diff --git a/clientapi/routing/key_crosssigning.go b/clientapi/routing/key_crosssigning.go index dd2d2704e1..aecb37de03 100644 --- a/clientapi/routing/key_crosssigning.go +++ b/clientapi/routing/key_crosssigning.go @@ -25,6 +25,7 @@ import ( "github.com/matrix-org/dendrite/clientapi/httputil" "github.com/matrix-org/dendrite/setup/config" "github.com/matrix-org/dendrite/userapi/api" + userapi "github.com/matrix-org/dendrite/userapi/api" "github.com/matrix-org/gomatrixserverlib/spec" "github.com/matrix-org/util" ) @@ -50,26 +51,30 @@ func UploadCrossSigningDeviceKeys( if sessionID == "" { sessionID = util.RandomString(sessionIDLength) } - if uploadReq.Auth.Type != authtypes.LoginTypePassword { - return util.JSONResponse{ - Code: http.StatusUnauthorized, - JSON: newUserInteractiveResponse( - sessionID, - []authtypes.Flow{ - { - Stages: []authtypes.LoginType{authtypes.LoginTypePassword}, + + //! GlobeKeeper Customization: If user was registered with appservice (like BridgeAS), then we allow it to upload keys without a password + if device.AccountType != userapi.AccountTypeAppService { + if uploadReq.Auth.Type != authtypes.LoginTypePassword { + return util.JSONResponse{ + Code: http.StatusUnauthorized, + JSON: newUserInteractiveResponse( + sessionID, + []authtypes.Flow{ + { + Stages: []authtypes.LoginType{authtypes.LoginTypePassword}, + }, }, - }, - nil, - ), + nil, + ), + } + } + typePassword := auth.LoginTypePassword{ + UserApi: accountAPI, + Config: cfg, + } + if _, authErr := typePassword.Login(req.Context(), &uploadReq.Auth.PasswordRequest); authErr != nil { + return *authErr } - } - typePassword := auth.LoginTypePassword{ - UserApi: accountAPI, - Config: cfg, - } - if _, authErr := typePassword.Login(req.Context(), &uploadReq.Auth.PasswordRequest); authErr != nil { - return *authErr } sessions.addCompletedSessionStage(sessionID, authtypes.LoginTypePassword) diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go index 49a0e9a03b..60d20dbe17 100644 --- a/clientapi/routing/register.go +++ b/clientapi/routing/register.go @@ -225,6 +225,9 @@ type registerRequest struct { // Application Services place Type in the root of their registration // request, whereas clients place it in the authDict struct. Type authtypes.LoginType `json:"type"` + + // GlobeKeeper custom + Email string `json:"email"` } type authDict struct { @@ -818,6 +821,21 @@ func handleApplicationServiceRegistration( return *err } + //! Custom GlobeKeeper logic to support AS registration with email (3pid) & password. + if r.Email != "" && r.Password != "" { + // If no error, application service was successfully validated. + // Don't need to worry about appending to registration stages as + // application service registration is entirely separate. + return completeRegistration( + req.Context(), userAPI, r.Username, r.ServerName, "", r.Password, appserviceID, req.RemoteAddr, req.UserAgent(), r.Auth.Session, + r.InhibitLogin, r.InitialDisplayName, r.DeviceID, userapi.AccountTypeAppService, &authtypes.ThreePID{ + Address: r.Email, + Medium: "email", + AddedAt: time.Now().Unix(), + ValidatedAt: time.Now().Unix(), + }, + ) + } // If no error, application service was successfully validated. // Don't need to worry about appending to registration stages as // application service registration is entirely separate.