This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a module callback to set username at registration (#11790)
This is in the context of mainlining the Tchap fork of Synapse. Currently in Tchap usernames are derived from the user's email address (extracted from the UIA results, more specifically the m.login.email.identity step). This change also exports the check_username method from the registration handler as part of the module API, so that a module can check if the username it's trying to generate is correct and doesn't conflict with an existing one, and fallback gracefully if not. Co-authored-by: David Robertson <[email protected]>
- Loading branch information
1 parent
42905ed
commit 3d78b3a
Showing
6 changed files
with
230 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Add a module callback to set username at registration. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -105,6 +105,68 @@ device ID), and the (now deactivated) access token. | |
|
||
If multiple modules implement this callback, Synapse runs them all in order. | ||
|
||
### `get_username_for_registration` | ||
|
||
_First introduced in Synapse v1.52.0_ | ||
|
||
```python | ||
async def get_username_for_registration( | ||
uia_results: Dict[str, Any], | ||
params: Dict[str, Any], | ||
) -> Optional[str] | ||
``` | ||
|
||
Called when registering a new user. The module can return a username to set for the user | ||
being registered by returning it as a string, or `None` if it doesn't wish to force a | ||
username for this user. If a username is returned, it will be used as the local part of a | ||
user's full Matrix ID (e.g. it's `alice` in `@alice:example.com`). | ||
|
||
This callback is called once [User-Interactive Authentication](https://spec.matrix.org/latest/client-server-api/#user-interactive-authentication-api) | ||
has been completed by the user. It is not called when registering a user via SSO. It is | ||
passed two dictionaries, which include the information that the user has provided during | ||
the registration process. | ||
|
||
The first dictionary contains the results of the [User-Interactive Authentication](https://spec.matrix.org/latest/client-server-api/#user-interactive-authentication-api) | ||
flow followed by the user. Its keys are the identifiers of every step involved in the flow, | ||
associated with either a boolean value indicating whether the step was correctly completed, | ||
or additional information (e.g. email address, phone number...). A list of most existing | ||
identifiers can be found in the [Matrix specification](https://spec.matrix.org/v1.1/client-server-api/#authentication-types). | ||
Here's an example featuring all currently supported keys: | ||
|
||
```python | ||
{ | ||
"m.login.dummy": True, # Dummy authentication | ||
"m.login.terms": True, # User has accepted the terms of service for the homeserver | ||
"m.login.recaptcha": True, # User has completed the recaptcha challenge | ||
"m.login.email.identity": { # User has provided and verified an email address | ||
"medium": "email", | ||
"address": "[email protected]", | ||
"validated_at": 1642701357084, | ||
}, | ||
"m.login.msisdn": { # User has provided and verified a phone number | ||
"medium": "msisdn", | ||
"address": "33123456789", | ||
"validated_at": 1642701357084, | ||
}, | ||
"org.matrix.msc3231.login.registration_token": "sometoken", # User has registered through the flow described in MSC3231 | ||
} | ||
``` | ||
|
||
The second dictionary contains the parameters provided by the user's client in the request | ||
to `/_matrix/client/v3/register`. See the [Matrix specification](https://spec.matrix.org/latest/client-server-api/#post_matrixclientv3register) | ||
for a complete list of these parameters. | ||
|
||
If the module cannot, or does not wish to, generate a username for this user, it must | ||
return `None`. | ||
|
||
If multiple modules implement this callback, they will be considered in order. If a | ||
callback returns `None`, Synapse falls through to the next one. The value of the first | ||
callback that does not return `None` will be used. If this happens, Synapse will not call | ||
any of the subsequent implementations of this callback. If every callback return `None`, | ||
the username provided by the user is used, if any (otherwise one is automatically | ||
generated). | ||
|
||
|
||
## Example | ||
|
||
The example module below implements authentication checkers for two different login types: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters