Add authentication to thirdparty bridge APIs (#12746)

Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
author: Will Hunt <will@half-shot.uk> 2022-05-24 15:39:54 +0100
committer: GitHub <noreply@github.com> 2022-05-24 16:39:54 +0200
commit: 6855024e0a363ff09d50586dcf1b089b77ac3b0c (patch)
tree: cd14f69910e4ca2065d2889873831956812cf523 /synapse
parent: Merge tag 'v1.60.0rc1' into develop (diff)
download: synapse-6855024e0a363ff09d50586dcf1b089b77ac3b0c.tar.xz
1 files changed, 12 insertions, 3 deletions
diff --git a/synapse/appservice/api.py b/synapse/appservice/api.py
index d19f8dd996..df1c214462 100644
--- a/synapse/appservice/api.py
+++ b/synapse/appservice/api.py
@@ -14,7 +14,7 @@
 # limitations under the License.
 import logging
 import urllib.parse
-from typing import TYPE_CHECKING, Dict, Iterable, List, Optional, Tuple
+from typing import TYPE_CHECKING, Any, Dict, Iterable, List, Mapping, Optional, Tuple
 
 from prometheus_client import Counter
 from typing_extensions import TypeGuard
@@ -155,6 +155,9 @@ class ApplicationServiceApi(SimpleHttpClient):
         if service.url is None:
             return []
 
+        # This is required by the configuration.
+        assert service.hs_token is not None
+
         uri = "%s%s/thirdparty/%s/%s" % (
             service.url,
             APP_SERVICE_PREFIX,
@@ -162,7 +165,11 @@ class ApplicationServiceApi(SimpleHttpClient):
             urllib.parse.quote(protocol),
         )
         try:
-            response = await self.get_json(uri, fields)
+            args: Mapping[Any, Any] = {
+                **fields,
+                b"access_token": service.hs_token,
+            }
+            response = await self.get_json(uri, args=args)
             if not isinstance(response, list):
                 logger.warning(
                     "query_3pe to %s returned an invalid response %r", uri, response
@@ -190,13 +197,15 @@ class ApplicationServiceApi(SimpleHttpClient):
             return {}
 
         async def _get() -> Optional[JsonDict]:
+            # This is required by the configuration.
+            assert service.hs_token is not None
             uri = "%s%s/thirdparty/protocol/%s" % (
                 service.url,
                 APP_SERVICE_PREFIX,
                 urllib.parse.quote(protocol),
             )
             try:
-                info = await self.get_json(uri)
+                info = await self.get_json(uri, {"access_token": service.hs_token})
 
                 if not _is_valid_3pe_metadata(info):
                     logger.warning(
author	Will Hunt <will@half-shot.uk>	2022-05-24 15:39:54 +0100
committer	GitHub <noreply@github.com>	2022-05-24 16:39:54 +0200
commit	6855024e0a363ff09d50586dcf1b089b77ac3b0c (patch)
tree	cd14f69910e4ca2065d2889873831956812cf523 /synapse
parent	Merge tag 'v1.60.0rc1' into develop (diff)
download	synapse-6855024e0a363ff09d50586dcf1b089b77ac3b0c.tar.xz