summary refs log tree commit diff
path: root/synapse/rest/client/v2_alpha/account.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/rest/client/v2_alpha/account.py')
-rw-r--r--synapse/rest/client/v2_alpha/account.py190
1 files changed, 76 insertions, 114 deletions
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
index ab75f6c2b2..f143d8b85c 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -52,6 +52,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
 
         if self.config.email_password_reset_behaviour == "local":
             from synapse.push.mailer import Mailer, load_jinja2_templates
+
             templates = load_jinja2_templates(
                 config=hs.config,
                 template_html_name=hs.config.email_password_reset_template_html,
@@ -72,14 +73,12 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
                     "User password resets have been disabled due to lack of email config"
                 )
             raise SynapseError(
-                400, "Email-based password resets have been disabled on this server",
+                400, "Email-based password resets have been disabled on this server"
             )
 
         body = parse_json_object_from_request(request)
 
-        assert_params_in_dict(body, [
-            'client_secret', 'email', 'send_attempt'
-        ])
+        assert_params_in_dict(body, ["client_secret", "email", "send_attempt"])
 
         # Extract params from body
         client_secret = body["client_secret"]
@@ -95,24 +94,24 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
             )
 
         existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
-            'email', email,
+            "email", email
         )
 
         if existingUid is None:
             raise SynapseError(400, "Email not found", Codes.THREEPID_NOT_FOUND)
 
         if self.config.email_password_reset_behaviour == "remote":
-            if 'id_server' not in body:
+            if "id_server" not in body:
                 raise SynapseError(400, "Missing 'id_server' param in body")
 
             # Have the identity server handle the password reset flow
             ret = yield self.identity_handler.requestEmailToken(
-                body["id_server"], email, client_secret, send_attempt, next_link,
+                body["id_server"], email, client_secret, send_attempt, next_link
             )
         else:
             # Send password reset emails from Synapse
             sid = yield self.send_password_reset(
-                email, client_secret, send_attempt, next_link,
+                email, client_secret, send_attempt, next_link
             )
 
             # Wrap the session id in a JSON object
@@ -121,13 +120,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
         defer.returnValue((200, ret))
 
     @defer.inlineCallbacks
-    def send_password_reset(
-        self,
-        email,
-        client_secret,
-        send_attempt,
-        next_link=None,
-    ):
+    def send_password_reset(self, email, client_secret, send_attempt, next_link=None):
         """Send a password reset email
 
         Args:
@@ -144,14 +137,14 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
         # Check that this email/client_secret/send_attempt combo is new or
         # greater than what we've seen previously
         session = yield self.datastore.get_threepid_validation_session(
-            "email", client_secret, address=email, validated=False,
+            "email", client_secret, address=email, validated=False
         )
 
         # Check to see if a session already exists and that it is not yet
         # marked as validated
         if session and session.get("validated_at") is None:
-            session_id = session['session_id']
-            last_send_attempt = session['last_send_attempt']
+            session_id = session["session_id"]
+            last_send_attempt = session["last_send_attempt"]
 
             # Check that the send_attempt is higher than previous attempts
             if send_attempt <= last_send_attempt:
@@ -169,22 +162,27 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
         # and session_id
         try:
             yield self.mailer.send_password_reset_mail(
-                email, token, client_secret, session_id,
+                email, token, client_secret, session_id
             )
         except Exception:
-            logger.exception(
-                "Error sending a password reset email to %s", email,
-            )
+            logger.exception("Error sending a password reset email to %s", email)
             raise SynapseError(
                 500, "An error was encountered when sending the password reset email"
             )
 
-        token_expires = (self.hs.clock.time_msec() +
-                         self.config.email_validation_token_lifetime)
+        token_expires = (
+            self.hs.clock.time_msec() + self.config.email_validation_token_lifetime
+        )
 
         yield self.datastore.start_or_continue_validation_session(
-            "email", email, session_id, client_secret, send_attempt,
-            next_link, token, token_expires,
+            "email",
+            email,
+            session_id,
+            client_secret,
+            send_attempt,
+            next_link,
+            token,
+            token_expires,
         )
 
         defer.returnValue(session_id)
@@ -203,12 +201,12 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
     def on_POST(self, request):
         body = parse_json_object_from_request(request)
 
-        assert_params_in_dict(body, [
-            'id_server', 'client_secret',
-            'country', 'phone_number', 'send_attempt',
-        ])
+        assert_params_in_dict(
+            body,
+            ["id_server", "client_secret", "country", "phone_number", "send_attempt"],
+        )
 
-        msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
+        msisdn = phone_number_to_msisdn(body["country"], body["phone_number"])
 
         if not check_3pid_allowed(self.hs, "msisdn", msisdn):
             raise SynapseError(
@@ -217,9 +215,7 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
                 Codes.THREEPID_DENIED,
             )
 
-        existingUid = yield self.datastore.get_user_id_by_threepid(
-            'msisdn', msisdn
-        )
+        existingUid = yield self.datastore.get_user_id_by_threepid("msisdn", msisdn)
 
         if existingUid is None:
             raise SynapseError(400, "MSISDN not found", Codes.THREEPID_NOT_FOUND)
@@ -230,10 +226,9 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
 
 class PasswordResetSubmitTokenServlet(RestServlet):
     """Handles 3PID validation token submission"""
+
     PATTERNS = client_patterns(
-        "/password_reset/(?P<medium>[^/]*)/submit_token/*$",
-        releases=(),
-        unstable=True,
+        "/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True
     )
 
     def __init__(self, hs):
@@ -252,8 +247,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
     def on_GET(self, request, medium):
         if medium != "email":
             raise SynapseError(
-                400,
-                "This medium is currently not supported for password resets",
+                400, "This medium is currently not supported for password resets"
             )
         if self.config.email_password_reset_behaviour == "off":
             if self.config.password_resets_were_disabled_due_to_email_config:
@@ -261,7 +255,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
                     "User password resets have been disabled due to lack of email config"
                 )
             raise SynapseError(
-                400, "Email-based password resets have been disabled on this server",
+                400, "Email-based password resets have been disabled on this server"
             )
 
         sid = parse_string(request, "sid")
@@ -272,10 +266,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
         try:
             # Mark the session as valid
             next_link = yield self.datastore.validate_threepid_session(
-                sid,
-                client_secret,
-                token,
-                self.clock.time_msec(),
+                sid, client_secret, token, self.clock.time_msec()
             )
 
             # Perform a 302 redirect if next_link is set
@@ -298,13 +289,11 @@ class PasswordResetSubmitTokenServlet(RestServlet):
             html = self.load_jinja2_template(
                 self.config.email_template_dir,
                 self.config.email_password_reset_failure_template,
-                template_vars={
-                    "failure_reason": e.msg,
-                }
+                template_vars={"failure_reason": e.msg},
             )
             request.setResponseCode(e.code)
 
-        request.write(html.encode('utf-8'))
+        request.write(html.encode("utf-8"))
         finish_request(request)
         defer.returnValue(None)
 
@@ -330,20 +319,14 @@ class PasswordResetSubmitTokenServlet(RestServlet):
     def on_POST(self, request, medium):
         if medium != "email":
             raise SynapseError(
-                400,
-                "This medium is currently not supported for password resets",
+                400, "This medium is currently not supported for password resets"
             )
 
         body = parse_json_object_from_request(request)
-        assert_params_in_dict(body, [
-            'sid', 'client_secret', 'token',
-        ])
+        assert_params_in_dict(body, ["sid", "client_secret", "token"])
 
         valid, _ = yield self.datastore.validate_threepid_validation_token(
-            body['sid'],
-            body['client_secret'],
-            body['token'],
-            self.clock.time_msec(),
+            body["sid"], body["client_secret"], body["token"], self.clock.time_msec()
         )
         response_code = 200 if valid else 400
 
@@ -379,29 +362,30 @@ class PasswordRestServlet(RestServlet):
         if self.auth.has_access_token(request):
             requester = yield self.auth.get_user_by_req(request)
             params = yield self.auth_handler.validate_user_via_ui_auth(
-                requester, body, self.hs.get_ip_from_request(request),
+                requester, body, self.hs.get_ip_from_request(request)
             )
             user_id = requester.user.to_string()
         else:
             requester = None
             result, params, _ = yield self.auth_handler.check_auth(
                 [[LoginType.EMAIL_IDENTITY], [LoginType.MSISDN]],
-                body, self.hs.get_ip_from_request(request),
+                body,
+                self.hs.get_ip_from_request(request),
                 password_servlet=True,
             )
 
             if LoginType.EMAIL_IDENTITY in result:
                 threepid = result[LoginType.EMAIL_IDENTITY]
-                if 'medium' not in threepid or 'address' not in threepid:
+                if "medium" not in threepid or "address" not in threepid:
                     raise SynapseError(500, "Malformed threepid")
-                if threepid['medium'] == 'email':
+                if threepid["medium"] == "email":
                     # For emails, transform the address to lowercase.
                     # We store all email addreses as lowercase in the DB.
                     # (See add_threepid in synapse/handlers/auth.py)
-                    threepid['address'] = threepid['address'].lower()
+                    threepid["address"] = threepid["address"].lower()
                 # if using email, we must know about the email they're authing with!
                 threepid_user_id = yield self.datastore.get_user_id_by_threepid(
-                    threepid['medium'], threepid['address']
+                    threepid["medium"], threepid["address"]
                 )
                 if not threepid_user_id:
                     raise SynapseError(404, "Email address not found", Codes.NOT_FOUND)
@@ -411,11 +395,9 @@ class PasswordRestServlet(RestServlet):
                 raise SynapseError(500, "", Codes.UNKNOWN)
 
         assert_params_in_dict(params, ["new_password"])
-        new_password = params['new_password']
+        new_password = params["new_password"]
 
-        yield self._set_password_handler.set_password(
-            user_id, new_password, requester
-        )
+        yield self._set_password_handler.set_password(user_id, new_password, requester)
 
         defer.returnValue((200, {}))
 
@@ -450,25 +432,22 @@ class DeactivateAccountRestServlet(RestServlet):
         # allow ASes to dectivate their own users
         if requester.app_service:
             yield self._deactivate_account_handler.deactivate_account(
-                requester.user.to_string(), erase,
+                requester.user.to_string(), erase
             )
             defer.returnValue((200, {}))
 
         yield self.auth_handler.validate_user_via_ui_auth(
-            requester, body, self.hs.get_ip_from_request(request),
+            requester, body, self.hs.get_ip_from_request(request)
         )
         result = yield self._deactivate_account_handler.deactivate_account(
-            requester.user.to_string(), erase,
-            id_server=body.get("id_server"),
+            requester.user.to_string(), erase, id_server=body.get("id_server")
         )
         if result:
             id_server_unbind_result = "success"
         else:
             id_server_unbind_result = "no-support"
 
-        defer.returnValue((200, {
-            "id_server_unbind_result": id_server_unbind_result,
-        }))
+        defer.returnValue((200, {"id_server_unbind_result": id_server_unbind_result}))
 
 
 class EmailThreepidRequestTokenRestServlet(RestServlet):
@@ -484,11 +463,10 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
     def on_POST(self, request):
         body = parse_json_object_from_request(request)
         assert_params_in_dict(
-            body,
-            ['id_server', 'client_secret', 'email', 'send_attempt'],
+            body, ["id_server", "client_secret", "email", "send_attempt"]
         )
 
-        if not check_3pid_allowed(self.hs, "email", body['email']):
+        if not check_3pid_allowed(self.hs, "email", body["email"]):
             raise SynapseError(
                 403,
                 "Your email domain is not authorized on this server",
@@ -496,7 +474,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
             )
 
         existingUid = yield self.datastore.get_user_id_by_threepid(
-            'email', body['email']
+            "email", body["email"]
         )
 
         if existingUid is not None:
@@ -518,12 +496,12 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
     @defer.inlineCallbacks
     def on_POST(self, request):
         body = parse_json_object_from_request(request)
-        assert_params_in_dict(body, [
-            'id_server', 'client_secret',
-            'country', 'phone_number', 'send_attempt',
-        ])
+        assert_params_in_dict(
+            body,
+            ["id_server", "client_secret", "country", "phone_number", "send_attempt"],
+        )
 
-        msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])
+        msisdn = phone_number_to_msisdn(body["country"], body["phone_number"])
 
         if not check_3pid_allowed(self.hs, "msisdn", msisdn):
             raise SynapseError(
@@ -532,9 +510,7 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
                 Codes.THREEPID_DENIED,
             )
 
-        existingUid = yield self.datastore.get_user_id_by_threepid(
-            'msisdn', msisdn
-        )
+        existingUid = yield self.datastore.get_user_id_by_threepid("msisdn", msisdn)
 
         if existingUid is not None:
             raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)
@@ -558,18 +534,16 @@ class ThreepidRestServlet(RestServlet):
     def on_GET(self, request):
         requester = yield self.auth.get_user_by_req(request)
 
-        threepids = yield self.datastore.user_get_threepids(
-            requester.user.to_string()
-        )
+        threepids = yield self.datastore.user_get_threepids(requester.user.to_string())
 
-        defer.returnValue((200, {'threepids': threepids}))
+        defer.returnValue((200, {"threepids": threepids}))
 
     @defer.inlineCallbacks
     def on_POST(self, request):
         body = parse_json_object_from_request(request)
 
-        threePidCreds = body.get('threePidCreds')
-        threePidCreds = body.get('three_pid_creds', threePidCreds)
+        threePidCreds = body.get("threePidCreds")
+        threePidCreds = body.get("three_pid_creds", threePidCreds)
         if threePidCreds is None:
             raise SynapseError(400, "Missing param", Codes.MISSING_PARAM)
 
@@ -579,30 +553,20 @@ class ThreepidRestServlet(RestServlet):
         threepid = yield self.identity_handler.threepid_from_creds(threePidCreds)
 
         if not threepid:
-            raise SynapseError(
-                400, "Failed to auth 3pid", Codes.THREEPID_AUTH_FAILED
-            )
+            raise SynapseError(400, "Failed to auth 3pid", Codes.THREEPID_AUTH_FAILED)
 
-        for reqd in ['medium', 'address', 'validated_at']:
+        for reqd in ["medium", "address", "validated_at"]:
             if reqd not in threepid:
                 logger.warn("Couldn't add 3pid: invalid response from ID server")
                 raise SynapseError(500, "Invalid response from ID Server")
 
         yield self.auth_handler.add_threepid(
-            user_id,
-            threepid['medium'],
-            threepid['address'],
-            threepid['validated_at'],
+            user_id, threepid["medium"], threepid["address"], threepid["validated_at"]
         )
 
-        if 'bind' in body and body['bind']:
-            logger.debug(
-                "Binding threepid %s to %s",
-                threepid, user_id
-            )
-            yield self.identity_handler.bind_threepid(
-                threePidCreds, user_id
-            )
+        if "bind" in body and body["bind"]:
+            logger.debug("Binding threepid %s to %s", threepid, user_id)
+            yield self.identity_handler.bind_threepid(threePidCreds, user_id)
 
         defer.returnValue((200, {}))
 
@@ -618,14 +582,14 @@ class ThreepidDeleteRestServlet(RestServlet):
     @defer.inlineCallbacks
     def on_POST(self, request):
         body = parse_json_object_from_request(request)
-        assert_params_in_dict(body, ['medium', 'address'])
+        assert_params_in_dict(body, ["medium", "address"])
 
         requester = yield self.auth.get_user_by_req(request)
         user_id = requester.user.to_string()
 
         try:
             ret = yield self.auth_handler.delete_threepid(
-                user_id, body['medium'], body['address'], body.get("id_server"),
+                user_id, body["medium"], body["address"], body.get("id_server")
             )
         except Exception:
             # NB. This endpoint should succeed if there is nothing to
@@ -639,9 +603,7 @@ class ThreepidDeleteRestServlet(RestServlet):
         else:
             id_server_unbind_result = "no-support"
 
-        defer.returnValue((200, {
-            "id_server_unbind_result": id_server_unbind_result,
-        }))
+        defer.returnValue((200, {"id_server_unbind_result": id_server_unbind_result}))
 
 
 class WhoamiRestServlet(RestServlet):
@@ -655,7 +617,7 @@ class WhoamiRestServlet(RestServlet):
     def on_GET(self, request):
         requester = yield self.auth.get_user_by_req(request)
 
-        defer.returnValue((200, {'user_id': requester.user.to_string()}))
+        defer.returnValue((200, {"user_id": requester.user.to_string()}))
 
 
 def register_servlets(hs, http_server):