diff options
Diffstat (limited to 'synapse/api/auth.py')
| -rw-r--r-- | synapse/api/auth.py | 45 |
1 files changed, 16 insertions, 29 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 34382e4e3c..1401e8a2b0 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -189,6 +189,7 @@ class Auth(object): # Can optionally look elsewhere in the request (e.g. headers) try: user_id, app_service = yield self._get_appservice_user_id(request) + if user_id: request.authenticated_entity = user_id defer.returnValue( @@ -238,39 +239,40 @@ class Auth(object): errcode=Codes.MISSING_TOKEN ) - @defer.inlineCallbacks def _get_appservice_user_id(self, request): app_service = self.store.get_app_service_by_token( self.get_access_token_from_request( request, self.TOKEN_NOT_FOUND_HTTP_STATUS ) ) + if app_service is None: - defer.returnValue((None, None)) + return(None, None) if app_service.ip_range_whitelist: ip_address = IPAddress(self.hs.get_ip_from_request(request)) if ip_address not in app_service.ip_range_whitelist: - defer.returnValue((None, None)) + return(None, None) if b"user_id" not in request.args: - defer.returnValue((app_service.sender, app_service)) + return(app_service.sender, app_service) user_id = request.args[b"user_id"][0].decode('utf8') if app_service.sender == user_id: - defer.returnValue((app_service.sender, app_service)) + return(app_service.sender, app_service) if not app_service.is_interested_in_user(user_id): raise AuthError( 403, "Application service cannot masquerade as this user." ) - if not (yield self.store.get_user_by_id(user_id)): - raise AuthError( - 403, - "Application service has not registered this user" - ) - defer.returnValue((user_id, app_service)) + # Let ASes manipulate nonexistent users (e.g. to shadow-register them) + # if not (yield self.store.get_user_by_id(user_id)): + # raise AuthError( + # 403, + # "Application service has not registered this user" + # ) + return(user_id, app_service) @defer.inlineCallbacks def get_user_by_access_token(self, token, rights="access"): @@ -514,24 +516,9 @@ class Auth(object): defer.returnValue(user_info) def get_appservice_by_req(self, request): - try: - token = self.get_access_token_from_request( - request, self.TOKEN_NOT_FOUND_HTTP_STATUS - ) - service = self.store.get_app_service_by_token(token) - if not service: - logger.warn("Unrecognised appservice access token.") - raise AuthError( - self.TOKEN_NOT_FOUND_HTTP_STATUS, - "Unrecognised access token.", - errcode=Codes.UNKNOWN_TOKEN - ) - request.authenticated_entity = service.sender - return defer.succeed(service) - except KeyError: - raise AuthError( - self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token." - ) + (user_id, app_service) = self._get_appservice_user_id(request) + request.authenticated_entity = app_service.sender + return app_service def is_server_admin(self, user): """ Check if the given user is a local server admin. |