From 8299da590542a982437ad9dd30115d23c3d9d075 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Fri, 18 Nov 2022 13:24:02 +0000 Subject: [PATCH] Fix registration for virtual hosting --- clientapi/auth/login_test.go | 9 +++- clientapi/auth/user_interactive_test.go | 4 +- clientapi/routing/register.go | 52 ++++++++++++++---- clientapi/userutil/userutil_test.go | 16 ++++-- federationapi/routing/keys.go | 17 +----- go.mod | 4 +- go.sum | 16 +----- setup/config/config.go | 2 +- setup/config/config_global.go | 72 ++++++++++++++----------- userapi/userapi_test.go | 4 +- 10 files changed, 113 insertions(+), 83 deletions(-) diff --git a/clientapi/auth/login_test.go b/clientapi/auth/login_test.go index 5085f0170..b79c573aa 100644 --- a/clientapi/auth/login_test.go +++ b/clientapi/auth/login_test.go @@ -24,6 +24,7 @@ import ( "github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/setup/config" uapi "github.com/matrix-org/dendrite/userapi/api" + "github.com/matrix-org/gomatrixserverlib" "github.com/matrix-org/util" ) @@ -66,7 +67,9 @@ func TestLoginFromJSONReader(t *testing.T) { var userAPI fakeUserInternalAPI cfg := &config.ClientAPI{ Matrix: &config.Global{ - ServerName: serverName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: serverName, + }, }, } login, cleanup, err := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg) @@ -144,7 +147,9 @@ func TestBadLoginFromJSONReader(t *testing.T) { var userAPI fakeUserInternalAPI cfg := &config.ClientAPI{ Matrix: &config.Global{ - ServerName: serverName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: serverName, + }, }, } _, cleanup, errRes := LoginFromJSONReader(ctx, strings.NewReader(tst.Body), &userAPI, &userAPI, cfg) diff --git a/clientapi/auth/user_interactive_test.go b/clientapi/auth/user_interactive_test.go index 001b1a6d4..5d97b31ce 100644 --- a/clientapi/auth/user_interactive_test.go +++ b/clientapi/auth/user_interactive_test.go @@ -47,7 +47,9 @@ func (d *fakeAccountDatabase) QueryAccountByPassword(ctx context.Context, req *a func setup() *UserInteractive { cfg := &config.ClientAPI{ Matrix: &config.Global{ - ServerName: serverName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: serverName, + }, }, } return NewUserInteractive(&fakeAccountDatabase{}, cfg) diff --git a/clientapi/routing/register.go b/clientapi/routing/register.go index a92513b8b..801000f61 100644 --- a/clientapi/routing/register.go +++ b/clientapi/routing/register.go @@ -551,6 +551,12 @@ func Register( } var r registerRequest + host := gomatrixserverlib.ServerName(req.Host) + if v := cfg.Matrix.VirtualHostForHTTPHost(host); v != nil { + r.ServerName = v.ServerName + } else { + r.ServerName = cfg.Matrix.ServerName + } sessionID := gjson.GetBytes(reqBody, "auth.session").String() if sessionID == "" { // Generate a new, random session ID @@ -560,6 +566,7 @@ func Register( // Some of these might end up being overwritten if the // values are specified again in the request body. r.Username = data.Username + r.ServerName = data.ServerName r.Password = data.Password r.DeviceID = data.DeviceID r.InitialDisplayName = data.InitialDisplayName @@ -575,7 +582,6 @@ func Register( if resErr := httputil.UnmarshalJSON(reqBody, &r); resErr != nil { return *resErr } - r.ServerName = cfg.Matrix.ServerName if l, d, err := cfg.Matrix.SplitLocalID('@', r.Username); err == nil { r.Username, r.ServerName = l, d } @@ -650,16 +656,25 @@ func handleGuestRegistration( cfg *config.ClientAPI, userAPI userapi.ClientUserAPI, ) util.JSONResponse { - if cfg.RegistrationDisabled || cfg.GuestsDisabled { + registrationEnabled := !cfg.RegistrationDisabled + guestsEnabled := !cfg.GuestsDisabled + if v := cfg.Matrix.VirtualHost(r.ServerName); v != nil { + registrationEnabled, guestsEnabled = v.RegistrationAllowed() + } + + if !registrationEnabled || !guestsEnabled { return util.JSONResponse{ Code: http.StatusForbidden, - JSON: jsonerror.Forbidden("Guest registration is disabled"), + JSON: jsonerror.Forbidden( + fmt.Sprintf("Guest registration is disabled on %q", r.ServerName), + ), } } var res userapi.PerformAccountCreationResponse err := userAPI.PerformAccountCreation(req.Context(), &userapi.PerformAccountCreationRequest{ AccountType: userapi.AccountTypeGuest, + ServerName: r.ServerName, }, &res) if err != nil { return util.JSONResponse{ @@ -736,10 +751,16 @@ func handleRegistrationFlow( ) } - if cfg.RegistrationDisabled && r.Auth.Type != authtypes.LoginTypeSharedSecret { + registrationEnabled := !cfg.RegistrationDisabled + if v := cfg.Matrix.VirtualHost(r.ServerName); v != nil { + registrationEnabled, _ = v.RegistrationAllowed() + } + if !registrationEnabled && r.Auth.Type != authtypes.LoginTypeSharedSecret { return util.JSONResponse{ Code: http.StatusForbidden, - JSON: jsonerror.Forbidden("Registration is disabled"), + JSON: jsonerror.Forbidden( + fmt.Sprintf("Registration is disabled on %q", r.ServerName), + ), } } @@ -827,8 +848,9 @@ func handleApplicationServiceRegistration( // Don't need to worry about appending to registration stages as // application service registration is entirely separate. return completeRegistration( - req.Context(), userAPI, r.Username, "", appserviceID, req.RemoteAddr, req.UserAgent(), r.Auth.Session, - r.InhibitLogin, r.InitialDisplayName, r.DeviceID, userapi.AccountTypeAppService, + req.Context(), userAPI, r.Username, r.ServerName, "", appserviceID, req.RemoteAddr, + req.UserAgent(), r.Auth.Session, r.InhibitLogin, r.InitialDisplayName, r.DeviceID, + userapi.AccountTypeAppService, ) } @@ -846,8 +868,9 @@ func checkAndCompleteFlow( if checkFlowCompleted(flow, cfg.Derived.Registration.Flows) { // This flow was completed, registration can continue return completeRegistration( - req.Context(), userAPI, r.Username, r.Password, "", req.RemoteAddr, req.UserAgent(), sessionID, - r.InhibitLogin, r.InitialDisplayName, r.DeviceID, userapi.AccountTypeUser, + req.Context(), userAPI, r.Username, r.ServerName, r.Password, "", req.RemoteAddr, + req.UserAgent(), sessionID, r.InhibitLogin, r.InitialDisplayName, r.DeviceID, + userapi.AccountTypeUser, ) } sessions.addParams(sessionID, r) @@ -869,7 +892,8 @@ func checkAndCompleteFlow( func completeRegistration( ctx context.Context, userAPI userapi.ClientUserAPI, - username, password, appserviceID, ipAddr, userAgent, sessionID string, + username string, serverName gomatrixserverlib.ServerName, + password, appserviceID, ipAddr, userAgent, sessionID string, inhibitLogin eventutil.WeakBoolean, displayName, deviceID *string, accType userapi.AccountType, @@ -891,6 +915,7 @@ func completeRegistration( err := userAPI.PerformAccountCreation(ctx, &userapi.PerformAccountCreationRequest{ AppServiceID: appserviceID, Localpart: username, + ServerName: serverName, Password: password, AccountType: accType, OnConflict: userapi.ConflictAbort, @@ -934,6 +959,7 @@ func completeRegistration( var devRes userapi.PerformDeviceCreationResponse err = userAPI.PerformDeviceCreation(ctx, &userapi.PerformDeviceCreationRequest{ Localpart: username, + ServerName: serverName, AccessToken: token, DeviceDisplayName: displayName, DeviceID: deviceID, @@ -1028,6 +1054,10 @@ func RegisterAvailable( // Squash username to all lowercase letters username = strings.ToLower(username) domain := cfg.Matrix.ServerName + host := gomatrixserverlib.ServerName(req.Host) + if v := cfg.Matrix.VirtualHostForHTTPHost(host); v != nil { + domain = v.ServerName + } if u, l, err := cfg.Matrix.SplitLocalID('@', username); err == nil { username, domain = u, l } @@ -1117,5 +1147,5 @@ func handleSharedSecretRegistration(cfg *config.ClientAPI, userAPI userapi.Clien if ssrr.Admin { accType = userapi.AccountTypeAdmin } - return completeRegistration(req.Context(), userAPI, ssrr.User, ssrr.Password, "", req.RemoteAddr, req.UserAgent(), "", false, &ssrr.User, &deviceID, accType) + return completeRegistration(req.Context(), userAPI, ssrr.User, cfg.Matrix.ServerName, ssrr.Password, "", req.RemoteAddr, req.UserAgent(), "", false, &ssrr.User, &deviceID, accType) } diff --git a/clientapi/userutil/userutil_test.go b/clientapi/userutil/userutil_test.go index ccd6647b2..ee6bf8a01 100644 --- a/clientapi/userutil/userutil_test.go +++ b/clientapi/userutil/userutil_test.go @@ -30,7 +30,9 @@ var ( // TestGoodUserID checks that correct localpart is returned for a valid user ID. func TestGoodUserID(t *testing.T) { cfg := &config.Global{ - ServerName: serverName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: serverName, + }, } lp, _, err := ParseUsernameParam(goodUserID, cfg) @@ -47,7 +49,9 @@ func TestGoodUserID(t *testing.T) { // TestWithLocalpartOnly checks that localpart is returned when usernameParam contains only localpart. func TestWithLocalpartOnly(t *testing.T) { cfg := &config.Global{ - ServerName: serverName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: serverName, + }, } lp, _, err := ParseUsernameParam(localpart, cfg) @@ -64,7 +68,9 @@ func TestWithLocalpartOnly(t *testing.T) { // TestIncorrectDomain checks for error when there's server name mismatch. func TestIncorrectDomain(t *testing.T) { cfg := &config.Global{ - ServerName: invalidServerName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: invalidServerName, + }, } _, _, err := ParseUsernameParam(goodUserID, cfg) @@ -77,7 +83,9 @@ func TestIncorrectDomain(t *testing.T) { // TestBadUserID checks that ParseUsernameParam fails for invalid user ID func TestBadUserID(t *testing.T) { cfg := &config.Global{ - ServerName: serverName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: serverName, + }, } _, _, err := ParseUsernameParam(badUserID, cfg) diff --git a/federationapi/routing/keys.go b/federationapi/routing/keys.go index ee25ffbb2..dc262cfde 100644 --- a/federationapi/routing/keys.go +++ b/federationapi/routing/keys.go @@ -144,24 +144,9 @@ func LocalKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerNam func localKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.ServerKeys, error) { var keys gomatrixserverlib.ServerKeys - var virtualHost *config.VirtualHost -loop: - for _, v := range cfg.Matrix.VirtualHosts { - if v.ServerName == serverName { - virtualHost = v - break loop - } - for _, httpHost := range v.MatchHTTPHosts { - if httpHost == serverName { - virtualHost = v - break loop - } - } - } - var identity *gomatrixserverlib.SigningIdentity var err error - if virtualHost == nil { + if virtualHost := cfg.Matrix.VirtualHostForHTTPHost(serverName); virtualHost == nil { if identity, err = cfg.Matrix.SigningIdentityFor(cfg.Matrix.ServerName); err != nil { return nil, err } diff --git a/go.mod b/go.mod index adf319127..7961a4b08 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/matrix-org/dugong v0.0.0-20210921133753-66e6b1c67e2e github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 - github.com/matrix-org/gomatrixserverlib v0.0.0-20221115151040-900369eadf39 + github.com/matrix-org/gomatrixserverlib v0.0.0-20221118122129-9b9340bf29d7 github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4 github.com/mattn/go-sqlite3 v1.14.15 @@ -109,8 +109,6 @@ require ( github.com/nats-io/jwt/v2 v2.3.0 // indirect github.com/nats-io/nkeys v0.3.0 // indirect github.com/nats-io/nuid v1.0.1 // indirect - github.com/nxadm/tail v1.4.8 // indirect - github.com/onsi/ginkgo v1.16.5 // indirect github.com/onsi/ginkgo/v2 v2.3.0 // indirect github.com/onsi/gomega v1.22.1 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect diff --git a/go.sum b/go.sum index 73741136d..c5184ff06 100644 --- a/go.sum +++ b/go.sum @@ -335,12 +335,8 @@ github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgx github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w= github.com/lib/pq v1.10.7 h1:p7ZhMD+KsSRozJr34udlUrhboJwWAgCg34+/ZZNvZZw= github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= -github.com/lucas-clemente/quic-go v0.28.1/go.mod h1:oGz5DKK41cJt5+773+BSO9BXDsREY4HLf7+0odGAPO0= -github.com/lucas-clemente/quic-go v0.29.2 h1:O8Mt0O6LpvEW+wfC40vZdcw0DngwYzoxq5xULZNzSI8= -github.com/lucas-clemente/quic-go v0.29.2/go.mod h1:g6/h9YMmLuU54tL1gW25uIi3VlBp3uv+sBihplIuskE= github.com/lucas-clemente/quic-go v0.30.0 h1:nwLW0h8ahVQ5EPTIM7uhl/stHqQDea15oRlYKZmw2O0= github.com/lucas-clemente/quic-go v0.30.0/go.mod h1:ssOrRsOmdxa768Wr78vnh2B8JozgLsMzG/g+0qEC7uk= -github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/marten-seemann/qtls-go1-18 v0.1.3 h1:R4H2Ks8P6pAtUagjFty2p7BVHn3XiwDAl7TTQf5h7TI= github.com/marten-seemann/qtls-go1-18 v0.1.3/go.mod h1:mJttiymBAByA49mhlNZZGrH5u1uXYZJ+RW28Py7f4m4= @@ -352,10 +348,8 @@ github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91 h1:s7fexw github.com/matrix-org/go-sqlite3-js v0.0.0-20220419092513-28aa791a1c91/go.mod h1:e+cg2q7C7yE5QnAXgzo512tgFh1RbQLC0+jozuegKgo= github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530 h1:kHKxCOLcHH8r4Fzarl4+Y3K5hjothkVW5z7T1dUM11U= github.com/matrix-org/gomatrix v0.0.0-20220926102614-ceba4d9f7530/go.mod h1:/gBX06Kw0exX1HrwmoBibFA98yBk/jxKpGVeyQbff+s= -github.com/matrix-org/gomatrixserverlib v0.0.0-20221115151040-900369eadf39 h1:VapUpY3oSbEGhfSpnnTKh7bz6AA5R4tVB5lwdlcA6jE= -github.com/matrix-org/gomatrixserverlib v0.0.0-20221115151040-900369eadf39/go.mod h1:Mtifyr8q8htcBeugvlDnkBcNUy5LO8OzUoplAf1+mb4= -github.com/matrix-org/pinecone v0.0.0-20221026160848-639feeff74d6 h1:nAT5w41Q9uWTSnpKW55/hBwP91j2IFYPDRs0jJ8TyFI= -github.com/matrix-org/pinecone v0.0.0-20221026160848-639feeff74d6/go.mod h1:K0N1ixHQxXoCyqolDqVxPM3ArrDtcMs8yegOx2Lfv9k= +github.com/matrix-org/gomatrixserverlib v0.0.0-20221118122129-9b9340bf29d7 h1:S2TNN7C00CZlE1Af31LzxkOsAEkFt0RYZ7/3VdR1D5U= +github.com/matrix-org/gomatrixserverlib v0.0.0-20221118122129-9b9340bf29d7/go.mod h1:Mtifyr8q8htcBeugvlDnkBcNUy5LO8OzUoplAf1+mb4= github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d h1:RRJg8TP3bYYtVyFIMv/ebJR+ZTWv7Xtci5zk1D3GD10= github.com/matrix-org/pinecone v0.0.0-20221117214503-218c39e0cd6d/go.mod h1:F3GHppRuHCTDeoOmmgjZMeJdbql91+RSGGsATWfC7oc= github.com/matrix-org/util v0.0.0-20200807132607-55161520e1d4 h1:eCEHXWDv9Rm335MSuB49mFUK44bwZPFSDde3ORE3syk= @@ -408,12 +402,6 @@ github.com/ngrok/sqlmw v0.0.0-20220520173518-97c9c04efc79/go.mod h1:E26fwEtRNigB github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk= -github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY= -github.com/onsi/ginkgo v1.16.2/go.mod h1:CObGmKUOKaSC0RjmoAK7tKyn4Azo5P2IWuoMnvwxz1E= -github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0= -github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= -github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.3.0 h1:kUMoxMoQG3ogk/QWyKh3zibV7BKZ+xBpWil1cTylVqc= github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= diff --git a/setup/config/config.go b/setup/config/config.go index 918bcbe3b..7e7ed1aa1 100644 --- a/setup/config/config.go +++ b/setup/config/config.go @@ -235,7 +235,7 @@ func loadConfig( if v.KeyValidityPeriod == 0 { v.KeyValidityPeriod = c.Global.KeyValidityPeriod } - if v.PrivateKeyPath == "" { + if v.PrivateKeyPath == "" || v.PrivateKey == nil || v.KeyID == "" { v.KeyID = c.Global.KeyID v.PrivateKey = c.Global.PrivateKey continue diff --git a/setup/config/config_global.go b/setup/config/config_global.go index 722230d9a..801c68450 100644 --- a/setup/config/config_global.go +++ b/setup/config/config_global.go @@ -12,8 +12,9 @@ import ( ) type Global struct { - // The name of the server. This is usually the domain name, e.g 'matrix.org', 'localhost'. - ServerName gomatrixserverlib.ServerName `yaml:"server_name"` + // Signing identity contains the server name, private key and key ID of + // the deployment. + gomatrixserverlib.SigningIdentity `yaml:",inline"` // The secondary server names, used for virtual hosting. VirtualHosts []*VirtualHost `yaml:"virtual_hosts"` @@ -21,13 +22,6 @@ type Global struct { // Path to the private key which will be used to sign requests and events. PrivateKeyPath Path `yaml:"private_key"` - // The private key which will be used to sign requests and events. - PrivateKey ed25519.PrivateKey `yaml:"-"` - - // An arbitrary string used to uniquely identify the PrivateKey. Must start with the - // prefix "ed25519:". - KeyID gomatrixserverlib.KeyID `yaml:"-"` - // Information about old private keys that used to be used to sign requests and // events on this domain. They will not be used but will be advertised to other // servers that ask for them to help verify old events. @@ -151,6 +145,29 @@ func (c *Global) SplitLocalID(sigil byte, id string) (string, gomatrixserverlib. return u, s, nil } +func (c *Global) VirtualHost(serverName gomatrixserverlib.ServerName) *VirtualHost { + for _, v := range c.VirtualHosts { + if v.ServerName == serverName { + return v + } + } + return nil +} + +func (c *Global) VirtualHostForHTTPHost(serverName gomatrixserverlib.ServerName) *VirtualHost { + for _, v := range c.VirtualHosts { + if v.ServerName == serverName { + return v + } + for _, h := range v.MatchHTTPHosts { + if h == serverName { + return v + } + } + } + return nil +} + func (c *Global) SigningIdentityFor(serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.SigningIdentity, error) { for _, id := range c.SigningIdentities() { if id.ServerName == serverName { @@ -162,32 +179,22 @@ func (c *Global) SigningIdentityFor(serverName gomatrixserverlib.ServerName) (*g func (c *Global) SigningIdentities() []*gomatrixserverlib.SigningIdentity { identities := make([]*gomatrixserverlib.SigningIdentity, 0, len(c.VirtualHosts)+1) - identities = append(identities, &gomatrixserverlib.SigningIdentity{ - ServerName: c.ServerName, - KeyID: c.KeyID, - PrivateKey: c.PrivateKey, - }) + identities = append(identities, &c.SigningIdentity) for _, v := range c.VirtualHosts { - identities = append(identities, v.SigningIdentity()) + identities = append(identities, &v.SigningIdentity) } return identities } type VirtualHost struct { - // The server name of the virtual host. - ServerName gomatrixserverlib.ServerName `yaml:"server_name"` - - // The key ID of the private key. If not specified, the default global key ID - // will be used instead. - KeyID gomatrixserverlib.KeyID `yaml:"key_id"` + // Signing identity contains the server name, private key and key ID of + // the virtual host. + gomatrixserverlib.SigningIdentity `yaml:",inline"` // Path to the private key. If not specified, the default global private key // will be used instead. PrivateKeyPath Path `yaml:"private_key"` - // The private key itself. - PrivateKey ed25519.PrivateKey `yaml:"-"` - // How long a remote server can cache our server key for before requesting it again. // Increasing this number will reduce the number of requests made by remote servers // for our key, but increases the period a compromised key will be considered valid @@ -201,19 +208,24 @@ type VirtualHost struct { MatchHTTPHosts []gomatrixserverlib.ServerName `yaml:"match_http_hosts"` // Is registration enabled on this virtual host? - AllowRegistration bool `json:"allow_registration"` + AllowRegistration bool `yaml:"allow_registration"` + + // Is guest registration enabled on this virtual host? + AllowGuests bool `yaml:"allow_guests"` } func (v *VirtualHost) Verify(configErrs *ConfigErrors) { checkNotEmpty(configErrs, "virtual_host.*.server_name", string(v.ServerName)) } -func (v *VirtualHost) SigningIdentity() *gomatrixserverlib.SigningIdentity { - return &gomatrixserverlib.SigningIdentity{ - ServerName: v.ServerName, - KeyID: v.KeyID, - PrivateKey: v.PrivateKey, +// RegistrationAllowed returns two bools, the first states whether registration +// is allowed for this virtual host and the second states whether guests are +// allowed for this virtual host. +func (v *VirtualHost) RegistrationAllowed() (bool, bool) { + if v == nil { + return false, false } + return v.AllowRegistration, v.AllowGuests } type OldVerifyKeys struct { diff --git a/userapi/userapi_test.go b/userapi/userapi_test.go index 23acfa6f3..25fa75ee2 100644 --- a/userapi/userapi_test.go +++ b/userapi/userapi_test.go @@ -61,7 +61,9 @@ func MustMakeInternalAPI(t *testing.T, opts apiTestOpts, dbType test.DBType) (ap cfg := &config.UserAPI{ Matrix: &config.Global{ - ServerName: serverName, + SigningIdentity: gomatrixserverlib.SigningIdentity{ + ServerName: serverName, + }, }, }