summary refs log tree commit diff
path: root/synapse/rest/client/v2_alpha/devices.py
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2017-12-04 16:38:10 +0000
committerRichard van der Hoff <richard@matrix.org>2017-12-05 09:42:30 +0000
commitd7ea8c48009015796ce5424492c3d5f46c7a28b6 (patch)
tree9e4f1c084651ba9d30c5a5f383e967655227a431 /synapse/rest/client/v2_alpha/devices.py
parentMerge pull request #2727 from matrix-org/rav/refactor_ui_auth_return (diff)
downloadsynapse-d7ea8c48009015796ce5424492c3d5f46c7a28b6.tar.xz
Factor out a validate_user_via_ui_auth method
Collect together all the places that validate a logged-in user via UI auth.
Diffstat (limited to 'synapse/rest/client/v2_alpha/devices.py')
-rw-r--r--synapse/rest/client/v2_alpha/devices.py26
1 files changed, 12 insertions, 14 deletions
diff --git a/synapse/rest/client/v2_alpha/devices.py b/synapse/rest/client/v2_alpha/devices.py
index 909f9c087b..4fff02eeeb 100644
--- a/synapse/rest/client/v2_alpha/devices.py
+++ b/synapse/rest/client/v2_alpha/devices.py
@@ -17,7 +17,7 @@ import logging
 
 from twisted.internet import defer
 
-from synapse.api import constants, errors
+from synapse.api import errors
 from synapse.http import servlet
 from ._base import client_v2_patterns, interactive_auth_handler
 
@@ -63,6 +63,8 @@ class DeleteDevicesRestServlet(servlet.RestServlet):
     @interactive_auth_handler
     @defer.inlineCallbacks
     def on_POST(self, request):
+        requester = yield self.auth.get_user_by_req(request)
+
         try:
             body = servlet.parse_json_object_from_request(request)
         except errors.SynapseError as e:
@@ -78,11 +80,10 @@ class DeleteDevicesRestServlet(servlet.RestServlet):
                 400, "No devices supplied", errcode=errors.Codes.MISSING_PARAM
             )
 
-        result, params, _ = yield self.auth_handler.check_auth([
-            [constants.LoginType.PASSWORD],
-        ], body, self.hs.get_ip_from_request(request))
+        result, params, _ = yield self.auth_handler.validate_user_via_ui_auth(
+            requester, body, self.hs.get_ip_from_request(request),
+        )
 
-        requester = yield self.auth.get_user_by_req(request)
         yield self.device_handler.delete_devices(
             requester.user.to_string(),
             body['devices'],
@@ -129,16 +130,13 @@ class DeviceRestServlet(servlet.RestServlet):
             else:
                 raise
 
-        result, params, _ = yield self.auth_handler.check_auth([
-            [constants.LoginType.PASSWORD],
-        ], body, self.hs.get_ip_from_request(request))
-
-        # check that the UI auth matched the access token
-        user_id = result[constants.LoginType.PASSWORD]
-        if user_id != requester.user.to_string():
-            raise errors.AuthError(403, "Invalid auth")
+        yield self.auth_handler.validate_user_via_ui_auth(
+            requester, body, self.hs.get_ip_from_request(request),
+        )
 
-        yield self.device_handler.delete_device(user_id, device_id)
+        yield self.device_handler.delete_device(
+            requester.user.to_string(), device_id,
+        )
         defer.returnValue((200, {}))
 
     @defer.inlineCallbacks