diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index c0762df567..e96d747b99 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -22,7 +22,7 @@ from synapse.api.constants import EventTypes, Membership, JoinRules
from synapse.api.errors import AuthError, Codes, SynapseError
from synapse.types import RoomID, UserID, EventID
from synapse.util.logutils import log_function
-from synapse.util.thirdpartyinvites import ThirdPartyInvites
+from synapse.util import third_party_invites
from unpaddedbase64 import decode_base64
import logging
@@ -389,7 +389,7 @@ class Auth(object):
True if the event fulfills the expectations of a previous third party
invite event.
"""
- if not ThirdPartyInvites.join_has_third_party_invite(event.content):
+ if not third_party_invites.join_has_third_party_invite(event.content):
return False
join_third_party_invite = event.content["third_party_invite"]
token = join_third_party_invite["token"]
@@ -692,7 +692,7 @@ class Auth(object):
if e_type == Membership.JOIN:
if member_event and not is_public:
auth_ids.append(member_event.event_id)
- if ThirdPartyInvites.join_has_third_party_invite(event.content):
+ if third_party_invites.join_has_third_party_invite(event.content):
key = (
EventTypes.ThirdPartyInvite,
event.content["third_party_invite"]["token"]
diff --git a/synapse/federation/federation_client.py b/synapse/federation/federation_client.py
index 6be83d82e7..d974e920c3 100644
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -25,7 +25,7 @@ from synapse.api.errors import (
from synapse.util import unwrapFirstError
from synapse.util.caches.expiringcache import ExpiringCache
from synapse.util.logutils import log_function
-from synapse.util.thirdpartyinvites import ThirdPartyInvites
+from synapse.util import third_party_invites
from synapse.events import FrozenEvent
import synapse.metrics
@@ -363,8 +363,8 @@ class FederationClient(FederationBase):
continue
args = {}
- if ThirdPartyInvites.join_has_third_party_invite(content):
- ThirdPartyInvites.copy_join_keys(content["third_party_invite"], args)
+ if third_party_invites.join_has_third_party_invite(content):
+ args = third_party_invites.extract_join_keys(content)
try:
ret = yield self.transport_layer.make_join(
destination, room_id, user_id, args
diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py
index d71ab44271..7934f740e0 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -27,7 +27,7 @@ from synapse.api.errors import FederationError, SynapseError, Codes
from synapse.crypto.event_signing import compute_event_signature
-from synapse.util.thirdpartyinvites import ThirdPartyInvites
+from synapse.util import third_party_invites
import simplejson as json
import logging
@@ -232,8 +232,8 @@ class FederationServer(FederationBase):
@defer.inlineCallbacks
def on_make_join_request(self, room_id, user_id, query):
threepid_details = {}
- if ThirdPartyInvites.has_join_keys(query):
- for k in ThirdPartyInvites.JOIN_KEYS:
+ if third_party_invites.has_join_keys(query):
+ for k in third_party_invites.JOIN_KEYS:
if not isinstance(query[k], list) or len(query[k]) != 1:
raise FederationError(
"FATAL",
diff --git a/synapse/handlers/_base.py b/synapse/handlers/_base.py
index 4165c56bed..97edec6ec6 100644
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -21,7 +21,7 @@ from synapse.api.constants import Membership, EventTypes
from synapse.types import UserID, RoomAlias
from synapse.util.logcontext import PreserveLoggingContext
-from synapse.util.thirdpartyinvites import ThirdPartyInvites
+from synapse.util import third_party_invites
import logging
@@ -127,9 +127,9 @@ class BaseHandler(object):
if (
event.type == EventTypes.Member and
event.content["membership"] == Membership.JOIN and
- ThirdPartyInvites.join_has_third_party_invite(event.content)
+ third_party_invites.join_has_third_party_invite(event.content)
):
- yield ThirdPartyInvites.check_key_valid(
+ yield third_party_invites.check_key_valid(
self.hs.get_simple_http_client(),
event
)
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index f10e5192e2..2b3c4cec8e 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -39,7 +39,7 @@ from twisted.internet import defer
import itertools
import logging
-from synapse.util.thirdpartyinvites import ThirdPartyInvites
+from synapse.util import third_party_invites
logger = logging.getLogger(__name__)
@@ -704,9 +704,10 @@ class FederationHandler(BaseHandler):
process it until the other server has signed it and sent it back.
"""
event_content = {"membership": Membership.JOIN}
- if ThirdPartyInvites.has_join_keys(query):
- event_content["third_party_invite"] = {}
- ThirdPartyInvites.copy_join_keys(query, event_content["third_party_invite"])
+ if third_party_invites.has_join_keys(query):
+ event_content["third_party_invite"] = (
+ third_party_invites.extract_join_keys(query)
+ )
builder = self.event_builder_factory.new({
"type": EventTypes.Member,
@@ -722,8 +723,8 @@ class FederationHandler(BaseHandler):
self.auth.check(event, auth_events=context.current_state)
- if ThirdPartyInvites.join_has_third_party_invite(event.content):
- ThirdPartyInvites.check_key_valid(self.hs.get_simple_http_client(), event)
+ if third_party_invites.join_has_third_party_invite(event.content):
+ third_party_invites.check_key_valid(self.hs.get_simple_http_client(), event)
defer.returnValue(event)
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index 1aca203744..1f45fcc6f1 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -26,7 +26,7 @@ from synapse.events.utils import serialize_event
import simplejson as json
import logging
import urllib
-from synapse.util.thirdpartyinvites import ThirdPartyInvites
+from synapse.util import third_party_invites
logger = logging.getLogger(__name__)
@@ -415,7 +415,7 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
# target user is you unless it is an invite
state_key = user.to_string()
- if membership_action == "invite" and ThirdPartyInvites.has_invite_keys(content):
+ if membership_action == "invite" and third_party_invites.has_invite_keys(content):
yield self.handlers.room_member_handler.do_3pid_invite(
room_id,
user,
@@ -446,9 +446,10 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
"membership": unicode(membership_action),
}
- if membership_action == "join" and ThirdPartyInvites.has_join_keys(content):
- event_content["third_party_invite"] = {}
- ThirdPartyInvites.copy_join_keys(content, event_content["third_party_invite"])
+ if membership_action == "join" and third_party_invites.has_join_keys(content):
+ event_content["third_party_invite"] = (
+ third_party_invites.extract_join_keys(content)
+ )
yield msg_handler.create_and_send_event(
{
diff --git a/synapse/util/third_party_invites.py b/synapse/util/third_party_invites.py
new file mode 100644
index 0000000000..b7e38c7ec3
--- /dev/null
+++ b/synapse/util/third_party_invites.py
@@ -0,0 +1,69 @@
+# -*- coding: utf-8 -*-
+# Copyright 2015 OpenMarket Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from twisted.internet import defer
+from synapse.api.errors import AuthError
+
+
+INVITE_KEYS = {"id_server", "medium", "address", "display_name"}
+
+JOIN_KEYS = {
+ "token",
+ "public_key",
+ "key_validity_url",
+ "signature",
+ "sender",
+}
+
+
+def has_invite_keys(content):
+ for key in INVITE_KEYS:
+ if key not in content:
+ return False
+ return True
+
+
+def has_join_keys(content):
+ for key in JOIN_KEYS:
+ if key not in content:
+ return False
+ return True
+
+
+def join_has_third_party_invite(content):
+ if "third_party_invite" not in content:
+ return False
+ return has_join_keys(content["third_party_invite"])
+
+
+def extract_join_keys(src):
+ return {
+ key: value
+ for key, value in src["third_party_invite"].items()
+ if key in JOIN_KEYS
+ }
+
+
+@defer.inlineCallbacks
+def check_key_valid(http_client, event):
+ try:
+ response = yield http_client.get_json(
+ event.content["third_party_invite"]["key_validity_url"],
+ {"public_key": event.content["third_party_invite"]["public_key"]}
+ )
+ if not response["valid"]:
+ raise AuthError(403, "Third party certificate was invalid")
+ except IOError:
+ raise AuthError(403, "Third party certificate could not be checked")
diff --git a/synapse/util/thirdpartyinvites.py b/synapse/util/thirdpartyinvites.py
deleted file mode 100644
index ad0f4e88e9..0000000000
--- a/synapse/util/thirdpartyinvites.py
+++ /dev/null
@@ -1,68 +0,0 @@
-# -*- coding: utf-8 -*-
-# Copyright 2015 OpenMarket Ltd
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-from twisted.internet import defer
-from synapse.api.errors import AuthError
-
-
-class ThirdPartyInvites(object):
- INVITE_KEYS = {"id_server", "medium", "address", "display_name"}
-
- JOIN_KEYS = {
- "token",
- "public_key",
- "key_validity_url",
- "signature",
- "sender",
- }
-
- @classmethod
- def has_invite_keys(cls, content):
- for key in cls.INVITE_KEYS:
- if key not in content:
- return False
- return True
-
- @classmethod
- def has_join_keys(cls, content):
- for key in cls.JOIN_KEYS:
- if key not in content:
- return False
- return True
-
- @classmethod
- def join_has_third_party_invite(cls, content):
- if "third_party_invite" not in content:
- return False
- return cls.has_join_keys(content["third_party_invite"])
-
- @classmethod
- def copy_join_keys(cls, src, dst):
- for key in cls.JOIN_KEYS:
- if key in src:
- dst[key] = src[key]
-
- @classmethod
- @defer.inlineCallbacks
- def check_key_valid(cls, http_client, event):
- try:
- response = yield http_client.get_json(
- event.content["third_party_invite"]["key_validity_url"],
- {"public_key": event.content["third_party_invite"]["public_key"]}
- )
- if not response["valid"]:
- raise AuthError(403, "Third party certificate was invalid")
- except IOError:
- raise AuthError(403, "Third party certificate could not be checked")
|