zilencer: Add flow for a server to reclaim its registration.

If the server controls the registration's hostname, it can reclaim its registration credentials. This is useful, because self-hosted admins frequently lose the credentials when moving their Zulip server to a different machine / deployment method. The flow is the following: 1. The host sends a POST request to /api/v1/remotes/server/register/takeover. 2. The bouncer responds with a signed token. 3. The host prepares to serve this token at /api/v1/zulip-services/verify and sends a POST to /remotes/server/register/verify_challenge endpoint of the bouncer. 4. Upon receiving the POST request, the bouncer GETS https://{hostname}/api/v1/zulip-services/verify, verifies the secret and responds to the original POST with the registration credentials. 5. The host can now save these credentials to it zulip-secrets.conf file and thus regains its push notifications registration. Includes a global rate limit on the usage of the /verify_challenge endpoint, as it causes us to make outgoing requests.
2025-10-23 04:52:12 +00:00 · 2024-11-19 23:16:01 +01:00
parent a8625df748
commit 4e22a79e6a
12 changed files with 702 additions and 11 deletions
--- a/zproject/urls.py
+++ b/zproject/urls.py
@@ -102,6 +102,7 @@ from zerver.views.push_notifications import (
    self_hosting_auth_json_endpoint,
    self_hosting_auth_not_configured,
    self_hosting_auth_redirect_endpoint,
+    self_hosting_registration_takeover_challenge_verify,
    send_test_push_notification_api,
 )
 from zerver.views.reactions import add_reaction, remove_reaction
@@ -868,6 +869,13 @@ urls += [
    ),
 ]

+urls += [
+    path(
+        "api/v1/zulip-services/verify/<str:access_token>/",
+        self_hosting_registration_takeover_challenge_verify,
+    ),
+]
+
 if not settings.CORPORATE_ENABLED:  # nocoverage
    # This conditional behavior cannot be tested directly, since
    # urls.py is not readily reloaded in Django tests. See the block