zilencer: Add flow for a server to reclaim its registration.

If the server controls the registration's hostname, it can reclaim its registration credentials. This is useful, because self-hosted admins frequently lose the credentials when moving their Zulip server to a different machine / deployment method. The flow is the following: 1. The host sends a POST request to /api/v1/remotes/server/register/takeover. 2. The bouncer responds with a signed token. 3. The host prepares to serve this token at /api/v1/zulip-services/verify and sends a POST to /remotes/server/register/verify_challenge endpoint of the bouncer. 4. Upon receiving the POST request, the bouncer GETS https://{hostname}/api/v1/zulip-services/verify, verifies the secret and responds to the original POST with the registration credentials. 5. The host can now save these credentials to it zulip-secrets.conf file and thus regains its push notifications registration. Includes a global rate limit on the usage of the /verify_challenge endpoint, as it causes us to make outgoing requests.
2025-11-03 05:23:35 +00:00 · 2024-11-19 23:16:01 +01:00
parent a8625df748
commit 4e22a79e6a
12 changed files with 702 additions and 11 deletions
--- a/zproject/default_settings.py
+++ b/zproject/default_settings.py
@@ -337,6 +337,18 @@ DEFAULT_RATE_LIMITING_RULES = {
 # DEFAULT_RATE_LIMITING_RULES.
 RATE_LIMITING_RULES: dict[str, list[tuple[int, int]]] = {}

+# Rate limits for endpoints which have absolute limits on how much
+# they can be used in a given time period.
+# These will be extremely rare, and most likely for zilencer endpoints
+# only, so we don't need a nice overriding system for them like we do
+# for RATE_LIMITING_RULES.
+ABSOLUTE_USAGE_LIMITS_BY_ENDPOINT = {
+    "verify_registration_takeover_challenge_ack_endpoint": [
+        # 30 requests per day
+        (86400, 30),
+    ],
+}
+
 # Two factor authentication is not yet implementation-complete
 TWO_FACTOR_AUTHENTICATION_ENABLED = False