From 2c68d1935ebf428b865726928cccd763cd4c21ea Mon Sep 17 00:00:00 2001
From: Matthew Hodgson <matthew@matrix.org>
Date: Sun, 4 Nov 2018 00:43:11 +0000
Subject: make profile shadowing work

---
 synapse/api/auth.py               | 23 +++++------------------
 synapse/config/registration.py    |  1 +
 synapse/rest/client/v1/profile.py | 24 +++++++++++++++++-------
 3 files changed, 23 insertions(+), 25 deletions(-)

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 90f9e16bde..cfe0a2abca 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -189,6 +189,7 @@ class Auth(object):
         # Can optionally look elsewhere in the request (e.g. headers)
         try:
             user_id, app_service = yield self._get_appservice_user_id(request)
+
             if user_id:
                 request.authenticated_entity = user_id
                 defer.returnValue(
@@ -244,6 +245,7 @@ class Auth(object):
                 request, self.TOKEN_NOT_FOUND_HTTP_STATUS
             )
         )
+
         if app_service is None:
             return(None, None)
 
@@ -514,24 +516,9 @@ class Auth(object):
         defer.returnValue(user_info)
 
     def get_appservice_by_req(self, request):
-        try:
-            token = self.get_access_token_from_request(
-                request, self.TOKEN_NOT_FOUND_HTTP_STATUS
-            )
-            service = self.store.get_app_service_by_token(token)
-            if not service:
-                logger.warn("Unrecognised appservice access token.")
-                raise AuthError(
-                    self.TOKEN_NOT_FOUND_HTTP_STATUS,
-                    "Unrecognised access token.",
-                    errcode=Codes.UNKNOWN_TOKEN
-                )
-            request.authenticated_entity = service.sender
-            return defer.succeed(service)
-        except KeyError:
-            raise AuthError(
-                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token."
-            )
+        (user_id, appservice) = self._get_appservice_user_id(request)
+        request.authenticated_entity = service.sender
+        return appservice
 
     def is_server_admin(self, user):
         """ Check if the given user is a local server admin.
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index 043d11545f..f451eea715 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -148,6 +148,7 @@ class RegistrationConfig(Config):
         # via a given AS token.
         # shadow_server:
         #     hs_url: https://shadow.example.com
+        #     hs: shadow.example.com
         #     as_token: 12u394refgbdhivsia
 
         # If enabled, don't let users set their own display names/avatars
diff --git a/synapse/rest/client/v1/profile.py b/synapse/rest/client/v1/profile.py
index ab2c9cdb8c..5893fc3634 100644
--- a/synapse/rest/client/v1/profile.py
+++ b/synapse/rest/client/v1/profile.py
@@ -14,6 +14,8 @@
 # limitations under the License.
 
 """ This module contains REST servlets to do with profile: /profile/<paths> """
+import logging
+
 from twisted.internet import defer
 
 from synapse.http.servlet import parse_json_object_from_request
@@ -21,6 +23,8 @@ from synapse.types import UserID
 
 from .base import ClientV1RestServlet, client_path_patterns
 
+logger = logging.getLogger(__name__)
+
 
 class ProfileDisplaynameRestServlet(ClientV1RestServlet):
     PATTERNS = client_path_patterns("/profile/(?P<user_id>[^/]*)/displayname")
@@ -61,7 +65,10 @@ class ProfileDisplaynameRestServlet(ClientV1RestServlet):
             user, requester, new_name, is_admin)
 
         if self.hs.config.shadow_server:
-            self.shadow_displayname(user_id, content)
+            shadow_user = UserID(
+                user.localpart, self.hs.config.shadow_server.get("hs")
+            )
+            self.shadow_displayname(shadow_user.to_string(), content)
 
         defer.returnValue((200, {}))
 
@@ -74,9 +81,9 @@ class ProfileDisplaynameRestServlet(ClientV1RestServlet):
         shadow_hs_url = self.hs.config.shadow_server.get("hs_url")
         as_token = self.hs.config.shadow_server.get("as_token")
 
-        yield self.http_client.post_json_get_json(
-            "%s/_matrix/client/r0/profile/%s/displayname?access_token=%s" % (
-                shadow_hs_url, user_id, as_token
+        yield self.http_client.put_json(
+            "%s/_matrix/client/r0/profile/%s/displayname?access_token=%s&user_id=%s" % (
+                shadow_hs_url, user_id, as_token, user_id
             ),
             body
         )
@@ -120,6 +127,9 @@ class ProfileAvatarURLRestServlet(ClientV1RestServlet):
             user, requester, new_name, is_admin)
 
         if self.hs.config.shadow_server:
+            shadow_user = UserID(
+                user.localpart, self.hs.config.shadow_server.get("hs")
+            )
             self.shadow_avatar_url(user_id, content)
 
         defer.returnValue((200, {}))
@@ -133,9 +143,9 @@ class ProfileAvatarURLRestServlet(ClientV1RestServlet):
         shadow_hs_url = self.hs.config.shadow_server.get("hs_url")
         as_token = self.hs.config.shadow_server.get("as_token")
 
-        yield self.http_client.post_json_get_json(
-            "%s/_matrix/client/r0/profile/%s/avatar_url?access_token=%s" % (
-                shadow_hs_url, user_id, as_token
+        yield self.http_client.put_json(
+            "%s/_matrix/client/r0/profile/%s/avatar_url?access_token=%s&user_id=%s" % (
+                shadow_hs_url, shadow_user.to_string(), as_token, user_id
             ),
             body
         )
-- 
cgit 1.4.1