summary refs log tree commit diff
path: root/synapse/api
diff options
context:
space:
mode:
authorKegan Dougal <kegan@matrix.org>2015-02-09 14:14:15 +0000
committerKegan Dougal <kegan@matrix.org>2015-02-09 14:14:15 +0000
commit5a7dd058184613c70041a61fdbc2ccce104bb500 (patch)
treec223485171f05bc887507d207d88244e4061047e /synapse/api
parentRegister a user account for the AS when the AS registers. Add 'sender' column... (diff)
downloadsynapse-5a7dd058184613c70041a61fdbc2ccce104bb500.tar.xz
Modify auth.get_user_by_req for authing appservices directly.
Add logic to map the appservice token to the autogenned appservice user ID.
Add unit tests for all forms of get_user_by_req (user/appservice,
valid/bad/missing tokens)
Diffstat (limited to 'synapse/api')
-rw-r--r--synapse/api/auth.py34
1 files changed, 16 insertions, 18 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index ea8c461729..310a428066 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -302,27 +302,26 @@ class Auth(object):
 
             # Check for application service tokens with a user_id override
             try:
-                if "user_id" not in request.args:
-                    # This has to be done like this rather than relying on it
-                    # natively throwing because tests use a Mock for the request
-                    # object which doesn't throw :/
-                    raise KeyError
-
-                masquerade_user_id = request.args["user_id"][0]
                 app_service = yield self.store.get_app_service_by_token(
                     access_token
                 )
                 if not app_service:
-                    raise AuthError(
-                        403, "Invalid application service access token"
-                    )
-                if not app_service.is_interested_in_user(masquerade_user_id):
-                    raise AuthError(
-                        403,
-                        "Application service cannot masquerade as this user."
-                    )
+                    raise KeyError
+
+                user_id = app_service.sender
+                if "user_id" in request.args:
+                    user_id = request.args["user_id"][0]
+                    if not app_service.is_interested_in_user(user_id):
+                        raise AuthError(
+                            403,
+                            "Application service cannot masquerade as this user."
+                        )
+
+                if not user_id:
+                    raise KeyError
+
                 defer.returnValue(
-                    (UserID.from_string(masquerade_user_id), ClientInfo("", ""))
+                    (UserID.from_string(user_id), ClientInfo("", ""))
                 )
                 return
             except KeyError:
@@ -366,8 +365,7 @@ class Auth(object):
         try:
             ret = yield self.store.get_user_by_token(token=token)
             if not ret:
-                raise StoreError()
-
+                raise StoreError(400, "Unknown token")
             user_info = {
                 "admin": bool(ret.get("admin", False)),
                 "device_id": ret.get("device_id"),