diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
index b88e58611c..8ba052fd14 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -54,6 +54,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
if self.config.email_password_reset_behaviour == "local":
from synapse.push.mailer import Mailer, load_jinja2_templates
+
templates = load_jinja2_templates(
config=hs.config,
template_html_name=hs.config.email_password_reset_template_html,
@@ -74,14 +75,12 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
"User password resets have been disabled due to lack of email config"
)
raise SynapseError(
- 400, "Email-based password resets have been disabled on this server",
+ 400, "Email-based password resets have been disabled on this server"
)
body = parse_json_object_from_request(request)
- assert_params_in_dict(body, [
- 'client_secret', 'email', 'send_attempt'
- ])
+ assert_params_in_dict(body, ["client_secret", "email", "send_attempt"])
# Extract params from body
client_secret = body["client_secret"]
@@ -99,24 +98,24 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
)
existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
- 'email', email,
+ "email", email
)
if existingUid is None:
raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
if self.config.email_password_reset_behaviour == "remote":
- if 'id_server' not in body:
+ if "id_server" not in body:
raise SynapseError(400, "Missing 'id_server' param in body")
# Have the identity server handle the password reset flow
ret = yield self.identity_handler.requestEmailToken(
- body["id_server"], email, client_secret, send_attempt, next_link,
+ body["id_server"], email, client_secret, send_attempt, next_link
)
else:
# Send password reset emails from Synapse
sid = yield self.send_password_reset(
- email, client_secret, send_attempt, next_link,
+ email, client_secret, send_attempt, next_link
)
# Wrap the session id in a JSON object
@@ -125,13 +124,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
defer.returnValue((200, ret))
@defer.inlineCallbacks
- def send_password_reset(
- self,
- email,
- client_secret,
- send_attempt,
- next_link=None,
- ):
+ def send_password_reset(self, email, client_secret, send_attempt, next_link=None):
"""Send a password reset email
Args:
@@ -148,14 +141,14 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
# Check that this email/client_secret/send_attempt combo is new or
# greater than what we've seen previously
session = yield self.datastore.get_threepid_validation_session(
- "email", client_secret, address=email, validated=False,
+ "email", client_secret, address=email, validated=False
)
# Check to see if a session already exists and that it is not yet
# marked as validated
if session and session.get("validated_at") is None:
- session_id = session['session_id']
- last_send_attempt = session['last_send_attempt']
+ session_id = session["session_id"]
+ last_send_attempt = session["last_send_attempt"]
# Check that the send_attempt is higher than previous attempts
if send_attempt <= last_send_attempt:
@@ -173,22 +166,27 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
# and session_id
try:
yield self.mailer.send_password_reset_mail(
- email, token, client_secret, session_id,
+ email, token, client_secret, session_id
)
except Exception:
- logger.exception(
- "Error sending a password reset email to %s", email,
- )
+ logger.exception("Error sending a password reset email to %s", email)
raise SynapseError(
500, "An error was encountered when sending the password reset email"
)
- token_expires = (self.hs.clock.time_msec() +
- self.config.email_validation_token_lifetime)
+ token_expires = (
+ self.hs.clock.time_msec() + self.config.email_validation_token_lifetime
+ )
yield self.datastore.start_or_continue_validation_session(
- "email", email, session_id, client_secret, send_attempt,
- next_link, token, token_expires,
+ "email",
+ email,
+ session_id,
+ client_secret,
+ send_attempt,
+ next_link,
+ token,
+ token_expires,
)
defer.returnValue(session_id)
@@ -207,12 +205,12 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
def on_POST(self, request):
body = parse_json_object_from_request(request)
- assert_params_in_dict(body, [
- 'id_server', 'client_secret',
- 'country', 'phone_number', 'send_attempt',
- ])
+ assert_params_in_dict(
+ body,
+ ["id_server", "client_secret", "country", "phone_number", "send_attempt"],
+ )
- msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
+ msisdn = phone_number_to_msisdn(body["country"], body["phone_number"])
if not (yield check_3pid_allowed(self.hs, "msisdn", msisdn)):
raise SynapseError(
@@ -223,9 +221,7 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
assert_valid_client_secret(body["client_secret"])
- existingUid = yield self.datastore.get_user_id_by_threepid(
- 'msisdn', msisdn
- )
+ existingUid = yield self.datastore.get_user_id_by_threepid("msisdn", msisdn)
if existingUid is None:
raise SynapseError(400, "MSISDN not found", Codes.THREEPID_NOT_FOUND)
@@ -236,10 +232,9 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
class PasswordResetSubmitTokenServlet(RestServlet):
"""Handles 3PID validation token submission"""
+
PATTERNS = client_patterns(
- "/password_reset/(?P<medium>[^/]*)/submit_token/*$",
- releases=(),
- unstable=True,
+ "/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True
)
def __init__(self, hs):
@@ -258,8 +253,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
def on_GET(self, request, medium):
if medium != "email":
raise SynapseError(
- 400,
- "This medium is currently not supported for password resets",
+ 400, "This medium is currently not supported for password resets"
)
if self.config.email_password_reset_behaviour == "off":
if self.config.password_resets_were_disabled_due_to_email_config:
@@ -267,7 +261,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
"User password resets have been disabled due to lack of email config"
)
raise SynapseError(
- 400, "Email-based password resets have been disabled on this server",
+ 400, "Email-based password resets have been disabled on this server"
)
sid = parse_string(request, "sid")
@@ -281,10 +275,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
try:
# Mark the session as valid
next_link = yield self.datastore.validate_threepid_session(
- sid,
- client_secret,
- token,
- self.clock.time_msec(),
+ sid, client_secret, token, self.clock.time_msec()
)
# Perform a 302 redirect if next_link is set
@@ -307,13 +298,11 @@ class PasswordResetSubmitTokenServlet(RestServlet):
html = self.load_jinja2_template(
self.config.email_template_dir,
self.config.email_password_reset_failure_template,
- template_vars={
- "failure_reason": e.msg,
- }
+ template_vars={"failure_reason": e.msg},
)
request.setResponseCode(e.code)
- request.write(html.encode('utf-8'))
+ request.write(html.encode("utf-8"))
finish_request(request)
defer.returnValue(None)
@@ -339,22 +328,16 @@ class PasswordResetSubmitTokenServlet(RestServlet):
def on_POST(self, request, medium):
if medium != "email":
raise SynapseError(
- 400,
- "This medium is currently not supported for password resets",
+ 400, "This medium is currently not supported for password resets"
)
body = parse_json_object_from_request(request)
- assert_params_in_dict(body, [
- 'sid', 'client_secret', 'token',
- ])
+ assert_params_in_dict(body, ["sid", "client_secret", "token"])
assert_valid_client_secret(body["client_secret"])
valid, _ = yield self.datastore.validate_threepid_session(
- body['sid'],
- body['client_secret'],
- body['token'],
- self.clock.time_msec(),
+ body["sid"], body["client_secret"], body["token"], self.clock.time_msec()
)
response_code = 200 if valid else 400
@@ -395,29 +378,30 @@ class PasswordRestServlet(RestServlet):
params = body
else:
params = yield self.auth_handler.validate_user_via_ui_auth(
- requester, body, self.hs.get_ip_from_request(request),
+ requester, body, self.hs.get_ip_from_request(request)
)
user_id = requester.user.to_string()
else:
requester = None
result, params, _ = yield self.auth_handler.check_auth(
[[LoginType.EMAIL_IDENTITY], [LoginType.MSISDN]],
- body, self.hs.get_ip_from_request(request),
+ body,
+ self.hs.get_ip_from_request(request),
password_servlet=True,
)
if LoginType.EMAIL_IDENTITY in result:
threepid = result[LoginType.EMAIL_IDENTITY]
- if 'medium' not in threepid or 'address' not in threepid:
+ if "medium" not in threepid or "address" not in threepid:
raise SynapseError(500, "Malformed threepid")
- if threepid['medium'] == 'email':
+ if threepid["medium"] == "email":
# For emails, transform the address to lowercase.
# We store all email addreses as lowercase in the DB.
# (See add_threepid in synapse/handlers/auth.py)
- threepid['address'] = threepid['address'].lower()
+ threepid["address"] = threepid["address"].lower()
# if using email, we must know about the email they're authing with!
threepid_user_id = yield self.datastore.get_user_id_by_threepid(
- threepid['medium'], threepid['address']
+ threepid["medium"], threepid["address"]
)
if not threepid_user_id:
raise SynapseError(404, "Email address not found", Codes.NOT_FOUND)
@@ -427,11 +411,9 @@ class PasswordRestServlet(RestServlet):
raise SynapseError(500, "", Codes.UNKNOWN)
assert_params_in_dict(params, ["new_password"])
- new_password = params['new_password']
+ new_password = params["new_password"]
- yield self._set_password_handler.set_password(
- user_id, new_password, requester
- )
+ yield self._set_password_handler.set_password(user_id, new_password, requester)
if self.hs.config.shadow_server:
shadow_user = UserID(
@@ -451,10 +433,9 @@ class PasswordRestServlet(RestServlet):
as_token = self.hs.config.shadow_server.get("as_token")
yield self.http_client.post_json_get_json(
- "%s/_matrix/client/r0/account/password?access_token=%s&user_id=%s" % (
- shadow_hs_url, as_token, user_id,
- ),
- body
+ "%s/_matrix/client/r0/account/password?access_token=%s&user_id=%s"
+ % (shadow_hs_url, as_token, user_id),
+ body,
)
@@ -485,25 +466,22 @@ class DeactivateAccountRestServlet(RestServlet):
# allow ASes to dectivate their own users
if requester.app_service:
yield self._deactivate_account_handler.deactivate_account(
- requester.user.to_string(), erase,
+ requester.user.to_string(), erase
)
defer.returnValue((200, {}))
yield self.auth_handler.validate_user_via_ui_auth(
- requester, body, self.hs.get_ip_from_request(request),
+ requester, body, self.hs.get_ip_from_request(request)
)
result = yield self._deactivate_account_handler.deactivate_account(
- requester.user.to_string(), erase,
- id_server=body.get("id_server"),
+ requester.user.to_string(), erase, id_server=body.get("id_server")
)
if result:
id_server_unbind_result = "success"
else:
id_server_unbind_result = "no-support"
- defer.returnValue((200, {
- "id_server_unbind_result": id_server_unbind_result,
- }))
+ defer.returnValue((200, {"id_server_unbind_result": id_server_unbind_result}))
class EmailThreepidRequestTokenRestServlet(RestServlet):
@@ -519,11 +497,10 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
def on_POST(self, request):
body = parse_json_object_from_request(request)
assert_params_in_dict(
- body,
- ['id_server', 'client_secret', 'email', 'send_attempt'],
+ body, ["id_server", "client_secret", "email", "send_attempt"]
)
- if not (yield check_3pid_allowed(self.hs, "email", body['email'])):
+ if not (yield check_3pid_allowed(self.hs, "email", body["email"])):
raise SynapseError(
403,
"Your email is not authorized on this server",
@@ -533,7 +510,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
assert_valid_client_secret(body["client_secret"])
existingUid = yield self.datastore.get_user_id_by_threepid(
- 'email', body['email']
+ "email", body["email"]
)
if existingUid is not None:
@@ -555,12 +532,12 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
@defer.inlineCallbacks
def on_POST(self, request):
body = parse_json_object_from_request(request)
- assert_params_in_dict(body, [
- 'id_server', 'client_secret',
- 'country', 'phone_number', 'send_attempt',
- ])
+ assert_params_in_dict(
+ body,
+ ["id_server", "client_secret", "country", "phone_number", "send_attempt"],
+ )
- msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
+ msisdn = phone_number_to_msisdn(body["country"], body["phone_number"])
if not (yield check_3pid_allowed(self.hs, "msisdn", msisdn)):
raise SynapseError(
@@ -571,9 +548,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
assert_valid_client_secret(body["client_secret"])
- existingUid = yield self.datastore.get_user_id_by_threepid(
- 'msisdn', msisdn
- )
+ existingUid = yield self.datastore.get_user_id_by_threepid("msisdn", msisdn)
if existingUid is not None:
raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)
@@ -598,11 +573,9 @@ class ThreepidRestServlet(RestServlet):
def on_GET(self, request):
requester = yield self.auth.get_user_by_req(request)
- threepids = yield self.datastore.user_get_threepids(
- requester.user.to_string()
- )
+ threepids = yield self.datastore.user_get_threepids(requester.user.to_string())
- defer.returnValue((200, {'threepids': threepids}))
+ defer.returnValue((200, {"threepids": threepids}))
@defer.inlineCallbacks
def on_POST(self, request):
@@ -616,8 +589,8 @@ class ThreepidRestServlet(RestServlet):
# skip validation if this is a shadow 3PID from an AS
if not requester.app_service:
- threePidCreds = body.get('threePidCreds')
- threePidCreds = body.get('three_pid_creds', threePidCreds)
+ threePidCreds = body.get("threePidCreds")
+ threePidCreds = body.get("three_pid_creds", threePidCreds)
if threePidCreds is None:
raise SynapseError(400, "Missing param", Codes.MISSING_PARAM)
@@ -628,7 +601,7 @@ class ThreepidRestServlet(RestServlet):
400, "Failed to auth 3pid", Codes.THREEPID_AUTH_FAILED
)
- for reqd in ['medium', 'address', 'validated_at']:
+ for reqd in ["medium", "address", "validated_at"]:
if reqd not in threepid:
logger.warn("Couldn't add 3pid: invalid response from ID server")
raise SynapseError(500, "Invalid response from ID Server")
@@ -637,29 +610,21 @@ class ThreepidRestServlet(RestServlet):
# This makes the API entirely change shape when we have an AS token;
# it really should be an entirely separate API - perhaps
# /account/3pid/replicate or something.
- threepid = body.get('threepid')
+ threepid = body.get("threepid")
yield self.auth_handler.add_threepid(
- user_id,
- threepid['medium'],
- threepid['address'],
- threepid['validated_at'],
+ user_id, threepid["medium"], threepid["address"], threepid["validated_at"]
)
- if not requester.app_service and ('bind' in body and body['bind']):
- logger.debug(
- "Binding threepid %s to %s",
- threepid, user_id
- )
- yield self.identity_handler.bind_threepid(
- threePidCreds, user_id
- )
+ if not requester.app_service and ("bind" in body and body["bind"]):
+ logger.debug("Binding threepid %s to %s", threepid, user_id)
+ yield self.identity_handler.bind_threepid(threePidCreds, user_id)
if self.hs.config.shadow_server:
shadow_user = UserID(
requester.user.localpart, self.hs.config.shadow_server.get("hs")
)
- self.shadow_3pid({'threepid': threepid}, shadow_user.to_string())
+ self.shadow_3pid({"threepid": threepid}, shadow_user.to_string())
defer.returnValue((200, {}))
@@ -670,10 +635,9 @@ class ThreepidRestServlet(RestServlet):
as_token = self.hs.config.shadow_server.get("as_token")
yield self.http_client.post_json_get_json(
- "%s/_matrix/client/r0/account/3pid?access_token=%s&user_id=%s" % (
- shadow_hs_url, as_token, user_id,
- ),
- body
+ "%s/_matrix/client/r0/account/3pid?access_token=%s&user_id=%s"
+ % (shadow_hs_url, as_token, user_id),
+ body,
)
@@ -693,14 +657,14 @@ class ThreepidDeleteRestServlet(RestServlet):
raise SynapseError(400, "3PID changes disabled on this server")
body = parse_json_object_from_request(request)
- assert_params_in_dict(body, ['medium', 'address'])
+ assert_params_in_dict(body, ["medium", "address"])
requester = yield self.auth.get_user_by_req(request)
user_id = requester.user.to_string()
try:
ret = yield self.auth_handler.delete_threepid(
- user_id, body['medium'], body['address'], body.get("id_server"),
+ user_id, body["medium"], body["address"], body.get("id_server")
)
except Exception:
# NB. This endpoint should succeed if there is nothing to
@@ -720,9 +684,7 @@ class ThreepidDeleteRestServlet(RestServlet):
else:
id_server_unbind_result = "no-support"
- defer.returnValue((200, {
- "id_server_unbind_result": id_server_unbind_result,
- }))
+ defer.returnValue((200, {"id_server_unbind_result": id_server_unbind_result}))
@defer.inlineCallbacks
def shadow_3pid_delete(self, body, user_id):
@@ -731,10 +693,9 @@ class ThreepidDeleteRestServlet(RestServlet):
as_token = self.hs.config.shadow_server.get("as_token")
yield self.http_client.post_json_get_json(
- "%s/_matrix/client/r0/account/3pid/delete?access_token=%s&user_id=%s" % (
- shadow_hs_url, as_token, user_id
- ),
- body
+ "%s/_matrix/client/r0/account/3pid/delete?access_token=%s&user_id=%s"
+ % (shadow_hs_url, as_token, user_id),
+ body,
)
@@ -791,7 +752,7 @@ class ThreepidBulkLookupRestServlet(RestServlet):
# Proxy the request to the identity server. lookup_3pid handles checking
# if the lookup is allowed so we don't need to do it here.
ret = yield self.identity_handler.bulk_lookup_3pid(
- body["id_server"], body["threepids"],
+ body["id_server"], body["threepids"]
)
defer.returnValue((200, ret))
@@ -808,7 +769,7 @@ class WhoamiRestServlet(RestServlet):
def on_GET(self, request):
requester = yield self.auth.get_user_by_req(request)
- defer.returnValue((200, {'user_id': requester.user.to_string()}))
+ defer.returnValue((200, {"user_id": requester.user.to_string()}))
def register_servlets(hs, http_server):
|
