.proxy_msisdn_submit_token(
self.config.account_threepid_delegate_msisdn,
self.config.registration.account_threepid_delegate_msisdn,
body["client_secret"],
body["sid"],
body["token"],
Expand All @@ -644,7 +644,7 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
return 200, {"threepids": threepids}

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
)
Expand Down Expand Up @@ -693,7 +693,7 @@ def __init__(self, hs: "HomeServer"):

@interactive_auth_handler
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
)
Expand Down Expand Up @@ -801,7 +801,7 @@ def __init__(self, hs: "HomeServer"):
self.auth_handler = hs.get_auth_handler()

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_3pid_changes:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
)
Expand Down
6 changes: 4 additions & 2 deletions synapse/rest/client/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,10 @@ def __init__(self, hs: "HomeServer"):
self.registration_handler = hs.get_registration_handler()
self.recaptcha_template = hs.config.captcha.recaptcha_template
self.terms_template = hs.config.terms_template
self.registration_token_template = hs.config.registration_token_template
self.success_template = hs.config.fallback_success_template
self.registration_token_template = (
hs.config.registration.registration_token_template
)
self.success_template = hs.config.registration.fallback_success_template

async def on_GET(self, request: SynapseRequest, stagetype: str) -> None:
session = parse_string(request, "session")
Expand Down
6 changes: 3 additions & 3 deletions synapse/rest/client/capabilities.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,13 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

if self.config.experimental.msc3283_enabled:
response["capabilities"]["org.matrix.msc3283.set_displayname"] = {
"enabled": self.config.enable_set_displayname
"enabled": self.config.registration.enable_set_displayname
}
response["capabilities"]["org.matrix.msc3283.set_avatar_url"] = {
"enabled": self.config.enable_set_avatar_url
"enabled": self.config.registration.enable_set_avatar_url
}
response["capabilities"]["org.matrix.msc3283.3pid_changes"] = {
"enabled": self.config.enable_3pid_changes
"enabled": self.config.registration.enable_3pid_changes
}

return 200, response
Expand Down
6 changes: 3 additions & 3 deletions synapse/rest/client/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ def __init__(self, hs: "HomeServer"):
self.saml2_enabled = hs.config.saml2.saml2_enabled
self.cas_enabled = hs.config.cas.cas_enabled
self.oidc_enabled = hs.config.oidc.oidc_enabled
self._msc2918_enabled = hs.config.access_token_lifetime is not None
self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None

self.auth = hs.get_auth()

Expand Down Expand Up @@ -447,7 +447,7 @@ class RefreshTokenServlet(RestServlet):
def __init__(self, hs: "HomeServer"):
self._auth_handler = hs.get_auth_handler()
self._clock = hs.get_clock()
self.access_token_lifetime = hs.config.access_token_lifetime
self.access_token_lifetime = hs.config.registration.access_token_lifetime

async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
refresh_submission = parse_json_object_from_request(request)
Expand Down Expand Up @@ -556,7 +556,7 @@ async def on_GET(self, request: SynapseRequest) -> None:

def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
LoginRestServlet(hs).register(http_server)
if hs.config.access_token_lifetime is not None:
if hs.config.registration.access_token_lifetime is not None:
RefreshTokenServlet(hs).register(http_server)
SsoRedirectServlet(hs).register(http_server)
if hs.config.cas.cas_enabled:
Expand Down
26 changes: 13 additions & 13 deletions synapse/rest/client/register.py
Original file line number Diff line number Diff line change
Expand Up @@ -140,11 +140,11 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)

if self.config.email.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email
assert self.hs.config.registration.account_threepid_delegate_email

# Have the configured identity server handle the request
ret = await self.identity_handler.requestEmailToken(
self.hs.config.account_threepid_delegate_email,
self.hs.config.registration.account_threepid_delegate_email,
email,
client_secret,
send_attempt,
Expand Down Expand Up @@ -221,7 +221,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
400, "Phone number is already in use", Codes.THREEPID_IN_USE
)

if not self.hs.config.account_threepid_delegate_msisdn:
if not self.hs.config.registration.account_threepid_delegate_msisdn:
logger.warning(
"No upstream msisdn account_threepid_delegate configured on the server to "
"handle this request"
Expand All @@ -231,7 +231,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
)

ret = await self.identity_handler.requestMsisdnToken(
self.hs.config.account_threepid_delegate_msisdn,
self.hs.config.registration.account_threepid_delegate_msisdn,
country,
phone_number,
client_secret,
Expand Down Expand Up @@ -341,7 +341,7 @@ def __init__(self, hs: "HomeServer"):
)

async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
if not self.hs.config.enable_registration:
if not self.hs.config.registration.enable_registration:
raise SynapseError(
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
)
Expand Down Expand Up @@ -391,7 +391,7 @@ def __init__(self, hs: "HomeServer"):
async def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
await self.ratelimiter.ratelimit(None, (request.getClientIP(),))

if not self.hs.config.enable_registration:
if not self.hs.config.registration.enable_registration:
raise SynapseError(
403, "Registration has been disabled", errcode=Codes.FORBIDDEN
)
Expand Down Expand Up @@ -419,8 +419,8 @@ def __init__(self, hs: "HomeServer"):
self.ratelimiter = hs.get_registration_ratelimiter()
self.password_policy_handler = hs.get_password_policy_handler()
self.clock = hs.get_clock()
self._registration_enabled = self.hs.config.enable_registration
self._msc2918_enabled = hs.config.access_token_lifetime is not None
self._registration_enabled = self.hs.config.registration.enable_registration
self._msc2918_enabled = hs.config.registration.access_token_lifetime is not None

self._registration_flows = _calculate_registration_flows(
hs.config, self.auth_handler
Expand Down Expand Up @@ -800,7 +800,7 @@ async def _create_registration_details(
async def _do_guest_registration(
self, params: JsonDict, address: Optional[str] = None
) -> Tuple[int, JsonDict]:
if not self.hs.config.allow_guest_access:
if not self.hs.config.registration.allow_guest_access:
raise SynapseError(403, "Guest access is disabled")
user_id = await self.registration_handler.register_user(
make_guest=True, address=address
Expand Down Expand Up @@ -849,13 +849,13 @@ def _calculate_registration_flows(
"""
# FIXME: need a better error than "no auth flow found" for scenarios
# where we required 3PID for registration but the user didn't give one
require_email = "email" in config.registrations_require_3pid
require_msisdn = "msisdn" in config.registrations_require_3pid
require_email = "email" in config.registration.registrations_require_3pid
require_msisdn = "msisdn" in config.registration.registrations_require_3pid

show_msisdn = True
show_email = True

if config.disable_msisdn_registration:
if config.registration.disable_msisdn_registration:
show_msisdn = False
require_msisdn = False

Expand Down Expand Up @@ -909,7 +909,7 @@ def _calculate_registration_flows(
flow.insert(0, LoginType.RECAPTCHA)

# Prepend registration token to all flows if we're requiring a token
if config.registration_requires_token:
if config.registration.registration_requires_token:
for flow in flows:
flow.insert(0, LoginType.REGISTRATION_TOKEN)

Expand Down
Loading

0 comments on commit a0f48ee

Please sign in to comment.