diff options
author | Quentin Gliech <quenting@element.io> | 2022-07-12 12:06:29 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-12 18:06:29 +0100 |
commit | b19060a29b4f73897847db2aba5d03ec819086e0 (patch) | |
tree | 3f225c409664314dd7e28150df25de86457bc38f | |
parent | expose whether a room is a space in the Admin API (#13208) (diff) | |
download | synapse-b19060a29b4f73897847db2aba5d03ec819086e0.tar.xz |
Make the AS login method call `Auth.get_user_by_req` for checking the AS token. (#13094)
This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly. Signed-off-by: Quentin Gliech <quenting@element.io>
Diffstat (limited to '')
-rw-r--r-- | changelog.d/13094.misc | 1 | ||||
-rw-r--r-- | synapse/rest/client/login.py | 10 |
2 files changed, 9 insertions, 2 deletions
diff --git a/changelog.d/13094.misc b/changelog.d/13094.misc new file mode 100644 index 0000000000..f1e55ae476 --- /dev/null +++ b/changelog.d/13094.misc @@ -0,0 +1 @@ +Make the AS login method call `Auth.get_user_by_req` for checking the AS token. diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index dd75e40f34..0437c87d8d 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -28,7 +28,7 @@ from typing import ( from typing_extensions import TypedDict -from synapse.api.errors import Codes, LoginError, SynapseError +from synapse.api.errors import Codes, InvalidClientTokenError, LoginError, SynapseError from synapse.api.ratelimiting import Ratelimiter from synapse.api.urls import CLIENT_API_PREFIX from synapse.appservice import ApplicationService @@ -172,7 +172,13 @@ class LoginRestServlet(RestServlet): try: if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE: - appservice = self.auth.get_appservice_by_req(request) + requester = await self.auth.get_user_by_req(request) + appservice = requester.app_service + + if appservice is None: + raise InvalidClientTokenError( + "This login method is only valid for application services" + ) if appservice.is_rate_limited(): await self._address_ratelimiter.ratelimit( |