Skip to content
This repository has been archived by the owner on Mar 26, 2024. It is now read-only.

Commit

Permalink
Stop accepting 'user' parameter for application service registration. (
Browse files Browse the repository at this point in the history
…matrix-org#15928)

This is unspecced, but has existed for a very long time.
  • Loading branch information
clokep authored and Fizzadar committed Aug 31, 2023
1 parent 1fe1e80 commit 532ec25
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 8 deletions.
1 change: 1 addition & 0 deletions changelog.d/15928.removal
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove support for calling the `/register` endpoint with an unspecced `user` property for application services.
10 changes: 10 additions & 0 deletions docs/upgrade.md
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,16 @@ process, for example:
dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb
```
# Upgrading to v1.89.0
## Removal of unspecced `user` property for `/register`
Application services can no longer call `/register` with a `user` property to create new users.
The standard `username` property should be used instead. See the
[Application Service specification](https://spec.matrix.org/v1.7/application-service-api/#server-admin-style-permissions)
for more information.
# Upgrading to v1.88.0
## Minimum supported Python version
Expand Down
12 changes: 4 additions & 8 deletions synapse/rest/client/register.py
Original file line number Diff line number Diff line change
Expand Up @@ -463,9 +463,9 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
# the auth layer will store these in sessions.
desired_username = None
if "username" in body:
if not isinstance(body["username"], str) or len(body["username"]) > 512:
raise SynapseError(400, "Invalid username")
desired_username = body["username"]
if not isinstance(desired_username, str) or len(desired_username) > 512:
raise SynapseError(400, "Invalid username")

# fork off as soon as possible for ASes which have completely
# different registration flows to normal users
Expand All @@ -478,19 +478,15 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
"Appservice token must be provided when using a type of m.login.application_service",
)

# Set the desired user according to the AS API (which uses the
# 'user' key not 'username'). Since this is a new addition, we'll
# fallback to 'username' if they gave one.
desired_username = body.get("user", desired_username)

# XXX we should check that desired_username is valid. Currently
# we give appservices carte blanche for any insanity in mxids,
# because the IRC bridges rely on being able to register stupid
# IDs.

access_token = self.auth.get_access_token_from_request(request)

if not isinstance(desired_username, str):
# Desired username is either a string or None.
if desired_username is None:
raise SynapseError(400, "Desired Username is missing or not a string")

result = await self._do_appservice_registration(
Expand Down

0 comments on commit 532ec25

Please sign in to comment.