Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Send the appservice access token as a header. (#13996)
Browse files Browse the repository at this point in the history 
Implements MSC2832 by sending application service access
tokens in the Authorization header.

The access token is also still sent as a query parameter until
the application service ecosystem has fully migrated to using
headers. In the future this could be made opt-in, or removed
completely.
  • Loading branch information
@clokep
clokep authored Oct 4, 2022
1 parent 1613857 commit 27fa0fa
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 6 deletions.
1 change: 1 addition & 0 deletions changelog.d/13996.feature
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Send application service access tokens as a header (and query parameter). Implement [MSC2832](https://github.com/matrix-org/matrix-spec-proposals/pull/2832).
23 changes: 19 additions & 4 deletions synapse/appservice/api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,11 @@ async def query_user(self, service: "ApplicationService", user_id: str) -> bool:

uri = service.url + ("/users/%s" % urllib.parse.quote(user_id))
try:
response = await self.get_json(uri, {"access_token": service.hs_token})
response = await self.get_json(
uri,
{"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
)
if response is not None: # just an empty json object
return True
except CodeMessageException as e:
Expand All @@ -140,7 +144,11 @@ async def query_alias(self, service: "ApplicationService", alias: str) -> bool:

uri = service.url + ("/rooms/%s" % urllib.parse.quote(alias))
try:
response = await self.get_json(uri, {"access_token": service.hs_token})
response = await self.get_json(
uri,
{"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
)
if response is not None: # just an empty json object
return True
except CodeMessageException as e:
Expand Down Expand Up @@ -181,7 +189,9 @@ async def query_3pe(
**fields,
b"access_token": service.hs_token,
}
response = await self.get_json(uri, args=args)
response = await self.get_json(
uri, args=args, headers={"Authorization": f"Bearer {service.hs_token}"}
)
if not isinstance(response, list):
logger.warning(
"query_3pe to %s returned an invalid response %r", uri, response
Expand Down Expand Up @@ -217,7 +227,11 @@ async def _get() -> Optional[JsonDict]:
urllib.parse.quote(protocol),
)
try:
info = await self.get_json(uri, {"access_token": service.hs_token})
info = await self.get_json(
uri,
{"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
)

if not _is_valid_3pe_metadata(info):
logger.warning(
Expand Down Expand Up @@ -313,6 +327,7 @@ async def push_bulk(
uri=uri,
json_body=body,
args={"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
)
if logger.isEnabledFor(logging.DEBUG):
logger.debug(
Expand Down
8 changes: 6 additions & 2 deletions tests/appservice/test_api.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,14 @@ def test_query_3pe_authenticates_token(self):

self.request_url = None

async def get_json(url: str, args: Mapping[Any, Any]) -> List[JsonDict]:
if not args.get(b"access_token"):
async def get_json(
url: str, args: Mapping[Any, Any], headers: Mapping[Any, Any]
) -> List[JsonDict]:
# Ensure the access token is passed as both a header and query arg.
if not headers.get("Authorization") or not args.get(b"access_token"):
raise RuntimeError("Access token not provided")

self.assertEqual(headers.get("Authorization"), f"Bearer {TOKEN}")
self.assertEqual(args.get(b"access_token"), TOKEN)
self.request_url = url
if url == URL_USER:
Expand Down

0 comments on commit 27fa0fa

Please sign in to comment.