From 5a7dd058184613c70041a61fdbc2ccce104bb500 Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Mon, 9 Feb 2015 14:14:15 +0000
Subject: Modify auth.get_user_by_req for authing appservices directly.

Add logic to map the appservice token to the autogenned appservice user ID.
Add unit tests for all forms of get_user_by_req (user/appservice,
valid/bad/missing tokens)
---
 synapse/api/auth.py           | 34 ++++++++++++++++------------------
 synapse/storage/appservice.py |  4 +++-
 2 files changed, 19 insertions(+), 19 deletions(-)

(limited to 'synapse')

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index ea8c461729..310a428066 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -302,27 +302,26 @@ class Auth(object):
 
             # Check for application service tokens with a user_id override
             try:
-                if "user_id" not in request.args:
-                    # This has to be done like this rather than relying on it
-                    # natively throwing because tests use a Mock for the request
-                    # object which doesn't throw :/
-                    raise KeyError
-
-                masquerade_user_id = request.args["user_id"][0]
                 app_service = yield self.store.get_app_service_by_token(
                     access_token
                 )
                 if not app_service:
-                    raise AuthError(
-                        403, "Invalid application service access token"
-                    )
-                if not app_service.is_interested_in_user(masquerade_user_id):
-                    raise AuthError(
-                        403,
-                        "Application service cannot masquerade as this user."
-                    )
+                    raise KeyError
+
+                user_id = app_service.sender
+                if "user_id" in request.args:
+                    user_id = request.args["user_id"][0]
+                    if not app_service.is_interested_in_user(user_id):
+                        raise AuthError(
+                            403,
+                            "Application service cannot masquerade as this user."
+                        )
+
+                if not user_id:
+                    raise KeyError
+
                 defer.returnValue(
-                    (UserID.from_string(masquerade_user_id), ClientInfo("", ""))
+                    (UserID.from_string(user_id), ClientInfo("", ""))
                 )
                 return
             except KeyError:
@@ -366,8 +365,7 @@ class Auth(object):
         try:
             ret = yield self.store.get_user_by_token(token=token)
             if not ret:
-                raise StoreError()
-
+                raise StoreError(400, "Unknown token")
             user_info = {
                 "admin": bool(ret.get("admin", False)),
                 "device_id": ret.get("device_id"),
diff --git a/synapse/storage/appservice.py b/synapse/storage/appservice.py
index eef77e737e..ba31c68595 100644
--- a/synapse/storage/appservice.py
+++ b/synapse/storage/appservice.py
@@ -215,6 +215,7 @@ class ApplicationServiceStore(SQLBaseStore):
                     "url": res["url"],
                     "token": as_token,
                     "hs_token": res["hs_token"],
+                    "sender": res["sender"],
                     "namespaces": {
                         ApplicationService.NS_USERS: [],
                         ApplicationService.NS_ALIASES: [],
@@ -240,6 +241,7 @@ class ApplicationServiceStore(SQLBaseStore):
                 token=service["token"],
                 url=service["url"],
                 namespaces=service["namespaces"],
-                hs_token=service["hs_token"]
+                hs_token=service["hs_token"],
+                sender=service["sender"]
             ))
 
-- 
cgit 1.4.1