Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Drop support for calling /_matrix/client/v3/account/3pid/bind witho…
Browse files Browse the repository at this point in the history
…ut an `id_access_token` (#13239)

Fixes #13201

Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
  • Loading branch information
Vetchu authored Jul 12, 2022
1 parent 52a0c8f commit 7218a0c
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 26 deletions.
1 change: 1 addition & 0 deletions changelog.d/13239.removal
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an `id_access_token`, which was not permitted by the spec. Contributed by @Vetchu.
30 changes: 6 additions & 24 deletions synapse/handlers/identity.py
Original file line number Diff line number Diff line change
Expand Up @@ -162,8 +162,7 @@ async def bind_threepid(
sid: str,
mxid: str,
id_server: str,
id_access_token: Optional[str] = None,
use_v2: bool = True,
id_access_token: str,
) -> JsonDict:
"""Bind a 3PID to an identity server
Expand All @@ -173,8 +172,7 @@ async def bind_threepid(
mxid: The MXID to bind the 3PID to
id_server: The domain of the identity server to query
id_access_token: The access token to authenticate to the identity
server with, if necessary. Required if use_v2 is true
use_v2: Whether to use v2 Identity Service API endpoints. Defaults to True
server with
Raises:
SynapseError: On any of the following conditions
Expand All @@ -186,24 +184,15 @@ async def bind_threepid(
"""
logger.debug("Proxying threepid bind request for %s to %s", mxid, id_server)

# If an id_access_token is not supplied, force usage of v1
if id_access_token is None:
use_v2 = False

if not valid_id_server_location(id_server):
raise SynapseError(
400,
"id_server must be a valid hostname with optional port and path components",
)

# Decide which API endpoint URLs to use
headers = {}
bind_data = {"sid": sid, "client_secret": client_secret, "mxid": mxid}
if use_v2:
bind_url = "https://%s/_matrix/identity/v2/3pid/bind" % (id_server,)
headers["Authorization"] = create_id_access_token_header(id_access_token) # type: ignore
else:
bind_url = "https://%s/_matrix/identity/api/v1/3pid/bind" % (id_server,)
bind_url = "https://%s/_matrix/identity/v2/3pid/bind" % (id_server,)
headers = {"Authorization": create_id_access_token_header(id_access_token)}

try:
# Use the blacklisting http client as this call is only to identity servers
Expand All @@ -222,21 +211,14 @@ async def bind_threepid(

return data
except HttpResponseException as e:
if e.code != 404 or not use_v2:
logger.error("3PID bind failed with Matrix error: %r", e)
raise e.to_synapse_error()
logger.error("3PID bind failed with Matrix error: %r", e)
raise e.to_synapse_error()
except RequestTimedOutError:
raise SynapseError(500, "Timed out contacting identity server")
except CodeMessageException as e:
data = json_decoder.decode(e.msg) # XXX WAT?
return data

logger.info("Got 404 when POSTing JSON %s, falling back to v1 URL", bind_url)
res = await self.bind_threepid(
client_secret, sid, mxid, id_server, id_access_token, use_v2=False
)
return res

async def try_unbind_threepid(self, mxid: str, threepid: dict) -> bool:
"""Attempt to remove a 3PID from an identity server, or if one is not provided, all
identity servers we're aware the binding is present on
Expand Down
6 changes: 4 additions & 2 deletions synapse/rest/client/account.py
Original file line number Diff line number Diff line change
Expand Up @@ -704,10 +704,12 @@ def __init__(self, hs: "HomeServer"):
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
body = parse_json_object_from_request(request)

assert_params_in_dict(body, ["id_server", "sid", "client_secret"])
assert_params_in_dict(
body, ["id_server", "sid", "id_access_token", "client_secret"]
)
id_server = body["id_server"]
sid = body["sid"]
id_access_token = body.get("id_access_token") # optional
id_access_token = body["id_access_token"]
client_secret = body["client_secret"]
assert_valid_client_secret(client_secret)

Expand Down

0 comments on commit 7218a0c

Please sign in to comment.