Home Explore Help
Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Tree: a06dd1d6b5
Branches Tags
synapse
/
docs
/
admin_api
/
register_api.rst

register_api.rst 2.1 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768 
  1. Shared-Secret Registration
    2. 

  2. ==========================
    3. 

  3. 

  4. This API allows for the creation of users in an administrative and
    5. 

  5. non-interactive way. This is generally used for bootstrapping a Synapse
    6. 

  6. instance with administrator accounts.
    7. 

  7. 

  8. To authenticate yourself to the server, you will need both the shared secret
    9. 

  9. (``registration_shared_secret`` in the homeserver configuration), and a
    10. 

  10. one-time nonce. If the registration shared secret is not configured, this API
    11. 

  11. is not enabled.
    12. 

  12. 

  13. To fetch the nonce, you need to request one from the API::
    14. 

  14. 

  15.   > GET /_synapse/admin/v1/register
    16. 

  16. 

  17.   < {"nonce": "thisisanonce"}
    18. 

  18. 

  19. Once you have the nonce, you can make a ``POST`` to the same URL with a JSON
    20. 

  20. body containing the nonce, username, password, whether they are an admin
    21. 

  21. (optional, False by default), and a HMAC digest of the content. Also you can
    22. 

  22. set the displayname (optional, ``username`` by default).
    23. 

  23. 

  24. As an example::
    25. 

  25. 

  26.   > POST /_synapse/admin/v1/register
    27. 

  27.   > {
    28. 

  28.      "nonce": "thisisanonce",
    29. 

  29.      "username": "pepper_roni",
    30. 

  30.      "displayname": "Pepper Roni",
    31. 

  31.      "password": "pizza",
    32. 

  32.      "admin": true,
    33. 

  33.      "mac": "mac_digest_here"
    34. 

  34.     }
    35. 

  35. 

  36.   < {
    37. 

  37.      "access_token": "token_here",
    38. 

  38.      "user_id": "@pepper_roni:localhost",
    39. 

  39.      "home_server": "test",
    40. 

  40.      "device_id": "device_id_here"
    41. 

  41.     }
    42. 

  42. 

  43. The MAC is the hex digest output of the HMAC-SHA1 algorithm, with the key being
    44. 

  44. the shared secret and the content being the nonce, user, password, either the
    45. 

  45. string "admin" or "notadmin", and optionally the user_type
    46. 

  46. each separated by NULs. For an example of generation in Python::
    47. 

  47. 

  48.   import hmac, hashlib
    49. 

  49. 

  50.   def generate_mac(nonce, user, password, admin=False, user_type=None):
    51. 

  51. 

  52.       mac = hmac.new(
    53. 

  53.         key=shared_secret,
    54. 

  54.         digestmod=hashlib.sha1,
    55. 

  55.       )
    56. 

  56. 

  57.       mac.update(nonce.encode('utf8'))
    58. 

  58.       mac.update(b"\x00")
    59. 

  59.       mac.update(user.encode('utf8'))
    60. 

  60.       mac.update(b"\x00")
    61. 

  61.       mac.update(password.encode('utf8'))
    62. 

  62.       mac.update(b"\x00")
    63. 

  63.       mac.update(b"admin" if admin else b"notadmin")
    64. 

  64.       if user_type:
    65. 

  65.           mac.update(b"\x00")
    66. 

  66.           mac.update(user_type.encode('utf8'))
    67. 

  67. 

  68.       return mac.hexdigest()
    69.