summary refs log tree commit diff
path: root/synapse/handlers/register.py
diff options
context:
space:
mode:
authorQuentin Gliech <quenting@element.io>2022-08-22 15:17:59 +0200
committerGitHub <noreply@github.com>2022-08-22 14:17:59 +0100
commit3dd175b628bab5638165f20de9eade36a4e88147 (patch)
tree9f4f0b459e22c9665baf03e0fb509baa447c4ce2 /synapse/handlers/register.py
parentRemove redundant opentracing spans for `/sendToDevice` and `/keys/upload` (#1... (diff)
downloadsynapse-3dd175b628bab5638165f20de9eade36a4e88147.tar.xz
`synapse.api.auth.Auth` cleanup: make permission-related methods use `Requester` instead of the `UserID` (#13024)
Part of #13019

This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it.

It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
Diffstat (limited to 'synapse/handlers/register.py')
-rw-r--r--synapse/handlers/register.py15
1 files changed, 9 insertions, 6 deletions
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py

index c77d181722..20ec22105a 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -29,7 +29,13 @@ from synapse.api.constants import (
     JoinRules,
     LoginType,
 )
-from synapse.api.errors import AuthError, Codes, ConsentNotGivenError, SynapseError
+from synapse.api.errors import (
+    AuthError,
+    Codes,
+    ConsentNotGivenError,
+    InvalidClientTokenError,
+    SynapseError,
+)
 from synapse.appservice import ApplicationService
 from synapse.config.server import is_threepid_reserved
 from synapse.http.servlet import assert_params_in_dict
@@ -180,10 +186,7 @@ class RegistrationHandler:
                 )
             if guest_access_token:
                 user_data = await self.auth.get_user_by_access_token(guest_access_token)
-                if (
-                    not user_data.is_guest
-                    or UserID.from_string(user_data.user_id).localpart != localpart
-                ):
+                if not user_data.is_guest or user_data.user.localpart != localpart:
                     raise AuthError(
                         403,
                         "Cannot register taken user ID without valid guest "
@@ -618,7 +621,7 @@ class RegistrationHandler:
         user_id = user.to_string()
         service = self.store.get_app_service_by_token(as_token)
         if not service:
-            raise AuthError(403, "Invalid application service token.")
+            raise InvalidClientTokenError()
         if not service.is_interested_in_user(user_id):
             raise SynapseError(
                 400,
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-04 17:10:01 +0000