diff options
Diffstat (limited to 'synapse/api')
-rw-r--r-- | synapse/api/auth.py | 47 | ||||
-rw-r--r-- | synapse/api/constants.py | 1 |
2 files changed, 21 insertions, 27 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 0c6c93a87b..1c5801fa51 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -207,6 +207,7 @@ class Auth(object): ) user_id, app_service = yield self._get_appservice_user_id(request) + if user_id: request.authenticated_entity = user_id @@ -268,39 +269,40 @@ class Auth(object): errcode=Codes.MISSING_TOKEN ) - @defer.inlineCallbacks def _get_appservice_user_id(self, request): app_service = self.store.get_app_service_by_token( self.get_access_token_from_request( request, self.TOKEN_NOT_FOUND_HTTP_STATUS ) ) + if app_service is None: - defer.returnValue((None, None)) + return(None, None) if app_service.ip_range_whitelist: ip_address = IPAddress(self.hs.get_ip_from_request(request)) if ip_address not in app_service.ip_range_whitelist: - defer.returnValue((None, None)) + return(None, None) if b"user_id" not in request.args: - defer.returnValue((app_service.sender, app_service)) + return(app_service.sender, app_service) user_id = request.args[b"user_id"][0].decode('utf8') if app_service.sender == user_id: - defer.returnValue((app_service.sender, app_service)) + return(app_service.sender, app_service) if not app_service.is_interested_in_user(user_id): raise AuthError( 403, "Application service cannot masquerade as this user." ) - if not (yield self.store.get_user_by_id(user_id)): - raise AuthError( - 403, - "Application service has not registered this user" - ) - defer.returnValue((user_id, app_service)) + # Let ASes manipulate nonexistent users (e.g. to shadow-register them) + # if not (yield self.store.get_user_by_id(user_id)): + # raise AuthError( + # 403, + # "Application service has not registered this user" + # ) + return(user_id, app_service) @defer.inlineCallbacks def get_user_by_access_token(self, token, rights="access"): @@ -533,24 +535,15 @@ class Auth(object): defer.returnValue(user_info) def get_appservice_by_req(self, request): - try: - token = self.get_access_token_from_request( - request, self.TOKEN_NOT_FOUND_HTTP_STATUS - ) - service = self.store.get_app_service_by_token(token) - if not service: - logger.warn("Unrecognised appservice access token.") - raise AuthError( - self.TOKEN_NOT_FOUND_HTTP_STATUS, - "Unrecognised access token.", - errcode=Codes.UNKNOWN_TOKEN - ) - request.authenticated_entity = service.sender - return defer.succeed(service) - except KeyError: + (user_id, app_service) = self._get_appservice_user_id(request) + if not app_service: raise AuthError( - self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token." + self.TOKEN_NOT_FOUND_HTTP_STATUS, + "Unrecognised access token.", + errcode=Codes.UNKNOWN_TOKEN, ) + request.authenticated_entity = app_service.sender + return app_service def is_server_admin(self, user): """ Check if the given user is a local server admin. diff --git a/synapse/api/constants.py b/synapse/api/constants.py index 8547a63535..5664c41793 100644 --- a/synapse/api/constants.py +++ b/synapse/api/constants.py @@ -79,6 +79,7 @@ class EventTypes(object): RoomAvatar = "m.room.avatar" RoomEncryption = "m.room.encryption" GuestAccess = "m.room.guest_access" + Encryption = "m.room.encryption" # These are used for validation Message = "m.room.message" |