diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 67ecbd32ff..dbf3799d2e 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -79,7 +79,7 @@ class Auth:
self._auth_blocking = AuthBlocking(self.hs)
- self._account_validity = hs.config.account_validity
+ self._account_validity_enabled = hs.config.account_validity_enabled
self._track_appservice_user_ips = hs.config.track_appservice_user_ips
self._macaroon_secret_key = hs.config.macaroon_secret_key
@@ -168,7 +168,7 @@ class Auth:
rights: str = "access",
allow_expired: bool = False,
) -> synapse.types.Requester:
- """ Get a registered user's ID.
+ """Get a registered user's ID.
Args:
request: An HTTP request with an access_token query parameter.
@@ -192,7 +192,7 @@ class Auth:
access_token = self.get_access_token_from_request(request)
- user_id, app_service = await self._get_appservice_user_id(request)
+ user_id, app_service = self._get_appservice_user_id(request)
if user_id:
if ip_addr and self._track_appservice_user_ips:
await self.store.insert_client_ip(
@@ -222,7 +222,7 @@ class Auth:
shadow_banned = user_info.shadow_banned
# Deny the request if the user account has expired.
- if self._account_validity.enabled and not allow_expired:
+ if self._account_validity_enabled and not allow_expired:
if await self.store.is_account_expired(
user_info.user_id, self.clock.time_msec()
):
@@ -268,10 +268,11 @@ class Auth:
except KeyError:
raise MissingClientTokenError()
- async def _get_appservice_user_id(self, request):
+ def _get_appservice_user_id(self, request):
app_service = self.store.get_app_service_by_token(
self.get_access_token_from_request(request)
)
+
if app_service is None:
return None, None
@@ -289,14 +290,21 @@ class Auth:
if not app_service.is_interested_in_user(user_id):
raise AuthError(403, "Application service cannot masquerade as this user.")
- if not (await self.store.get_user_by_id(user_id)):
- raise AuthError(403, "Application service has not registered this user")
+ # Let ASes manipulate nonexistent users (e.g. to shadow-register them)
+ # if not (yield self.store.get_user_by_id(user_id)):
+ # raise AuthError(
+ # 403,
+ # "Application service has not registered this user"
+ # )
return user_id, app_service
async def get_user_by_access_token(
- self, token: str, rights: str = "access", allow_expired: bool = False,
+ self,
+ token: str,
+ rights: str = "access",
+ allow_expired: bool = False,
) -> TokenLookupResult:
- """ Validate access token and get user_id from it
+ """Validate access token and get user_id from it
Args:
token: The access token to get the user by
@@ -489,7 +497,7 @@ class Auth:
return service
async def is_server_admin(self, user: UserID) -> bool:
- """ Check if the given user is a local server admin.
+ """Check if the given user is a local server admin.
Args:
user: user to check
@@ -500,7 +508,10 @@ class Auth:
return await self.store.is_server_admin(user)
def compute_auth_events(
- self, event, current_state_ids: StateMap[str], for_verification: bool = False,
+ self,
+ event,
+ current_state_ids: StateMap[str],
+ for_verification: bool = False,
) -> List[str]:
"""Given an event and current state return the list of event IDs used
to auth an event.
|
