Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Send the appservice access token as a header. #13996

Merged
merged 2 commits into from
Oct 4, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/13996.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Send application service access tokens as a header (and query parameter). Implement [MSC2832](https://github.com/matrix-org/matrix-spec-proposals/pull/2832).
23 changes: 19 additions & 4 deletions synapse/appservice/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,11 @@ async def query_user(self, service: "ApplicationService", user_id: str) -> bool:

uri = service.url + ("/users/%s" % urllib.parse.quote(user_id))
try:
response = await self.get_json(uri, {"access_token": service.hs_token})
response = await self.get_json(
uri,
{"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Footgun alert: the values of headers should be a list of strings, not strings themselves. See #14301.

)
if response is not None: # just an empty json object
return True
except CodeMessageException as e:
Expand All @@ -140,7 +144,11 @@ async def query_alias(self, service: "ApplicationService", alias: str) -> bool:

uri = service.url + ("/rooms/%s" % urllib.parse.quote(alias))
try:
response = await self.get_json(uri, {"access_token": service.hs_token})
response = await self.get_json(
uri,
{"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
)
if response is not None: # just an empty json object
return True
except CodeMessageException as e:
Expand Down Expand Up @@ -181,7 +189,9 @@ async def query_3pe(
**fields,
b"access_token": service.hs_token,
}
response = await self.get_json(uri, args=args)
response = await self.get_json(
uri, args=args, headers={"Authorization": f"Bearer {service.hs_token}"}
)
if not isinstance(response, list):
logger.warning(
"query_3pe to %s returned an invalid response %r", uri, response
Expand Down Expand Up @@ -217,7 +227,11 @@ async def _get() -> Optional[JsonDict]:
urllib.parse.quote(protocol),
)
try:
info = await self.get_json(uri, {"access_token": service.hs_token})
info = await self.get_json(
uri,
{"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
)

if not _is_valid_3pe_metadata(info):
logger.warning(
Expand Down Expand Up @@ -313,6 +327,7 @@ async def push_bulk(
uri=uri,
json_body=body,
args={"access_token": service.hs_token},
headers={"Authorization": f"Bearer {service.hs_token}"},
)
if logger.isEnabledFor(logging.DEBUG):
logger.debug(
Expand Down
8 changes: 6 additions & 2 deletions tests/appservice/test_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -69,10 +69,14 @@ def test_query_3pe_authenticates_token(self):

self.request_url = None

async def get_json(url: str, args: Mapping[Any, Any]) -> List[JsonDict]:
if not args.get(b"access_token"):
async def get_json(
url: str, args: Mapping[Any, Any], headers: Mapping[Any, Any]
) -> List[JsonDict]:
# Ensure the access token is passed as both a header and query arg.
if not headers.get("Authorization") or not args.get(b"access_token"):
raise RuntimeError("Access token not provided")

self.assertEqual(headers.get("Authorization"), f"Bearer {TOKEN}")
self.assertEqual(args.get(b"access_token"), TOKEN)
self.request_url = url
if url == URL_USER:
Expand Down