diff --git a/synapse/api/auth/internal.py b/synapse/api/auth/internal.py
index 2878f3e6e9..9fd4db68e1 100644
--- a/synapse/api/auth/internal.py
+++ b/synapse/api/auth/internal.py
@@ -28,6 +28,7 @@ from synapse.api.errors import (
Codes,
InvalidClientTokenError,
MissingClientTokenError,
+ UnrecognizedRequestError,
)
from synapse.http.site import SynapseRequest
from synapse.logging.opentracing import active_span, force_tracing, start_active_span
@@ -38,8 +39,10 @@ from . import GUEST_DEVICE_ID
from .base import BaseAuth
if TYPE_CHECKING:
+ from synapse.rest.admin.experimental_features import ExperimentalFeature
from synapse.server import HomeServer
+
logger = logging.getLogger(__name__)
@@ -106,6 +109,32 @@ class InternalAuth(BaseAuth):
parent_span.set_tag("appservice_id", requester.app_service.id)
return requester
+ async def get_user_by_req_experimental_feature(
+ self,
+ request: SynapseRequest,
+ feature: "ExperimentalFeature",
+ allow_guest: bool = False,
+ allow_expired: bool = False,
+ allow_locked: bool = False,
+ ) -> Requester:
+ try:
+ requester = await self.get_user_by_req(
+ request,
+ allow_guest=allow_guest,
+ allow_expired=allow_expired,
+ allow_locked=allow_locked,
+ )
+ if await self.store.is_feature_enabled(requester.user.to_string(), feature):
+ return requester
+
+ raise UnrecognizedRequestError(code=404)
+ except (AuthError, InvalidClientTokenError):
+ if feature.is_globally_enabled(self.hs.config):
+ # If its globally enabled then return the auth error
+ raise
+
+ raise UnrecognizedRequestError(code=404)
+
@cancellable
async def _wrapped_get_user_by_req(
self,
|
