Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Implementation of HTTP 307 response for MSC3886 POST endpoint #14018

Merged
merged 30 commits into from
Oct 18, 2022
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
73dace0
Implementation of HTTP 307 endpoint for MSC3886
hughns Oct 3, 2022
4294327
Linting
hughns Oct 3, 2022
923bcbd
Merge remote-tracking branch 'upstream/develop' into hughns/msc3886-r…
hughns Oct 6, 2022
f330b0f
Changelog
hughns Oct 6, 2022
81ff46d
Lint fixes
hughns Oct 6, 2022
b5eb427
Fix docs
hughns Oct 6, 2022
e190693
Merge branch 'develop' into hughns/msc3886-redirect
hughns Oct 6, 2022
21e9d50
Merge branch 'matrix-org:develop' into hughns/msc3886-redirect
hughns Oct 7, 2022
4656642
FIx passing of experimental_cors_msc3886 around site
hughns Oct 7, 2022
f0218a6
Lint fix
hughns Oct 7, 2022
c838182
Merge branch 'matrix-org:develop' into hughns/msc3886-redirect
hughns Oct 7, 2022
8a81b3c
Actually test for correct response code
hughns Oct 7, 2022
7e9b07d
Merge branch 'develop' into hughns/msc3886-redirect
hughns Oct 7, 2022
d8f927e
Merge branch 'matrix-org:develop' into hughns/msc3886-redirect
hughns Oct 10, 2022
2ea6295
Expand reference to MSC3886
hughns Oct 11, 2022
68887e7
Remove unnecessary usage of getattr
hughns Oct 11, 2022
e3fcdea
Document param
hughns Oct 11, 2022
261d098
Document function args
hughns Oct 11, 2022
208b598
Make handling of "" endpoint explicit
hughns Oct 11, 2022
81fb879
Fix and improve docs
hughns Oct 11, 2022
61e417e
Linting
hughns Oct 11, 2022
441c299
Merge branch 'matrix-org:develop' into hughns/msc3886-redirect
hughns Oct 11, 2022
a6ddd03
Make typing of set_cors_headers explicit
hughns Oct 11, 2022
08aaafc
Fixup more references to SynapseRequest
hughns Oct 11, 2022
fc67315
Satisfy linter
hughns Oct 11, 2022
50ce7e3
Add experimental_cors_msc3886 to FakeSite
hughns Oct 11, 2022
05a516b
Linting
hughns Oct 11, 2022
ae5fd0d
Include experimental_cors_msc3886 in mock site
hughns Oct 11, 2022
26f2804
Update synapse/config/server.py
hughns Oct 12, 2022
ba87974
Merge branch 'develop' of github.com:matrix-org/synapse into hughns/m…
anoadragon453 Oct 18, 2022
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/14018.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Support for redirecting to an implementation of [MSC3886](https://github.com/matrix-org/matrix-spec-proposals/pull/3886).
hughns marked this conversation as resolved.
Show resolved Hide resolved
7 changes: 6 additions & 1 deletion synapse/config/experimental.py
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

from typing import Any
from typing import Any, Optional

import attr

Expand Down Expand Up @@ -119,3 +119,8 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.msc3882_token_timeout = self.parse_duration(
experimental.get("msc3882_token_timeout", "5m")
)

# MSC3886: Simple client rendezvous capability
self.msc3886_endpoint: Optional[str] = experimental.get(
"msc3886_endpoint", None
)
2 changes: 2 additions & 0 deletions synapse/config/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,7 @@ class HttpListenerConfig:
additional_resources: Dict[str, dict] = attr.Factory(dict)
tag: Optional[str] = None
request_id_header: Optional[str] = None
experimental_cors_msc3886: bool = False
hughns marked this conversation as resolved.
Show resolved Hide resolved


@attr.s(slots=True, frozen=True, auto_attribs=True)
Expand Down Expand Up @@ -935,6 +936,7 @@ def parse_listener_def(num: int, listener: Any) -> ListenerConfig:
additional_resources=listener.get("additional_resources", {}),
tag=listener.get("tag"),
request_id_header=listener.get("request_id_header"),
experimental_cors_msc3886=listener.get("experimental_cors_msc3886", False),
)

return ListenerConfig(port, bind_addresses, listener_type, tls, http_config)
Expand Down
32 changes: 25 additions & 7 deletions synapse/http/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import types
import urllib
from http import HTTPStatus
from http.client import FOUND
from inspect import isawaitable
from typing import (
TYPE_CHECKING,
Expand Down Expand Up @@ -870,10 +871,20 @@ def set_cors_headers(request: Request) -> None:
request.setHeader(
b"Access-Control-Allow-Methods", b"GET, HEAD, POST, PUT, DELETE, OPTIONS"
)
request.setHeader(
b"Access-Control-Allow-Headers",
b"X-Requested-With, Content-Type, Authorization, Date",
)
if getattr(request, "experimental_cors_msc3886", False):
hughns marked this conversation as resolved.
Show resolved Hide resolved
request.setHeader(
b"Access-Control-Allow-Headers",
b"X-Requested-With, Content-Type, Authorization, Date, If-Match, If-None-Match",
)
request.setHeader(
b"Access-Control-Expose-Headers",
b"ETag, Location, X-Max-Bytes",
)
else:
request.setHeader(
b"Access-Control-Allow-Headers",
b"X-Requested-With, Content-Type, Authorization, Date",
)


def set_corp_headers(request: Request) -> None:
Expand Down Expand Up @@ -942,10 +953,17 @@ def set_clickjacking_protection_headers(request: Request) -> None:
request.setHeader(b"Content-Security-Policy", b"frame-ancestors 'none';")


def respond_with_redirect(request: Request, url: bytes) -> None:
"""Write a 302 response to the request, if it is still alive."""
def respond_with_redirect(
request: Request, url: bytes, statusCode: int = FOUND, cors: bool = False
hughns marked this conversation as resolved.
Show resolved Hide resolved
) -> None:
"""Write a 302 (or other specified status code) response to the request, if it is still alive."""
logger.debug("Redirect to %s", url.decode("utf-8"))
request.redirect(url)

if cors:
set_cors_headers(request)

request.setResponseCode(statusCode)
request.setHeader(b"location", url)
finish_request(request)


Expand Down
5 changes: 5 additions & 0 deletions synapse/http/site.py
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,9 @@ def __init__(
self.reactor = site.reactor
self._channel = channel # this is used by the tests
self.start_time = 0.0
self.experimental_cors_msc3886 = getattr(
site, "experimental_cors_msc3886", False
)
hughns marked this conversation as resolved.
Show resolved Hide resolved

# The requester, if authenticated. For federation requests this is the
# server name, for client requests this is the Requester object.
Expand Down Expand Up @@ -622,6 +625,8 @@ def __init__(

request_id_header = config.http_options.request_id_header

self.experimental_cors_msc3886 = config.http_options.experimental_cors_msc3886

def request_factory(channel: HTTPChannel, queued: bool) -> Request:
return request_class(
channel,
Expand Down
2 changes: 2 additions & 0 deletions synapse/rest/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@
receipts,
register,
relations,
rendezvous,
report_event,
room,
room_batch,
Expand Down Expand Up @@ -132,3 +133,4 @@ def register_servlets(client_resource: HttpServer, hs: "HomeServer") -> None:
# unstable
mutual_rooms.register_servlets(hs, client_resource)
login_token_request.register_servlets(hs, client_resource)
rendezvous.register_servlets(hs, client_resource)
65 changes: 65 additions & 0 deletions synapse/rest/client/rendezvous.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
# Copyright 2022 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import logging
from http.client import TEMPORARY_REDIRECT
from typing import TYPE_CHECKING

from synapse.http.server import HttpServer, respond_with_redirect
from synapse.http.servlet import RestServlet
from synapse.http.site import SynapseRequest
from synapse.rest.client._base import client_patterns

if TYPE_CHECKING:
from synapse.server import HomeServer

logger = logging.getLogger(__name__)


class RendezvousServlet(RestServlet):
"""
Get a token that can be used with `m.login.token` to log in a second device.
This implementation is a stub that redirects to another configured endpoint.

Request:

POST /rendezvous HTTP/1.1
Content-Type: ...

...

Response:

HTTP/1.1 307
Location: <configured endpoint>
"""

PATTERNS = client_patterns(
"/org.matrix.msc3886/rendezvous$", releases=[], v1=False, unstable=True
)

def __init__(self, hs: "HomeServer"):
super().__init__()
redirection_target: str = hs.config.experimental.msc3886_endpoint or ""
self.endpoint = redirection_target.encode("utf-8")

async def on_POST(self, request: SynapseRequest) -> None:
hughns marked this conversation as resolved.
Show resolved Hide resolved
respond_with_redirect(
request, self.endpoint, statusCode=TEMPORARY_REDIRECT, cors=True
)
hughns marked this conversation as resolved.
Show resolved Hide resolved


def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
if hs.config.experimental.msc3886_endpoint is not None:
RendezvousServlet(hs).register(http_server)
3 changes: 3 additions & 0 deletions synapse/rest/client/versions.py
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,9 @@ def on_GET(self, request: Request) -> Tuple[int, JsonDict]:
"org.matrix.msc3882": self.config.experimental.msc3882_enabled,
# Adds support for remotely enabling/disabling pushers, as per MSC3881
"org.matrix.msc3881": self.config.experimental.msc3881_enabled,
# Adds support for simple HTTP rendezvous as per MSC3886
"org.matrix.msc3886": self.config.experimental.msc3886_endpoint
is not None,
},
},
)
Expand Down
45 changes: 45 additions & 0 deletions tests/rest/client/test_rendezvous.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Copyright 2022 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

from twisted.test.proto_helpers import MemoryReactor

from synapse.rest.client import rendezvous
from synapse.server import HomeServer
from synapse.util import Clock

from tests import unittest
from tests.unittest import override_config

endpoint = "/_matrix/client/unstable/org.matrix.msc3886/rendezvous"


class RendezvousServletTestCase(unittest.HomeserverTestCase):

servlets = [
rendezvous.register_servlets,
]

def make_homeserver(self, reactor: MemoryReactor, clock: Clock) -> HomeServer:
self.hs = self.setup_test_homeserver()
return self.hs

def test_disabled(self) -> None:
channel = self.make_request("POST", endpoint, {}, access_token=None)
self.assertEqual(channel.code, 400)

@override_config({"experimental_features": {"msc3886_endpoint": "/asd"}})
def test_redirect(self) -> None:
channel = self.make_request("POST", endpoint, {}, access_token=None)
self.assertEqual(channel.code, 307)
self.assertEqual(channel.headers.getRawHeaders("Location"), ["/asd"])
94 changes: 67 additions & 27 deletions tests/test_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -222,13 +222,22 @@ def render(self, request: SynapseRequest) -> bytes:
self.resource = OptionsResource()
self.resource.putChild(b"res", DummyResource())

def _make_request(self, method: bytes, path: bytes) -> FakeChannel:
def _make_request(
self, method: bytes, path: bytes, experimental_cors_msc3886: bool = False
) -> FakeChannel:
"""Create a request from the method/path and return a channel with the response."""
# Create a site and query for the resource.
site = SynapseSite(
"test",
"site_tag",
parse_listener_def(0, {"type": "http", "port": 0}),
parse_listener_def(
0,
{
"type": "http",
"port": 0,
"experimental_cors_msc3886": experimental_cors_msc3886,
},
),
self.resource,
"1.0",
max_request_body_size=4096,
Expand All @@ -239,45 +248,76 @@ def _make_request(self, method: bytes, path: bytes) -> FakeChannel:
channel = make_request(self.reactor, site, method, path, shorthand=False)
return channel

def _check_cors_standard_headers(self, channel: FakeChannel) -> None:
# Ensure the correct CORS headers have been added
# as per https://spec.matrix.org/v1.4/client-server-api/#web-browser-clients
self.assertEqual(
channel.headers.getRawHeaders(b"Access-Control-Allow-Origin"),
[b"*"],
"has correct CORS Origin header",
)
self.assertEqual(
channel.headers.getRawHeaders(b"Access-Control-Allow-Methods"),
[b"GET, HEAD, POST, PUT, DELETE, OPTIONS"], # HEAD isn't in the spec
"has correct CORS Methods header",
)
self.assertEqual(
channel.headers.getRawHeaders(b"Access-Control-Allow-Headers"),
[b"X-Requested-With, Content-Type, Authorization, Date"],
"has correct CORS Headers header",
)

def _check_cors_msc3886_headers(self, channel: FakeChannel) -> None:
# Ensure the correct CORS headers have been added
# as per https://github.com/matrix-org/matrix-spec-proposals/blob/hughns/simple-rendezvous-capability/proposals/3886-simple-rendezvous-capability.md#cors
self.assertEqual(
channel.headers.getRawHeaders(b"Access-Control-Allow-Origin"),
[b"*"],
"has correct CORS Origin header",
)
self.assertEqual(
channel.headers.getRawHeaders(b"Access-Control-Allow-Methods"),
[b"GET, HEAD, POST, PUT, DELETE, OPTIONS"], # HEAD isn't in the spec
"has correct CORS Methods header",
)
self.assertEqual(
channel.headers.getRawHeaders(b"Access-Control-Allow-Headers"),
[
b"X-Requested-With, Content-Type, Authorization, Date, If-Match, If-None-Match"
],
"has correct CORS Headers header",
)
self.assertEqual(
channel.headers.getRawHeaders(b"Access-Control-Expose-Headers"),
[b"ETag, Location, X-Max-Bytes"],
"has correct CORS Expose Headers header",
)

def test_unknown_options_request(self) -> None:
"""An OPTIONS requests to an unknown URL still returns 204 No Content."""
channel = self._make_request(b"OPTIONS", b"/foo/")
self.assertEqual(channel.code, 204)
self.assertNotIn("body", channel.result)

# Ensure the correct CORS headers have been added
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Origin"),
"has CORS Origin header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Methods"),
"has CORS Methods header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Headers"),
"has CORS Headers header",
)
self._check_cors_standard_headers(channel)

def test_known_options_request(self) -> None:
"""An OPTIONS requests to an known URL still returns 204 No Content."""
channel = self._make_request(b"OPTIONS", b"/res/")
self.assertEqual(channel.code, 204)
self.assertNotIn("body", channel.result)

# Ensure the correct CORS headers have been added
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Origin"),
"has CORS Origin header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Methods"),
"has CORS Methods header",
)
self.assertTrue(
channel.headers.hasHeader(b"Access-Control-Allow-Headers"),
"has CORS Headers header",
self._check_cors_standard_headers(channel)

def test_known_options_request_msc3886(self) -> None:
"""An OPTIONS requests to an known URL still returns 204 No Content."""
channel = self._make_request(
b"OPTIONS", b"/res/", experimental_cors_msc3886=True
)
self.assertEqual(channel.code, 204)
self.assertNotIn("body", channel.result)

self._check_cors_msc3886_headers(channel)

def test_unknown_request(self) -> None:
"""A non-OPTIONS request to an unknown URL should 404."""
Expand Down