summary refs log tree commit diff
diff options
context:
space:
mode:
authorQuentin Gliech <quenting@element.io>2022-07-12 12:06:29 -0500
committerGitHub <noreply@github.com>2022-07-12 18:06:29 +0100
commitb19060a29b4f73897847db2aba5d03ec819086e0 (patch)
tree3f225c409664314dd7e28150df25de86457bc38f
parentexpose whether a room is a space in the Admin API (#13208) (diff)
downloadsynapse-b19060a29b4f73897847db2aba5d03ec819086e0.tar.xz
Make the AS login method call `Auth.get_user_by_req` for checking the AS token. (#13094)
This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly.

Signed-off-by: Quentin Gliech <quenting@element.io>
Diffstat (limited to '')
-rw-r--r--changelog.d/13094.misc1
-rw-r--r--synapse/rest/client/login.py10
2 files changed, 9 insertions, 2 deletions
diff --git a/changelog.d/13094.misc b/changelog.d/13094.misc
new file mode 100644
index 0000000000..f1e55ae476
--- /dev/null
+++ b/changelog.d/13094.misc
@@ -0,0 +1 @@
+Make the AS login method call `Auth.get_user_by_req` for checking the AS token.
diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py
index dd75e40f34..0437c87d8d 100644
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@@ -28,7 +28,7 @@ from typing import (
 
 from typing_extensions import TypedDict
 
-from synapse.api.errors import Codes, LoginError, SynapseError
+from synapse.api.errors import Codes, InvalidClientTokenError, LoginError, SynapseError
 from synapse.api.ratelimiting import Ratelimiter
 from synapse.api.urls import CLIENT_API_PREFIX
 from synapse.appservice import ApplicationService
@@ -172,7 +172,13 @@ class LoginRestServlet(RestServlet):
 
         try:
             if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
-                appservice = self.auth.get_appservice_by_req(request)
+                requester = await self.auth.get_user_by_req(request)
+                appservice = requester.app_service
+
+                if appservice is None:
+                    raise InvalidClientTokenError(
+                        "This login method is only valid for application services"
+                    )
 
                 if appservice.is_rate_limited():
                     await self._address_ratelimiter.ratelimit(