Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add authentication to thirdparty bridge APIs #12746

Merged
merged 11 commits into from
May 24, 2022
Merged

Add authentication to thirdparty bridge APIs #12746

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
dbbf926
Add authentication to thirdparty bridge APIs
Half-Shot May 16, 2022
1474fc2
Add args as any
Half-Shot May 16, 2022
df3554c
changelog
Half-Shot May 16, 2022
fe43fe3
Add tests for api
Half-Shot May 16, 2022
4a45161
Update test_api.py
Half-Shot May 17, 2022
b46c626
Update changelog.d/12746.bugfix
Half-Shot May 17, 2022
50b04f7
fix lint
Half-Shot May 17, 2022
0520ac7
fix
Half-Shot May 17, 2022
512ebca
Tidy tidy according to review
Half-Shot May 18, 2022
8782cdf
Add raise RuntimeError("This should never be seen.")
Half-Shot May 23, 2022
94e98af
final review bits
Half-Shot May 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/12746.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Require an `access_token` in `/thirdparty/` requests to appservices, as required by the [Matrix specification](https://spec.matrix.org/v1.1/application-service-api/#third-party-networks).
Half-Shot marked this conversation as resolved.
Show resolved Hide resolved
15 changes: 12 additions & 3 deletions synapse/appservice/api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
# limitations under the License.
import logging
import urllib.parse
from typing import TYPE_CHECKING, Dict, Iterable, List, Optional, Tuple
from typing import TYPE_CHECKING, Any, Dict, Iterable, List, Mapping, Optional, Tuple

from prometheus_client import Counter
from typing_extensions import TypeGuard
Expand Down Expand Up @@ -155,14 +155,21 @@ async def query_3pe(
if service.url is None:
return []

# This is required by the configuration.
assert service.hs_token is not None

uri = "%s%s/thirdparty/%s/%s" % (
service.url,
APP_SERVICE_PREFIX,
kind,
urllib.parse.quote(protocol),
)
try:
response = await self.get_json(uri, fields)
args: Mapping[Any, Any] = {
**fields,
b"access_token": [service.hs_token],
}
response = await self.get_json(uri, args=args)
if not isinstance(response, list):
logger.warning(
"query_3pe to %s returned an invalid response %r", uri, response
Expand Down Expand Up @@ -190,13 +197,15 @@ async def get_3pe_protocol(
return {}

async def _get() -> Optional[JsonDict]:
# This is required by the configuration.
assert service.hs_token is not None
uri = "%s%s/thirdparty/protocol/%s" % (
service.url,
APP_SERVICE_PREFIX,
urllib.parse.quote(protocol),
)
try:
info = await self.get_json(uri)
info = await self.get_json(uri, {"access_token": service.hs_token})

if not _is_valid_3pe_metadata(info):
logger.warning(
Expand Down