From 0227618d3c3bea6c85a922d5605f526719573121 Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Thu, 5 Feb 2015 17:29:27 +0000
Subject: Add m.login.application_service registration procedure.

This allows known application services to register any user ID under their
own user namespace(s).
---
 synapse/rest/client/v1/register.py | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

(limited to 'synapse/rest/client')

diff --git a/synapse/rest/client/v1/register.py b/synapse/rest/client/v1/register.py
index c0423c2d45..1ab32b53ea 100644
--- a/synapse/rest/client/v1/register.py
+++ b/synapse/rest/client/v1/register.py
@@ -110,7 +110,8 @@ class RegisterRestServlet(ClientV1RestServlet):
             stages = {
                 LoginType.RECAPTCHA: self._do_recaptcha,
                 LoginType.PASSWORD: self._do_password,
-                LoginType.EMAIL_IDENTITY: self._do_email_identity
+                LoginType.EMAIL_IDENTITY: self._do_email_identity,
+                LoginType.APPLICATION_SERVICE: self._do_app_service
             }
 
             session_info = self._get_session_info(request, session)
@@ -276,6 +277,27 @@ class RegisterRestServlet(ClientV1RestServlet):
         self._remove_session(session)
         defer.returnValue(result)
 
+    @defer.inlineCallbacks
+    def _do_app_service(self, request, register_json, session):
+        if "access_token" not in request.args:
+            raise SynapseError(400, "Expected application service token.")
+        if "user" not in register_json:
+            raise SynapseError(400, "Expected 'user' key.")
+
+        as_token = request.args["access_token"][0]
+        user_localpart = register_json["user"].encode("utf-8")
+
+        handler = self.handlers.registration_handler
+        (user_id, token) = yield handler.appservice_register(
+            user_localpart, as_token
+        )
+        self._remove_session(session)
+        defer.returnValue({
+            "user_id": user_id,
+            "access_token": token,
+            "home_server": self.hs.hostname,
+        })
+
 
 def _parse_json(request):
     try:
-- 
cgit 1.4.1


From e426df8e106aef0b213928afb6189569474ac5d9 Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Fri, 6 Feb 2015 10:57:14 +0000
Subject: Grant ASes the ability to create alias in their own namespace.

Add a new errcode type M_EXCLUSIVE when users try to create aliases inside
AS namespaces, and when ASes try to create aliases outside their own
namespace.
---
 synapse/api/auth.py                 | 12 +++++++++++
 synapse/api/errors.py               |  3 ++-
 synapse/handlers/directory.py       | 43 ++++++++++++++++++++++++++-----------
 synapse/rest/client/v1/directory.py | 29 +++++++++++++++----------
 4 files changed, 63 insertions(+), 24 deletions(-)

(limited to 'synapse/rest/client')

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 4f116184c9..ea8c461729 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -380,6 +380,18 @@ class Auth(object):
             raise AuthError(403, "Unrecognised access token.",
                             errcode=Codes.UNKNOWN_TOKEN)
 
+    @defer.inlineCallbacks
+    def get_appservice_by_req(self, request):
+        try:
+            token = request.args["access_token"][0]
+            service = yield self.store.get_app_service_by_token(token)
+            if not service:
+                raise AuthError(403, "Unrecognised access token.",
+                                errcode=Codes.UNKNOWN_TOKEN)
+            defer.returnValue(service)
+        except KeyError:
+            raise AuthError(403, "Missing access token.")
+
     def is_server_admin(self, user):
         return self.store.is_server_admin(user)
 
diff --git a/synapse/api/errors.py b/synapse/api/errors.py
index 5041828f18..eddd889778 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -36,7 +36,8 @@ class Codes(object):
     CAPTCHA_NEEDED = "M_CAPTCHA_NEEDED"
     CAPTCHA_INVALID = "M_CAPTCHA_INVALID"
     MISSING_PARAM = "M_MISSING_PARAM",
-    TOO_LARGE = "M_TOO_LARGE"
+    TOO_LARGE = "M_TOO_LARGE",
+    EXCLUSIVE = "M_EXCLUSIVE"
 
 
 class CodeMessageException(RuntimeError):
diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py
index 842f075fe0..4c15e57fa6 100644
--- a/synapse/handlers/directory.py
+++ b/synapse/handlers/directory.py
@@ -37,24 +37,15 @@ class DirectoryHandler(BaseHandler):
         )
 
     @defer.inlineCallbacks
-    def create_association(self, user_id, room_alias, room_id, servers=None):
-
-        # TODO(erikj): Do auth.
+    def _create_association(self, room_alias, room_id, servers=None):
+        # general association creation for both human users and app services
 
         if not self.hs.is_mine(room_alias):
             raise SynapseError(400, "Room alias must be local")
             # TODO(erikj): Change this.
 
         # TODO(erikj): Add transactions.
-
         # TODO(erikj): Check if there is a current association.
-
-        is_claimed = yield self.is_alias_exclusive_to_appservices(room_alias)
-        if is_claimed:
-            raise SynapseError(
-                400, "This alias is reserved by an application service."
-            )
-
         if not servers:
             servers = yield self.store.get_joined_hosts_for_room(room_id)
 
@@ -67,6 +58,33 @@ class DirectoryHandler(BaseHandler):
             servers
         )
 
+
+    @defer.inlineCallbacks
+    def create_association(self, user_id, room_alias, room_id, servers=None):
+        # association creation for human users
+        # TODO(erikj): Do user auth.
+
+        is_claimed = yield self.is_alias_exclusive_to_appservices(room_alias)
+        if is_claimed:
+            raise SynapseError(
+                400, "This alias is reserved by an application service.",
+                errcode=Codes.EXCLUSIVE
+            )
+        yield self._create_association(room_alias, room_id, servers)
+
+
+    @defer.inlineCallbacks
+    def create_appservice_association(self, service, room_alias, room_id,
+                                      servers=None):
+        if not service.is_interested_in_alias(room_alias.to_string()):
+            raise SynapseError(
+                400, "This application service has not reserved"
+                " this kind of alias.", errcode=Codes.EXCLUSIVE
+            )
+
+        # association creation for app services
+        yield self._create_association(room_alias, room_id, servers)
+
     @defer.inlineCallbacks
     def delete_association(self, user_id, room_alias):
         # TODO Check if server admin
@@ -77,7 +95,8 @@ class DirectoryHandler(BaseHandler):
         is_claimed = yield self.is_alias_exclusive_to_appservices(room_alias)
         if is_claimed:
             raise SynapseError(
-                400, "This alias is reserved by an application service."
+                400, "This alias is reserved by an application service.",
+                errcode=Codes.EXCLUSIVE
             )
 
         room_id = yield self.store.delete_room_alias(room_alias)
diff --git a/synapse/rest/client/v1/directory.py b/synapse/rest/client/v1/directory.py
index 8f65efec5f..f7e910bb40 100644
--- a/synapse/rest/client/v1/directory.py
+++ b/synapse/rest/client/v1/directory.py
@@ -45,8 +45,6 @@ class ClientDirectoryServer(ClientV1RestServlet):
 
     @defer.inlineCallbacks
     def on_PUT(self, request, room_alias):
-        user, client = yield self.auth.get_user_by_req(request)
-
         content = _parse_json(request)
         if not "room_id" in content:
             raise SynapseError(400, "Missing room_id key",
@@ -70,16 +68,25 @@ class ClientDirectoryServer(ClientV1RestServlet):
         dir_handler = self.handlers.directory_handler
 
         try:
-            user_id = user.to_string()
-            yield dir_handler.create_association(
-                user_id, room_alias, room_id, servers
+            # try to auth as a user
+            user, client = yield self.auth.get_user_by_req(request)
+            try:
+                user_id = user.to_string()
+                yield dir_handler.create_association(
+                    user_id, room_alias, room_id, servers
+                )
+                yield dir_handler.send_room_alias_update_event(user_id, room_id)
+            except SynapseError as e:
+                raise e
+            except:
+                logger.exception("Failed to create association")
+                raise
+        except AuthError:
+            # try to auth as an application service
+            service = yield self.auth.get_appservice_by_req(request)
+            yield dir_handler.create_appservice_association(
+                service, room_alias, room_id, servers
             )
-            yield dir_handler.send_room_alias_update_event(user_id, room_id)
-        except SynapseError as e:
-            raise e
-        except:
-            logger.exception("Failed to create association")
-            raise
 
         defer.returnValue((200, {}))
 
-- 
cgit 1.4.1


From c3ae8def755a043283e945e6653970599d227a43 Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Fri, 6 Feb 2015 11:32:07 +0000
Subject: Grant ASes the ability to delete aliases in their own namespace.

---
 synapse/handlers/directory.py       | 28 +++++++++++++++++++++++-----
 synapse/rest/client/v1/directory.py | 31 +++++++++++++++++++++++++++++--
 2 files changed, 52 insertions(+), 7 deletions(-)

(limited to 'synapse/rest/client')

diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py
index 4c15e57fa6..c3c95996e7 100644
--- a/synapse/handlers/directory.py
+++ b/synapse/handlers/directory.py
@@ -87,10 +87,9 @@ class DirectoryHandler(BaseHandler):
 
     @defer.inlineCallbacks
     def delete_association(self, user_id, room_alias):
-        # TODO Check if server admin
+        # association deletion for human users
 
-        if not self.hs.is_mine(room_alias):
-            raise SynapseError(400, "Room alias must be local")
+        # TODO Check if server admin
 
         is_claimed = yield self.is_alias_exclusive_to_appservices(room_alias)
         if is_claimed:
@@ -99,10 +98,29 @@ class DirectoryHandler(BaseHandler):
                 errcode=Codes.EXCLUSIVE
             )
 
+        yield self._delete_association(room_alias)
+
+    @defer.inlineCallbacks
+    def delete_appservice_association(self, service, room_alias):
+        if not service.is_interested_in_alias(room_alias.to_string()):
+            raise SynapseError(
+                400,
+                "This application service has not reserved this kind of alias",
+                errcode=Codes.EXCLUSIVE
+            )
+        yield self._delete_association(room_alias)
+
+    @defer.inlineCallbacks
+    def _delete_association(self, room_alias):
+        if not self.hs.is_mine(room_alias):
+            raise SynapseError(400, "Room alias must be local")
+
         room_id = yield self.store.delete_room_alias(room_alias)
 
-        if room_id:
-            yield self._update_room_alias_events(user_id, room_id)
+        # TODO - Looks like _update_room_alias_event has never been implemented
+        # if room_id:
+        #    yield self._update_room_alias_events(user_id, room_id)
+
 
     @defer.inlineCallbacks
     def get_association(self, room_alias):
diff --git a/synapse/rest/client/v1/directory.py b/synapse/rest/client/v1/directory.py
index f7e910bb40..8e83548bbf 100644
--- a/synapse/rest/client/v1/directory.py
+++ b/synapse/rest/client/v1/directory.py
@@ -87,24 +87,51 @@ class ClientDirectoryServer(ClientV1RestServlet):
             yield dir_handler.create_appservice_association(
                 service, room_alias, room_id, servers
             )
+            logger.info(
+                "Application service at %s created alias %s pointing to %s",
+                service.url,
+                room_alias.to_string(),
+                room_id
+            )
 
         defer.returnValue((200, {}))
 
     @defer.inlineCallbacks
     def on_DELETE(self, request, room_alias):
+        dir_handler = self.handlers.directory_handler
+
+        try:
+            service = yield self.auth.get_appservice_by_req(request)
+            room_alias = RoomAlias.from_string(room_alias)
+            yield dir_handler.delete_appservice_association(
+                service, room_alias
+            )
+            logger.info(
+                "Application service at %s deleted alias %s",
+                service.url,
+                room_alias.to_string()
+            )
+            defer.returnValue((200, {}))
+        except AuthError:
+            # fallback to default user behaviour if they aren't an AS
+            pass
+
         user, client = yield self.auth.get_user_by_req(request)
 
         is_admin = yield self.auth.is_server_admin(user)
         if not is_admin:
             raise AuthError(403, "You need to be a server admin")
 
-        dir_handler = self.handlers.directory_handler
-
         room_alias = RoomAlias.from_string(room_alias)
 
         yield dir_handler.delete_association(
             user.to_string(), room_alias
         )
+        logger.info(
+            "User %s deleted alias %s",
+            user.to_string(),
+            room_alias.to_string()
+        )
 
         defer.returnValue((200, {}))
 
-- 
cgit 1.4.1