From d296cdc9ddb799e8354dae4308a01b0984933186 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 30 Apr 2019 15:15:02 +0100 Subject: Add bulk lookup --- synapse/handlers/identity.py | 46 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 45 insertions(+), 1 deletion(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index d2039e2825..910f572a1d 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -347,7 +347,7 @@ class IdentityHandler(BaseHandler): Returns: Deferred[dict]: The result of the lookup. See - https://matrix.org/docs/spec/identity_service/r0.1.0.html#id15 + https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup for details """ if not self._enable_lookup: @@ -380,6 +380,50 @@ class IdentityHandler(BaseHandler): defer.returnValue(data) + @defer.inlineCallbacks + def bulk_lookup_3pid(self, id_server, threepids): + """Looks up a 3pid in the passed identity server. + + Args: + id_server (str): The server name (including port, if required) + of the identity server to use. + threepids ([[str, str]]): The third party identifiers to lookup, as + a list of 2-string sized lists ([medium, address]). + + Returns: + Deferred[dict]: The result of the lookup. See + https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup + for details + """ + if not self._enable_lookup: + raise AuthError( + 403, "Looking up third-party identifiers is denied from this server", + ) + + target = self.rewrite_identity_server_urls.get(id_server, id_server) + + try: + data = yield self.http_client.get_json( + "https://%s/_matrix/identity/api/v1/lookup" % (target,), + { + "threepids": threepids, + } + ) + + if "mxid" in data: + if "signatures" not in data: + raise AuthError(401, "No signatures on 3pid bindings") + yield self._verify_any_signature(data, id_server) + + except HttpResponseException as e: + logger.info("Proxied lookup failed: %r", e) + raise e.to_synapse_error() + except IOError as e: + logger.info("Failed to contact %r: %s", id_server, e) + raise ProxiedRequestError(503, "Failed to contact homeserver") + + defer.returnValue(data) + @defer.inlineCallbacks def _verify_any_signature(self, data, server_hostname): if server_hostname not in data["signatures"]: -- cgit 1.5.1 From 3a9c405a0fc36eed25d53a0beaeb485b341bc7f1 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 30 Apr 2019 18:22:42 +0100 Subject: Fix url and method --- synapse/handlers/identity.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 910f572a1d..23cc161798 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -403,8 +403,8 @@ class IdentityHandler(BaseHandler): target = self.rewrite_identity_server_urls.get(id_server, id_server) try: - data = yield self.http_client.get_json( - "https://%s/_matrix/identity/api/v1/lookup" % (target,), + data = yield self.http_client.post_json( + "https://%s/_matrix/identity/api/v1/bulk_lookup" % (target,), { "threepids": threepids, } -- cgit 1.5.1 From 371296443f7f6309462effb524d03c7cd02611c2 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Wed, 1 May 2019 10:03:46 +0100 Subject: Update synapse/handlers/identity.py Co-Authored-By: babolivier --- synapse/handlers/identity.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 23cc161798..4c9023145d 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -420,7 +420,7 @@ class IdentityHandler(BaseHandler): raise e.to_synapse_error() except IOError as e: logger.info("Failed to contact %r: %s", id_server, e) - raise ProxiedRequestError(503, "Failed to contact homeserver") + raise ProxiedRequestError(503, "Failed to contact identity server") defer.returnValue(data) -- cgit 1.5.1 From 3d031c211d6233e604fb50264174a877a9269172 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Wed, 1 May 2019 10:10:38 +0100 Subject: Fix error message --- synapse/handlers/identity.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 4c9023145d..5b610990b6 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -376,7 +376,7 @@ class IdentityHandler(BaseHandler): raise e.to_synapse_error() except IOError as e: logger.info("Failed to contact %r: %s", id_server, e) - raise ProxiedRequestError(503, "Failed to contact homeserver") + raise ProxiedRequestError(503, "Failed to contact identity server") defer.returnValue(data) -- cgit 1.5.1 From b4f3d70b212b60576c12e99f62b53df169467067 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 7 May 2019 11:47:37 +0100 Subject: Incorporate review --- synapse/handlers/identity.py | 2 +- synapse/rest/client/v2_alpha/account.py | 2 ++ tests/rest/client/test_identity.py | 6 +++--- 3 files changed, 6 insertions(+), 4 deletions(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 5b610990b6..dc77b6786f 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -403,7 +403,7 @@ class IdentityHandler(BaseHandler): target = self.rewrite_identity_server_urls.get(id_server, id_server) try: - data = yield self.http_client.post_json( + data = yield self.http_client.post_json_get_json( "https://%s/_matrix/identity/api/v1/bulk_lookup" % (target,), { "threepids": threepids, diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index 154700d7d1..f1037ce115 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -531,6 +531,8 @@ class ThreepidBulkLookupRestServlet(RestServlet): body = parse_json_object_from_request(request) + assert_params_in_dict(body, ["threepids", "id_server"]) + # Proxy the request to the identity server. lookup_3pid handles checking # if the lookup is allowed so we don't need to do it here. ret = yield self.identity_handler.bulk_lookup_3pid( diff --git a/tests/rest/client/test_identity.py b/tests/rest/client/test_identity.py index c1b1b11202..ed149f3600 100644 --- a/tests/rest/client/test_identity.py +++ b/tests/rest/client/test_identity.py @@ -115,10 +115,10 @@ class IdentityEnabledTestCase(unittest.HomeserverTestCase): mock_http_client = Mock(spec=[ "get_json", - "post_json", + "post_json_get_json", ]) mock_http_client.get_json.return_value = defer.succeed((200, "{}")) - mock_http_client.post_json.return_value = defer.succeed((200, "{}")) + mock_http_client.post_json_get_json.return_value = defer.succeed((200, "{}")) self.hs = self.setup_test_homeserver( config=config, @@ -198,7 +198,7 @@ class IdentityEnabledTestCase(unittest.HomeserverTestCase): ) self.render(request) - post_json = self.hs.get_simple_http_client().post_json + post_json = self.hs.get_simple_http_client().post_json_get_json post_json.assert_called_once_with( "https://testis/_matrix/identity/api/v1/bulk_lookup", { -- cgit 1.5.1 From 66f7588f87fe63b1a1c5069f58fcebd5c2beafc2 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 7 May 2019 12:06:24 +0100 Subject: Fix expected key in bulk lookup response --- synapse/handlers/identity.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index dc77b6786f..758390195b 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -410,7 +410,7 @@ class IdentityHandler(BaseHandler): } ) - if "mxid" in data: + if "threepids" in data: if "signatures" not in data: raise AuthError(401, "No signatures on 3pid bindings") yield self._verify_any_signature(data, id_server) -- cgit 1.5.1 From f059a910851ae15a88217c6c38b38807f2a491ac Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Tue, 7 May 2019 14:16:26 +0100 Subject: /bulk_lookup doesn't return a signature --- synapse/handlers/identity.py | 5 ----- 1 file changed, 5 deletions(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 758390195b..6066018275 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -410,11 +410,6 @@ class IdentityHandler(BaseHandler): } ) - if "threepids" in data: - if "signatures" not in data: - raise AuthError(401, "No signatures on 3pid bindings") - yield self._verify_any_signature(data, id_server) - except HttpResponseException as e: logger.info("Proxied lookup failed: %r", e) raise e.to_synapse_error() -- cgit 1.5.1 From 10e3ed83e9a63208eee07ec933b6a26fd76b51d2 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Thu, 9 May 2019 12:53:24 +0100 Subject: Check if Synapse should check given ISs --- synapse/handlers/identity.py | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 6066018275..b4c6e94777 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -350,6 +350,12 @@ class IdentityHandler(BaseHandler): https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup for details """ + if not self._should_trust_id_server(id_server): + raise SynapseError( + 400, "Untrusted ID server '%s'" % id_server, + Codes.SERVER_NOT_TRUSTED + ) + if not self._enable_lookup: raise AuthError( 403, "Looking up third-party identifiers is denied from this server", @@ -395,6 +401,12 @@ class IdentityHandler(BaseHandler): https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup for details """ + if not self._should_trust_id_server(id_server): + raise SynapseError( + 400, "Untrusted ID server '%s'" % id_server, + Codes.SERVER_NOT_TRUSTED + ) + if not self._enable_lookup: raise AuthError( 403, "Looking up third-party identifiers is denied from this server", -- cgit 1.5.1 From f304f1a574a7114ad4ccc335563d1ecb3eb49501 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Thu, 9 May 2019 13:07:43 +0100 Subject: Incorporate review --- synapse/handlers/identity.py | 2 +- synapse/rest/client/v2_alpha/account.py | 7 +++---- tests/rest/client/test_identity.py | 2 ++ 3 files changed, 6 insertions(+), 5 deletions(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index b4c6e94777..f39803629e 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -388,7 +388,7 @@ class IdentityHandler(BaseHandler): @defer.inlineCallbacks def bulk_lookup_3pid(self, id_server, threepids): - """Looks up a 3pid in the passed identity server. + """Looks up given 3pids in the passed identity server. Args: id_server (str): The server name (including port, if required) diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index f1037ce115..08079a9bc6 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -15,6 +15,7 @@ # See the License for the specific language governing permissions and # limitations under the License. import logging +import re from six.moves import http_client @@ -482,11 +483,10 @@ class ThreepidDeleteRestServlet(RestServlet): class ThreepidLookupRestServlet(RestServlet): - PATTERNS = client_v2_patterns("/account/3pid/lookup$") + PATTERNS = [re.compile("^/_matrix/client/unstable/account/3pid/lookup$")] def __init__(self, hs): super(ThreepidLookupRestServlet, self).__init__() - self.config = hs.config self.auth = hs.get_auth() self.identity_handler = hs.get_handlers().identity_handler @@ -514,11 +514,10 @@ class ThreepidLookupRestServlet(RestServlet): class ThreepidBulkLookupRestServlet(RestServlet): - PATTERNS = client_v2_patterns("/account/3pid/bulk_lookup$") + PATTERNS = [re.compile("^/_matrix/client/unstable/account/3pid/bulk_lookup$")] def __init__(self, hs): super(ThreepidBulkLookupRestServlet, self).__init__() - self.config = hs.config self.auth = hs.get_auth() self.identity_handler = hs.get_handlers().identity_handler diff --git a/tests/rest/client/test_identity.py b/tests/rest/client/test_identity.py index 7edcfa8f67..b942f1ffe6 100644 --- a/tests/rest/client/test_identity.py +++ b/tests/rest/client/test_identity.py @@ -26,6 +26,7 @@ from tests import unittest class IdentityDisabledTestCase(unittest.HomeserverTestCase): + """Tests that 3PID lookup attempts fail when the HS's config disallows them.""" servlets = [ account.register_servlets, @@ -104,6 +105,7 @@ class IdentityDisabledTestCase(unittest.HomeserverTestCase): class IdentityEnabledTestCase(unittest.HomeserverTestCase): + """Tests that 3PID lookup attempts succeed when the HS's config allows them.""" servlets = [ account.register_servlets, -- cgit 1.5.1