diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py
index fe593d07ce..d14ce3efa2 100644
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@@ -33,6 +33,9 @@ from saml2.client import Saml2Client
import xml.etree.ElementTree as ET
+import jwt
+from jwt.exceptions import InvalidTokenError
+
logger = logging.getLogger(__name__)
@@ -43,12 +46,16 @@ class LoginRestServlet(ClientV1RestServlet):
SAML2_TYPE = "m.login.saml2"
CAS_TYPE = "m.login.cas"
TOKEN_TYPE = "m.login.token"
+ JWT_TYPE = "m.login.jwt"
def __init__(self, hs):
super(LoginRestServlet, self).__init__(hs)
self.idp_redirect_url = hs.config.saml2_idp_redirect_url
self.password_enabled = hs.config.password_enabled
self.saml2_enabled = hs.config.saml2_enabled
+ self.jwt_enabled = hs.config.jwt_enabled
+ self.jwt_secret = hs.config.jwt_secret
+ self.jwt_algorithm = hs.config.jwt_algorithm
self.cas_enabled = hs.config.cas_enabled
self.cas_server_url = hs.config.cas_server_url
self.cas_required_attributes = hs.config.cas_required_attributes
@@ -57,6 +64,8 @@ class LoginRestServlet(ClientV1RestServlet):
def on_GET(self, request):
flows = []
+ if self.jwt_enabled:
+ flows.append({"type": LoginRestServlet.JWT_TYPE})
if self.saml2_enabled:
flows.append({"type": LoginRestServlet.SAML2_TYPE})
if self.cas_enabled:
@@ -98,6 +107,10 @@ class LoginRestServlet(ClientV1RestServlet):
"uri": "%s%s" % (self.idp_redirect_url, relay_state)
}
defer.returnValue((200, result))
+ elif self.jwt_enabled and (login_submission["type"] ==
+ LoginRestServlet.JWT_TYPE):
+ result = yield self.do_jwt_login(login_submission)
+ defer.returnValue(result)
# TODO Delete this after all CAS clients switch to token login instead
elif self.cas_enabled and (login_submission["type"] ==
LoginRestServlet.CAS_TYPE):
@@ -209,6 +222,46 @@ class LoginRestServlet(ClientV1RestServlet):
defer.returnValue((200, result))
+ @defer.inlineCallbacks
+ def do_jwt_login(self, login_submission):
+ token = login_submission['token']
+ if token is None:
+ raise LoginError(401, "Unauthorized", errcode=Codes.UNAUTHORIZED)
+
+ try:
+ payload = jwt.decode(token, self.jwt_secret, algorithms=[self.jwt_algorithm])
+ except InvalidTokenError:
+ raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)
+
+ user = payload['user']
+ if user is None:
+ raise LoginError(401, "Invalid JWT", errcode=Codes.UNAUTHORIZED)
+
+ user_id = UserID.create(user, self.hs.hostname).to_string()
+ auth_handler = self.handlers.auth_handler
+ user_exists = yield auth_handler.does_user_exist(user_id)
+ if user_exists:
+ user_id, access_token, refresh_token = (
+ yield auth_handler.get_login_tuple_for_user_id(user_id)
+ )
+ result = {
+ "user_id": user_id, # may have changed
+ "access_token": access_token,
+ "refresh_token": refresh_token,
+ "home_server": self.hs.hostname,
+ }
+ else:
+ user_id, access_token = (
+ yield self.handlers.registration_handler.register(localpart=user)
+ )
+ result = {
+ "user_id": user_id, # may have changed
+ "access_token": access_token,
+ "home_server": self.hs.hostname,
+ }
+
+ defer.returnValue((200, result))
+
# TODO Delete this after all CAS clients switch to token login instead
def parse_cas_response(self, cas_response_body):
root = ET.fromstring(cas_response_body)
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index a1fa7daf79..b223fb7e5f 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -405,6 +405,42 @@ class RoomEventContext(ClientV1RestServlet):
defer.returnValue((200, results))
+class RoomForgetRestServlet(ClientV1RestServlet):
+ def register(self, http_server):
+ PATTERNS = ("/rooms/(?P<room_id>[^/]*)/forget")
+ register_txn_path(self, PATTERNS, http_server)
+
+ @defer.inlineCallbacks
+ def on_POST(self, request, room_id, txn_id=None):
+ requester = yield self.auth.get_user_by_req(
+ request,
+ allow_guest=False,
+ )
+
+ yield self.handlers.room_member_handler.forget(
+ user=requester.user,
+ room_id=room_id,
+ )
+
+ defer.returnValue((200, {}))
+
+ @defer.inlineCallbacks
+ def on_PUT(self, request, room_id, txn_id):
+ try:
+ defer.returnValue(
+ self.txns.get_client_transaction(request, txn_id)
+ )
+ except KeyError:
+ pass
+
+ response = yield self.on_POST(
+ request, room_id, txn_id
+ )
+
+ self.txns.store_client_transaction(request, txn_id, response)
+ defer.returnValue(response)
+
+
# TODO: Needs unit testing
class RoomMembershipRestServlet(ClientV1RestServlet):
@@ -624,6 +660,7 @@ def register_servlets(hs, http_server):
RoomMemberListRestServlet(hs).register(http_server)
RoomMessageListRestServlet(hs).register(http_server)
JoinRoomAliasServlet(hs).register(http_server)
+ RoomForgetRestServlet(hs).register(http_server)
RoomMembershipRestServlet(hs).register(http_server)
RoomSendEventRestServlet(hs).register(http_server)
PublicRoomListRestServlet(hs).register(http_server)
diff --git a/synapse/rest/client/v2_alpha/sync.py b/synapse/rest/client/v2_alpha/sync.py
index c5785d7074..60d3dc4030 100644
--- a/synapse/rest/client/v2_alpha/sync.py
+++ b/synapse/rest/client/v2_alpha/sync.py
@@ -199,15 +199,17 @@ class SyncRestServlet(RestServlet):
"""
Encode the joined rooms in a sync result
- :param list[synapse.handlers.sync.JoinedSyncResult] rooms: list of sync
- results for rooms this user is joined to
- :param int time_now: current time - used as a baseline for age
- calculations
- :param int token_id: ID of the user's auth token - used for namespacing
- of transaction IDs
-
- :return: the joined rooms list, in our response format
- :rtype: dict[str, dict[str, object]]
+ Args:
+ rooms(list[synapse.handlers.sync.JoinedSyncResult]): list of sync
+ results for rooms this user is joined to
+ time_now(int): current time - used as a baseline for age
+ calculations
+ token_id(int): ID of the user's auth token - used for namespacing
+ of transaction IDs
+
+ Returns:
+ dict[str, dict[str, object]]: the joined rooms list, in our
+ response format
"""
joined = {}
for room in rooms:
@@ -221,15 +223,17 @@ class SyncRestServlet(RestServlet):
"""
Encode the invited rooms in a sync result
- :param list[synapse.handlers.sync.InvitedSyncResult] rooms: list of
- sync results for rooms this user is joined to
- :param int time_now: current time - used as a baseline for age
- calculations
- :param int token_id: ID of the user's auth token - used for namespacing
+ Args:
+ rooms(list[synapse.handlers.sync.InvitedSyncResult]): list of
+ sync results for rooms this user is joined to
+ time_now(int): current time - used as a baseline for age
+ calculations
+ token_id(int): ID of the user's auth token - used for namespacing
of transaction IDs
- :return: the invited rooms list, in our response format
- :rtype: dict[str, dict[str, object]]
+ Returns:
+ dict[str, dict[str, object]]: the invited rooms list, in our
+ response format
"""
invited = {}
for room in rooms:
@@ -251,15 +255,17 @@ class SyncRestServlet(RestServlet):
"""
Encode the archived rooms in a sync result
- :param list[synapse.handlers.sync.ArchivedSyncResult] rooms: list of
- sync results for rooms this user is joined to
- :param int time_now: current time - used as a baseline for age
- calculations
- :param int token_id: ID of the user's auth token - used for namespacing
- of transaction IDs
-
- :return: the invited rooms list, in our response format
- :rtype: dict[str, dict[str, object]]
+ Args:
+ rooms (list[synapse.handlers.sync.ArchivedSyncResult]): list of
+ sync results for rooms this user is joined to
+ time_now(int): current time - used as a baseline for age
+ calculations
+ token_id(int): ID of the user's auth token - used for namespacing
+ of transaction IDs
+
+ Returns:
+ dict[str, dict[str, object]]: The invited rooms list, in our
+ response format
"""
joined = {}
for room in rooms:
@@ -272,17 +278,18 @@ class SyncRestServlet(RestServlet):
@staticmethod
def encode_room(room, time_now, token_id, joined=True):
"""
- :param JoinedSyncResult|ArchivedSyncResult room: sync result for a
- single room
- :param int time_now: current time - used as a baseline for age
- calculations
- :param int token_id: ID of the user's auth token - used for namespacing
- of transaction IDs
- :param joined: True if the user is joined to this room - will mean
- we handle ephemeral events
-
- :return: the room, encoded in our response format
- :rtype: dict[str, object]
+ Args:
+ room (JoinedSyncResult|ArchivedSyncResult): sync result for a
+ single room
+ time_now (int): current time - used as a baseline for age
+ calculations
+ token_id (int): ID of the user's auth token - used for namespacing
+ of transaction IDs
+ joined (bool): True if the user is joined to this room - will mean
+ we handle ephemeral events
+
+ Returns:
+ dict[str, object]: the room, encoded in our response format
"""
def serialize(event):
# TODO(mjark): Respect formatting requirements in the filter.
|
