diff options
author | Andrew Morgan <andrew@amorgan.xyz> | 2019-09-11 14:07:18 +0100 |
---|---|---|
committer | Andrew Morgan <andrew@amorgan.xyz> | 2019-09-11 14:07:39 +0100 |
commit | 7008c794e5ddbc4dcee2aab55b598e4e84ee706a (patch) | |
tree | eafa2d022c803566dee0a83f66abf1c7ec9fef19 | |
parent | Merge branch 'develop' of github.com:matrix-org/synapse into anoa/v2_lookup (diff) | |
download | synapse-7008c794e5ddbc4dcee2aab55b598e4e84ee706a.tar.xz |
Send id access_token via Authorization headers, not JSON body
-rw-r--r-- | synapse/handlers/identity.py | 43 | ||||
-rw-r--r-- | synapse/handlers/room_member.py | 7 |
2 files changed, 26 insertions, 24 deletions
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 98252bf650..512f38e5a6 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -74,25 +74,6 @@ class IdentityHandler(BaseHandler): id_access_token = creds.get("id_access_token") return client_secret, id_server, id_access_token - def create_id_access_token_header(self, id_access_token): - """Create an Authorization header for passing to SimpleHttpClient as the header value - of an HTTP request. - - Args: - id_access_token (str): An identity server access token. - - Returns: - list[str]: The ascii-encoded bearer token encased in a list. - """ - # Prefix with Bearer - bearer_token = "Bearer %s" % id_access_token - - # Encode headers to standard ascii - bearer_token.encode("ascii") - - # Return as a list as that's how SimpleHttpClient takes header values - return [bearer_token] - @defer.inlineCallbacks def threepid_from_creds(self, id_server, creds): """ @@ -178,9 +159,7 @@ class IdentityHandler(BaseHandler): bind_data = {"sid": sid, "client_secret": client_secret, "mxid": mxid} if use_v2: bind_url = "https://%s/_matrix/identity/v2/3pid/bind" % (id_server,) - headers["Authorization"] = self.create_id_access_token_header( - id_access_token - ) + headers["Authorization"] = create_id_access_token_header(id_access_token) else: bind_url = "https://%s/_matrix/identity/api/v1/3pid/bind" % (id_server,) @@ -480,6 +459,26 @@ class IdentityHandler(BaseHandler): raise e.to_synapse_error() +def create_id_access_token_header(id_access_token): + """Create an Authorization header for passing to SimpleHttpClient as the header value + of an HTTP request. + + Args: + id_access_token (str): An identity server access token. + + Returns: + list[str]: The ascii-encoded bearer token encased in a list. + """ + # Prefix with Bearer + bearer_token = "Bearer %s" % id_access_token + + # Encode headers to standard ascii + bearer_token.encode("ascii") + + # Return as a list as that's how SimpleHttpClient takes header values + return [bearer_token] + + class LookupAlgorithm: """ Supported hashing algorithms when performing a 3PID lookup. diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index aabb75c560..cea1f740ee 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -29,7 +29,7 @@ from twisted.internet import defer from synapse import types from synapse.api.constants import EventTypes, Membership from synapse.api.errors import AuthError, Codes, HttpResponseException, SynapseError -from synapse.handlers.identity import LookupAlgorithm +from synapse.handlers.identity import LookupAlgorithm, create_id_access_token_header from synapse.types import RoomID, UserID from synapse.util.async_helpers import Linearizer from synapse.util.distributor import user_joined_room, user_left_room @@ -839,15 +839,18 @@ class RoomMemberHandler(object): "algorithms that this homeserver supports.", ) + # Authenticate with identity server given the access token from the client + headers = {"Authorization": create_id_access_token_header(id_access_token)} + try: lookup_results = yield self.simple_http_client.post_json_get_json( "%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server), { - "access_token": id_access_token, "addresses": [lookup_value], "algorithm": lookup_algorithm, "pepper": lookup_pepper, }, + headers=headers, ) except Exception as e: logger.warning("Error when performing a v2 3pid lookup: %s", e) |