diff options
author | Daniel Wagner-Hall <dawagner@gmail.com> | 2015-10-16 15:23:30 +0100 |
---|---|---|
committer | Daniel Wagner-Hall <dawagner@gmail.com> | 2015-10-16 15:23:30 +0100 |
commit | e5acc8a47b3c535c121afb5fb58bc35bc26992ff (patch) | |
tree | 85755f9d0f088b4df0f984d302544f6ae18bdfc8 /synapse/util/third_party_invites.py | |
parent | Merge pull request #309 from matrix-org/erikj/_filter_events_for_client (diff) | |
parent | Add signing host and keyname to signatures (diff) | |
download | synapse-e5acc8a47b3c535c121afb5fb58bc35bc26992ff.tar.xz |
Merge pull request #302 from matrix-org/daniel/3pidinvites
Implement third party identifier invites
Diffstat (limited to 'synapse/util/third_party_invites.py')
-rw-r--r-- | synapse/util/third_party_invites.py | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/synapse/util/third_party_invites.py b/synapse/util/third_party_invites.py new file mode 100644 index 0000000000..792db5ba39 --- /dev/null +++ b/synapse/util/third_party_invites.py @@ -0,0 +1,69 @@ +# -*- coding: utf-8 -*- +# Copyright 2015 OpenMarket Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +from twisted.internet import defer +from synapse.api.errors import AuthError + + +INVITE_KEYS = {"id_server", "medium", "address", "display_name"} + +JOIN_KEYS = { + "token", + "public_key", + "key_validity_url", + "signatures", + "sender", +} + + +def has_invite_keys(content): + for key in INVITE_KEYS: + if key not in content: + return False + return True + + +def has_join_keys(content): + for key in JOIN_KEYS: + if key not in content: + return False + return True + + +def join_has_third_party_invite(content): + if "third_party_invite" not in content: + return False + return has_join_keys(content["third_party_invite"]) + + +def extract_join_keys(src): + return { + key: value + for key, value in src.items() + if key in JOIN_KEYS + } + + +@defer.inlineCallbacks +def check_key_valid(http_client, event): + try: + response = yield http_client.get_json( + event.content["third_party_invite"]["key_validity_url"], + {"public_key": event.content["third_party_invite"]["public_key"]} + ) + except Exception: + raise AuthError(502, "Third party certificate could not be checked") + if "valid" not in response or not response["valid"]: + raise AuthError(403, "Third party certificate was invalid") |