You've already forked authentication-service
mirror of
https://github.com/matrix-org/matrix-authentication-service.git
synced 2025-08-07 17:03:01 +03:00
Gate account recovery behing a configuration flag
This commit is contained in:
Quentin Gliech
@@ -133,6 +133,7 @@ pub fn test_site_config() -> SiteConfig {
|
||||
email_change_allowed: true,
|
||||
displayname_change_allowed: true,
|
||||
password_change_allowed: true,
|
||||
account_recovery_allowed: true,
|
||||
captcha: None,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -23,12 +23,13 @@ use mas_axum_utils::{
|
||||
csrf::{CsrfExt, ProtectedForm},
|
||||
FancyError,
|
||||
};
|
||||
use mas_data_model::SiteConfig;
|
||||
use mas_policy::Policy;
|
||||
use mas_router::UrlBuilder;
|
||||
use mas_storage::{BoxClock, BoxRepository, BoxRng};
|
||||
use mas_templates::{
|
||||
ErrorContext, FieldError, FormState, RecoveryFinishContext, RecoveryFinishFormField,
|
||||
TemplateContext, Templates,
|
||||
EmptyContext, ErrorContext, FieldError, FormState, RecoveryFinishContext,
|
||||
RecoveryFinishFormField, TemplateContext, Templates,
|
||||
};
|
||||
use serde::{Deserialize, Serialize};
|
||||
use zeroize::Zeroizing;
|
||||
@@ -50,11 +51,18 @@ pub(crate) async fn get(
|
||||
mut rng: BoxRng,
|
||||
clock: BoxClock,
|
||||
mut repo: BoxRepository,
|
||||
State(site_config): State<SiteConfig>,
|
||||
State(templates): State<Templates>,
|
||||
PreferredLanguage(locale): PreferredLanguage,
|
||||
cookie_jar: CookieJar,
|
||||
Query(query): Query<RouteQuery>,
|
||||
) -> Result<Response, FancyError> {
|
||||
if !site_config.account_recovery_allowed {
|
||||
let context = EmptyContext.with_language(locale);
|
||||
let rendered = templates.render_recovery_disabled(&context)?;
|
||||
return Ok((cookie_jar, Html(rendered)).into_response());
|
||||
}
|
||||
|
||||
let (csrf_token, cookie_jar) = cookie_jar.csrf_token(&clock, &mut rng);
|
||||
|
||||
let ticket = repo
|
||||
@@ -117,6 +125,7 @@ pub(crate) async fn post(
|
||||
clock: BoxClock,
|
||||
mut repo: BoxRepository,
|
||||
mut policy: Policy,
|
||||
State(site_config): State<SiteConfig>,
|
||||
State(password_manager): State<PasswordManager>,
|
||||
State(templates): State<Templates>,
|
||||
State(url_builder): State<UrlBuilder>,
|
||||
@@ -125,6 +134,12 @@ pub(crate) async fn post(
|
||||
Query(query): Query<RouteQuery>,
|
||||
Form(form): Form<ProtectedForm<RouteForm>>,
|
||||
) -> Result<Response, FancyError> {
|
||||
if !site_config.account_recovery_allowed {
|
||||
let context = EmptyContext.with_language(locale);
|
||||
let rendered = templates.render_recovery_disabled(&context)?;
|
||||
return Ok((cookie_jar, Html(rendered)).into_response());
|
||||
}
|
||||
|
||||
let (csrf_token, cookie_jar) = cookie_jar.csrf_token(&clock, &mut rng);
|
||||
|
||||
let ticket = repo
|
||||
|
||||
@@ -22,12 +22,13 @@ use mas_axum_utils::{
|
||||
csrf::{CsrfExt, ProtectedForm},
|
||||
FancyError, SessionInfoExt,
|
||||
};
|
||||
use mas_data_model::SiteConfig;
|
||||
use mas_router::UrlBuilder;
|
||||
use mas_storage::{
|
||||
job::{JobRepositoryExt, SendAccountRecoveryEmailsJob},
|
||||
BoxClock, BoxRepository, BoxRng,
|
||||
};
|
||||
use mas_templates::{RecoveryProgressContext, TemplateContext, Templates};
|
||||
use mas_templates::{EmptyContext, RecoveryProgressContext, TemplateContext, Templates};
|
||||
use ulid::Ulid;
|
||||
|
||||
use crate::PreferredLanguage;
|
||||
@@ -36,12 +37,19 @@ pub(crate) async fn get(
|
||||
mut rng: BoxRng,
|
||||
clock: BoxClock,
|
||||
mut repo: BoxRepository,
|
||||
State(site_config): State<SiteConfig>,
|
||||
State(templates): State<Templates>,
|
||||
State(url_builder): State<UrlBuilder>,
|
||||
PreferredLanguage(locale): PreferredLanguage,
|
||||
cookie_jar: CookieJar,
|
||||
Path(id): Path<Ulid>,
|
||||
) -> Result<Response, FancyError> {
|
||||
if !site_config.account_recovery_allowed {
|
||||
let context = EmptyContext.with_language(locale);
|
||||
let rendered = templates.render_recovery_disabled(&context)?;
|
||||
return Ok((cookie_jar, Html(rendered)).into_response());
|
||||
}
|
||||
|
||||
let (session_info, cookie_jar) = cookie_jar.session_info();
|
||||
let (csrf_token, cookie_jar) = cookie_jar.csrf_token(&clock, &mut rng);
|
||||
|
||||
@@ -75,6 +83,7 @@ pub(crate) async fn post(
|
||||
mut rng: BoxRng,
|
||||
clock: BoxClock,
|
||||
mut repo: BoxRepository,
|
||||
State(site_config): State<SiteConfig>,
|
||||
State(templates): State<Templates>,
|
||||
State(url_builder): State<UrlBuilder>,
|
||||
PreferredLanguage(locale): PreferredLanguage,
|
||||
@@ -82,6 +91,12 @@ pub(crate) async fn post(
|
||||
Path(id): Path<Ulid>,
|
||||
Form(form): Form<ProtectedForm<()>>,
|
||||
) -> Result<Response, FancyError> {
|
||||
if !site_config.account_recovery_allowed {
|
||||
let context = EmptyContext.with_language(locale);
|
||||
let rendered = templates.render_recovery_disabled(&context)?;
|
||||
return Ok((cookie_jar, Html(rendered)).into_response());
|
||||
}
|
||||
|
||||
let (session_info, cookie_jar) = cookie_jar.session_info();
|
||||
let (csrf_token, cookie_jar) = cookie_jar.csrf_token(&clock, &mut rng);
|
||||
|
||||
|
||||
@@ -25,14 +25,15 @@ use mas_axum_utils::{
|
||||
csrf::{CsrfExt, ProtectedForm},
|
||||
FancyError, SessionInfoExt,
|
||||
};
|
||||
use mas_data_model::UserAgent;
|
||||
use mas_data_model::{SiteConfig, UserAgent};
|
||||
use mas_router::UrlBuilder;
|
||||
use mas_storage::{
|
||||
job::{JobRepositoryExt, SendAccountRecoveryEmailsJob},
|
||||
BoxClock, BoxRepository, BoxRng,
|
||||
};
|
||||
use mas_templates::{
|
||||
FieldError, FormState, RecoveryStartContext, RecoveryStartFormField, TemplateContext, Templates,
|
||||
EmptyContext, FieldError, FormState, RecoveryStartContext, RecoveryStartFormField,
|
||||
TemplateContext, Templates,
|
||||
};
|
||||
use serde::{Deserialize, Serialize};
|
||||
|
||||
@@ -47,11 +48,18 @@ pub(crate) async fn get(
|
||||
mut rng: BoxRng,
|
||||
clock: BoxClock,
|
||||
mut repo: BoxRepository,
|
||||
State(site_config): State<SiteConfig>,
|
||||
State(templates): State<Templates>,
|
||||
State(url_builder): State<UrlBuilder>,
|
||||
PreferredLanguage(locale): PreferredLanguage,
|
||||
cookie_jar: CookieJar,
|
||||
) -> Result<Response, FancyError> {
|
||||
if !site_config.account_recovery_allowed {
|
||||
let context = EmptyContext.with_language(locale);
|
||||
let rendered = templates.render_recovery_disabled(&context)?;
|
||||
return Ok((cookie_jar, Html(rendered)).into_response());
|
||||
}
|
||||
|
||||
let (session_info, cookie_jar) = cookie_jar.session_info();
|
||||
let (csrf_token, cookie_jar) = cookie_jar.csrf_token(&clock, &mut rng);
|
||||
|
||||
@@ -78,12 +86,19 @@ pub(crate) async fn post(
|
||||
mut repo: BoxRepository,
|
||||
user_agent: TypedHeader<headers::UserAgent>,
|
||||
activity_tracker: BoundActivityTracker,
|
||||
State(site_config): State<SiteConfig>,
|
||||
State(templates): State<Templates>,
|
||||
State(url_builder): State<UrlBuilder>,
|
||||
PreferredLanguage(locale): PreferredLanguage,
|
||||
cookie_jar: CookieJar,
|
||||
Form(form): Form<ProtectedForm<StartRecoveryForm>>,
|
||||
) -> Result<impl IntoResponse, FancyError> {
|
||||
if !site_config.account_recovery_allowed {
|
||||
let context = EmptyContext.with_language(locale);
|
||||
let rendered = templates.render_recovery_disabled(&context)?;
|
||||
return Ok((cookie_jar, Html(rendered)).into_response());
|
||||
}
|
||||
|
||||
let (session_info, cookie_jar) = cookie_jar.session_info();
|
||||
let (csrf_token, cookie_jar) = cookie_jar.csrf_token(&clock, &mut rng);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user