mirror of
https://github.com/zulip/zulip.git
synced 2025-11-01 04:23:46 +00:00
4e22a79e6a
If the server controls the registration's hostname, it can reclaim its registration credentials. This is useful, because self-hosted admins frequently lose the credentials when moving their Zulip server to a different machine / deployment method. The flow is the following: 1. The host sends a POST request to /api/v1/remotes/server/register/takeover. 2. The bouncer responds with a signed token. 3. The host prepares to serve this token at /api/v1/zulip-services/verify and sends a POST to /remotes/server/register/verify_challenge endpoint of the bouncer. 4. Upon receiving the POST request, the bouncer GETS https://{hostname}/api/v1/zulip-services/verify, verifies the secret and responds to the original POST with the registration credentials. 5. The host can now save these credentials to it zulip-secrets.conf file and thus regains its push notifications registration. Includes a global rate limit on the usage of the /verify_challenge endpoint, as it causes us to make outgoing requests.