diff options
| author | Michael Kaye <1917473+michaelkaye@users.noreply.github.com> | 2019-01-21 15:48:15 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-21 15:48:15 +0000 |
| commit | da757b7759ba885cc2fe6408db2da61c14836847 (patch) | |
| tree | f2e8225ddec31abb343d28092bb9e3f4e9e154fa | |
| parent | When performing shadow registration, don't inhibit login. (#4385) (diff) | |
| download | synapse-da757b7759ba885cc2fe6408db2da61c14836847.tar.xz | |
Rewrite identity server URLs as required. (#4393) dinsic_2019-01-21
This takes a mapping of <old> -> <new> and looks up and replaces as required.
| -rw-r--r-- | synapse/config/registration.py | 2 | ||||
| -rw-r--r-- | synapse/handlers/identity.py | 26 |
2 files changed, 24 insertions, 4 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py index f451eea715..efc4c35f1d 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -65,6 +65,8 @@ class RegistrationConfig(Config): self.replicate_user_profiles_to = [self.replicate_user_profiles_to, ] self.shadow_server = config.get("shadow_server", None) + self.rewrite_identity_server_urls = config.get("rewrite_identity_server_urls", {}) + def default_config(self, **kwargs): registration_shared_secret = random_string_with_symbols(50) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 5feb3f22a6..3ffdb45bef 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -47,6 +47,7 @@ class IdentityHandler(BaseHandler): self.trust_any_id_server_just_for_testing_do_not_use = ( hs.config.use_insecure_ssl_client_just_for_testing_do_not_use ) + self.rewrite_identity_server_urls = hs.config.rewrite_identity_server_urls def _should_trust_id_server(self, id_server): if id_server not in self.trusted_id_servers: @@ -84,7 +85,10 @@ class IdentityHandler(BaseHandler): 'credentials', id_server ) defer.returnValue(None) - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.get_json( "https://%s%s" % ( @@ -119,7 +123,10 @@ class IdentityHandler(BaseHandler): client_secret = creds['clientSecret'] else: raise SynapseError(400, "No client_secret in creds") - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.post_urlencoded_get_json( "https://%s%s" % ( @@ -162,6 +169,11 @@ class IdentityHandler(BaseHandler): # deletion request to. id_server = next(iter(self.trusted_id_servers)) + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] + url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,) content = { "mxid": mxid, @@ -210,7 +222,10 @@ class IdentityHandler(BaseHandler): 'send_attempt': send_attempt, } params.update(kwargs) - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.post_json_get_json( "https://%s%s" % ( @@ -242,7 +257,10 @@ class IdentityHandler(BaseHandler): 'send_attempt': send_attempt, } params.update(kwargs) - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.post_json_get_json( "https://%s%s" % ( |