studio/tuwunel
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Allow guests even when token required for normal registration. (closes #189)

Browse Source 
Signed-off-by: Jason Volk <jason@zemos.net>
This commit is contained in:
Jason Volk
2025-11-02 08:47:56 +00:00
parent 4afd6f347b
commit abded2d442
1 changed files with 22 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
src/api/client/register.rs
View File

@@ -16,7 +16,9 @@ use ruma::{
events::GlobalAccountDataEventType, events::GlobalAccountDataEventType,
push, push,
}; };
use tuwunel_core::{Err, Error, Result, debug_info, error, info, is_equal_to, utils, warn}; use tuwunel_core::{
Err, Error, Result, debug_info, debug_warn, error, info, is_equal_to, utils, warn,
};
use tuwunel_service::users::device::generate_refresh_token; use tuwunel_service::users::device::generate_refresh_token;
use super::{DEVICE_ID_LENGTH, SESSION_ID_LENGTH}; use super::{DEVICE_ID_LENGTH, SESSION_ID_LENGTH};
@@ -181,31 +183,33 @@ pub(crate) async fn register_route(
return Err!(Request(Forbidden("Registration has been disabled."))); return Err!(Request(Forbidden("Registration has been disabled.")));
} }
if is_guest if is_guest && !services.config.allow_guest_registration {
&& (!services.config.allow_guest_registration let display_name = body
|| (services.config.allow_registration .initial_device_display_name
&& services.globals.registration_token.is_some())) .as_deref()
{ .unwrap_or("");
info!(
debug_warn!(
"Guest registration disabled / registration enabled with token configured, \ "Guest registration disabled / registration enabled with token configured, \
rejecting guest registration attempt, initial device name: \"{}\"", rejecting guest registration attempt, initial device name: \"{display_name}\""
body.initial_device_display_name
.as_deref()
.unwrap_or("")
); );
return Err!(Request(GuestAccessForbidden("Guest registration is disabled."))); return Err!(Request(GuestAccessForbidden("Guest registration is disabled.")));
} }
// forbid guests from registering if there is not a real admin user yet. give // forbid guests from registering if there is not a real admin user yet. give
// generic user error. // generic user error.
if is_guest && services.users.count().await < 2 { if is_guest && services.users.count().await < 2 {
let display_name = body
.initial_device_display_name
.as_deref()
.unwrap_or("");
warn!( warn!(
"Guest account attempted to register before a real admin user has been registered, \ "Guest account attempted to register before a real admin user has been registered, \
rejecting registration. Guest's initial device name: \"{}\"", rejecting registration. Guest's initial device name: \"{display_name}\""
body.initial_device_display_name
.as_deref()
.unwrap_or("")
); );
return Err!(Request(Forbidden("Registration is temporarily disabled."))); return Err!(Request(Forbidden("Registration is temporarily disabled.")));
} }
@@ -309,7 +313,7 @@ pub(crate) async fn register_route(
// UIAA // UIAA
let mut uiaainfo; let mut uiaainfo;
let skip_auth = if services.globals.registration_token.is_some() { let skip_auth = if services.globals.registration_token.is_some() && !is_guest {
// Registration token required // Registration token required
uiaainfo = UiaaInfo { uiaainfo = UiaaInfo {
flows: vec![AuthFlow { flows: vec![AuthFlow {
@@ -320,6 +324,7 @@ pub(crate) async fn register_route(
session: None, session: None,
auth_error: None, auth_error: None,
}; };
body.appservice_info.is_some() body.appservice_info.is_some()
} else { } else {
// No registration token necessary, but clients must still go through the flow // No registration token necessary, but clients must still go through the flow
@@ -330,6 +335,7 @@ pub(crate) async fn register_route(
session: None, session: None,
auth_error: None, auth_error: None,
}; };
body.appservice_info.is_some() || is_guest body.appservice_info.is_some() || is_guest
}; };