diff options
| author | Richard van der Hoff <richard@matrix.org> | 2018-07-12 09:56:28 +0100 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2018-07-12 09:56:28 +0100 |
| commit | 482d17b58b55e4a62c1b4df9484d1c3af80d94ff (patch) | |
| tree | d936edf00491834d76c7c7aa651d2f884e0c307b /synapse/api/auth.py | |
| parent | Enforce the specified API for report_event (diff) | |
| parent | Merge pull request #3505 from matrix-org/erikj/receipts_cahce (diff) | |
| download | synapse-482d17b58b55e4a62c1b4df9484d1c3af80d94ff.tar.xz | |
Merge branch 'develop' into rav/enforce_report_api
Diffstat (limited to 'synapse/api/auth.py')
| -rw-r--r-- | synapse/api/auth.py | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index b052cf532b..6dec862fec 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -15,15 +15,19 @@ import logging +from six import itervalues + import pymacaroons +from netaddr import IPAddress + from twisted.internet import defer import synapse.types from synapse import event_auth -from synapse.api.constants import EventTypes, Membership, JoinRules +from synapse.api.constants import EventTypes, JoinRules, Membership from synapse.api.errors import AuthError, Codes from synapse.types import UserID -from synapse.util.caches import register_cache, CACHE_SIZE_FACTOR +from synapse.util.caches import CACHE_SIZE_FACTOR, register_cache from synapse.util.caches.lrucache import LruCache from synapse.util.metrics import Measure @@ -66,7 +70,7 @@ class Auth(object): ) auth_events = yield self.store.get_events(auth_events_ids) auth_events = { - (e.type, e.state_key): e for e in auth_events.values() + (e.type, e.state_key): e for e in itervalues(auth_events) } self.check(event, auth_events=auth_events, do_sig_check=do_sig_check) @@ -242,6 +246,11 @@ class Auth(object): if app_service is None: defer.returnValue((None, None)) + if app_service.ip_range_whitelist: + ip_address = IPAddress(self.hs.get_ip_from_request(request)) + if ip_address not in app_service.ip_range_whitelist: + defer.returnValue((None, None)) + if "user_id" not in request.args: defer.returnValue((app_service.sender, app_service)) @@ -486,7 +495,7 @@ class Auth(object): def _look_up_user_by_access_token(self, token): ret = yield self.store.get_user_by_access_token(token) if not ret: - logger.warn("Unrecognised access token - not in store: %s" % (token,)) + logger.warn("Unrecognised access token - not in store.") raise AuthError( self.TOKEN_NOT_FOUND_HTTP_STATUS, "Unrecognised access token.", errcode=Codes.UNKNOWN_TOKEN @@ -509,7 +518,7 @@ class Auth(object): ) service = self.store.get_app_service_by_token(token) if not service: - logger.warn("Unrecognised appservice access token: %s" % (token,)) + logger.warn("Unrecognised appservice access token.") raise AuthError( self.TOKEN_NOT_FOUND_HTTP_STATUS, "Unrecognised access token.", @@ -653,7 +662,7 @@ class Auth(object): auth_events[(EventTypes.PowerLevels, "")] = power_level_event send_level = event_auth.get_send_level( - EventTypes.Aliases, "", auth_events + EventTypes.Aliases, "", power_level_event, ) user_level = event_auth.get_user_power_level(user_id, auth_events) |