Allow admin to register a new user #5742
Conversation
|
hrm, what do other ppl on the dev team think about this? In particular:
@awesome-manuel: note that the admin api endpoints are documented at https://github.com/matrix-org/synapse/blob/master/docs/admin_api/ so as part of this change, that documentation will need updating. |
|
@richvdh also note that the checks in |
awesome-manuel
force-pushed
the
admin_registration
branch
3 times, most recently
from
0bc34d5 to
fb56022
Compare
There was a problem hiding this comment.
@awesome-manuel: thanks for this. I think our position on this is:
-
removing support for shared-secret registration from
/client/r0/registeris fine, but needs calling out as a specific point in the changelog (so it needs a.removalfile inchangelog.d). Ideally it would be a separate PR, but I won't insist on that. -
We'd rather support for registration-as-admin ended up on a separate REST endpoint in
/adminto shared-secret-registration.
|
@richvdh any suggestion how this new endpoint should be called? |
|
I suggest something like |
awesome-manuel
force-pushed
the
admin_registration
branch
2 times, most recently
from
1c332b2 to
a7e735f
Compare
awesome-manuel
force-pushed
the
admin_registration
branch
3 times, most recently
from
ec46859 to
5e9bb20
Compare
What do you think of a POST on |
Sure, that could work. |
awesome-manuel
force-pushed
the
admin_registration
branch
from
5e9bb20 to
d8df620
Compare
This parameter was used to test if the homeserver belongs to this user_id. Now the requesting user is tested instead. Not sure if this is required, since the request must be an admin anyway.
Signed-off-by: Manuel Stahl <[email protected]>
awesome-manuel
force-pushed
the
admin_registration
branch
from
d8df620 to
356bf57
Compare
|
Partly fixes #2522, but should be done in a separate PR. |
| @@ -52,25 +52,98 @@ | |||
|
|
|||
|
|
|||
| class UsersRestServlet(RestServlet): | |||
| PATTERNS = historical_admin_path_patterns("/users/(?P<user_id>[^/]*)") | |||
| PATTERNS = historical_admin_path_patterns("/users") | |||
There was a problem hiding this comment.
Hrm. Can you make this continue to accept (but ignore) a /user_id, for compatibility with applications which have hacked around the existing broken API?
|
|
||
| if not self.hs.is_mine(target_user): | ||
| raise SynapseError(400, "Can only users a local user") | ||
| if not self.hs.is_mine(requester.user): |
There was a problem hiding this comment.
This is redundant. The requester is a local user by definition.
|
|
||
| body = parse_json_object_from_request(request) | ||
|
|
||
| if "username" not in body: |
There was a problem hiding this comment.
Consider assert_params_in_dict here (https://github.com/matrix-org/synapse/blob/master/synapse/http/servlet.py#L258)
| @@ -1,3 +1,60 @@ | |||
| Create Account | |||
There was a problem hiding this comment.
could you document the response format?
| } | ||
|
|
||
| returns: | ||
| 200 OK with empty object if success otherwise an error. |
There was a problem hiding this comment.
shouldn't be an empty object afaict. (Indeed, your test even asserts that.)
| user_type=user_type, | ||
| ) | ||
|
|
||
| result = yield register._create_registration_details(user_id, body) |
There was a problem hiding this comment.
this will issue an access token for the user, which I'm not sure is the right thing to do. (even if you do want to end up with an access token for the new user, I think that might be better served via a different API per #6054).
In short, I don't think you need to call _create_registration_details here, which is good since it's meant to be a private method and instantiating a RegisterRestServlet here is ugly.
|
|
||
| register = RegisterRestServlet(self.hs) | ||
|
|
||
| user_id = yield register.registration_handler.register_user( |
There was a problem hiding this comment.
there are better ways of getting hold of the registration_handler than via the RegisterRestServlet. Just stick
self.registration_handler = hs.get_registration_handler() in the constructor.
This implements #5741.
Pull Request Checklist