Kill off HomeServer.get_ip_from_request() (#9080)

Homeserver.get_ip_from_request() used to be a bit more complicated, but now it is totally redundant. Let's get rid of it.
This commit is contained in:
Richard van der Hoff 2021-01-12 12:48:12 +00:00 committed by GitHub
parent 2ec8ca5e60
commit 0f8945e166
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 15 additions and 52 deletions

1
changelog.d/9080.misc Normal file
View File

@ -0,0 +1 @@
Remove redundant `Homeserver.get_ip_from_request` method.

View File

@ -187,7 +187,7 @@ class Auth:
AuthError if access is denied for the user in the access token AuthError if access is denied for the user in the access token
""" """
try: try:
ip_addr = self.hs.get_ip_from_request(request) ip_addr = request.getClientIP()
user_agent = get_request_user_agent(request) user_agent = get_request_user_agent(request)
access_token = self.get_access_token_from_request(request) access_token = self.get_access_token_from_request(request)
@ -276,7 +276,7 @@ class Auth:
return None, None return None, None
if app_service.ip_range_whitelist: if app_service.ip_range_whitelist:
ip_address = IPAddress(self.hs.get_ip_from_request(request)) ip_address = IPAddress(request.getClientIP())
if ip_address not in app_service.ip_range_whitelist: if ip_address not in app_service.ip_range_whitelist:
return None, None return None, None

View File

@ -284,7 +284,6 @@ class AuthHandler(BaseHandler):
requester: Requester, requester: Requester,
request: SynapseRequest, request: SynapseRequest,
request_body: Dict[str, Any], request_body: Dict[str, Any],
clientip: str,
description: str, description: str,
) -> Tuple[dict, Optional[str]]: ) -> Tuple[dict, Optional[str]]:
""" """
@ -301,8 +300,6 @@ class AuthHandler(BaseHandler):
request_body: The body of the request sent by the client request_body: The body of the request sent by the client
clientip: The IP address of the client.
description: A human readable string to be displayed to the user that description: A human readable string to be displayed to the user that
describes the operation happening on their account. describes the operation happening on their account.
@ -351,7 +348,7 @@ class AuthHandler(BaseHandler):
try: try:
result, params, session_id = await self.check_ui_auth( result, params, session_id = await self.check_ui_auth(
flows, request, request_body, clientip, description flows, request, request_body, description
) )
except LoginError: except LoginError:
# Update the ratelimiter to say we failed (`can_do_action` doesn't raise). # Update the ratelimiter to say we failed (`can_do_action` doesn't raise).
@ -426,7 +423,6 @@ class AuthHandler(BaseHandler):
flows: List[List[str]], flows: List[List[str]],
request: SynapseRequest, request: SynapseRequest,
clientdict: Dict[str, Any], clientdict: Dict[str, Any],
clientip: str,
description: str, description: str,
) -> Tuple[dict, dict, str]: ) -> Tuple[dict, dict, str]:
""" """
@ -448,8 +444,6 @@ class AuthHandler(BaseHandler):
clientdict: The dictionary from the client root level, not the clientdict: The dictionary from the client root level, not the
'auth' key: this method prompts for auth if none is sent. 'auth' key: this method prompts for auth if none is sent.
clientip: The IP address of the client.
description: A human readable string to be displayed to the user that description: A human readable string to be displayed to the user that
describes the operation happening on their account. describes the operation happening on their account.
@ -540,6 +534,7 @@ class AuthHandler(BaseHandler):
await self.store.set_ui_auth_clientdict(sid, clientdict) await self.store.set_ui_auth_clientdict(sid, clientdict)
user_agent = get_request_user_agent(request) user_agent = get_request_user_agent(request)
clientip = request.getClientIP()
await self.store.add_user_agent_ip_to_ui_auth_session( await self.store.add_user_agent_ip_to_ui_auth_session(
session.session_id, user_agent, clientip session.session_id, user_agent, clientip

View File

@ -189,11 +189,7 @@ class PasswordRestServlet(RestServlet):
requester = await self.auth.get_user_by_req(request) requester = await self.auth.get_user_by_req(request)
try: try:
params, session_id = await self.auth_handler.validate_user_via_ui_auth( params, session_id = await self.auth_handler.validate_user_via_ui_auth(
requester, requester, request, body, "modify your account password",
request,
body,
self.hs.get_ip_from_request(request),
"modify your account password",
) )
except InteractiveAuthIncompleteError as e: except InteractiveAuthIncompleteError as e:
# The user needs to provide more steps to complete auth, but # The user needs to provide more steps to complete auth, but
@ -215,7 +211,6 @@ class PasswordRestServlet(RestServlet):
[[LoginType.EMAIL_IDENTITY]], [[LoginType.EMAIL_IDENTITY]],
request, request,
body, body,
self.hs.get_ip_from_request(request),
"modify your account password", "modify your account password",
) )
except InteractiveAuthIncompleteError as e: except InteractiveAuthIncompleteError as e:
@ -309,11 +304,7 @@ class DeactivateAccountRestServlet(RestServlet):
return 200, {} return 200, {}
await self.auth_handler.validate_user_via_ui_auth( await self.auth_handler.validate_user_via_ui_auth(
requester, requester, request, body, "deactivate your account",
request,
body,
self.hs.get_ip_from_request(request),
"deactivate your account",
) )
result = await self._deactivate_account_handler.deactivate_account( result = await self._deactivate_account_handler.deactivate_account(
requester.user.to_string(), erase, id_server=body.get("id_server") requester.user.to_string(), erase, id_server=body.get("id_server")
@ -695,11 +686,7 @@ class ThreepidAddRestServlet(RestServlet):
assert_valid_client_secret(client_secret) assert_valid_client_secret(client_secret)
await self.auth_handler.validate_user_via_ui_auth( await self.auth_handler.validate_user_via_ui_auth(
requester, requester, request, body, "add a third-party identifier to your account",
request,
body,
self.hs.get_ip_from_request(request),
"add a third-party identifier to your account",
) )
validation_session = await self.identity_handler.validate_threepid_session( validation_session = await self.identity_handler.validate_threepid_session(

View File

@ -128,7 +128,7 @@ class AuthRestServlet(RestServlet):
authdict = {"response": response, "session": session} authdict = {"response": response, "session": session}
success = await self.auth_handler.add_oob_auth( success = await self.auth_handler.add_oob_auth(
LoginType.RECAPTCHA, authdict, self.hs.get_ip_from_request(request) LoginType.RECAPTCHA, authdict, request.getClientIP()
) )
if success: if success:
@ -144,7 +144,7 @@ class AuthRestServlet(RestServlet):
authdict = {"session": session} authdict = {"session": session}
success = await self.auth_handler.add_oob_auth( success = await self.auth_handler.add_oob_auth(
LoginType.TERMS, authdict, self.hs.get_ip_from_request(request) LoginType.TERMS, authdict, request.getClientIP()
) )
if success: if success:

View File

@ -83,11 +83,7 @@ class DeleteDevicesRestServlet(RestServlet):
assert_params_in_dict(body, ["devices"]) assert_params_in_dict(body, ["devices"])
await self.auth_handler.validate_user_via_ui_auth( await self.auth_handler.validate_user_via_ui_auth(
requester, requester, request, body, "remove device(s) from your account",
request,
body,
self.hs.get_ip_from_request(request),
"remove device(s) from your account",
) )
await self.device_handler.delete_devices( await self.device_handler.delete_devices(
@ -133,11 +129,7 @@ class DeviceRestServlet(RestServlet):
raise raise
await self.auth_handler.validate_user_via_ui_auth( await self.auth_handler.validate_user_via_ui_auth(
requester, requester, request, body, "remove a device from your account",
request,
body,
self.hs.get_ip_from_request(request),
"remove a device from your account",
) )
await self.device_handler.delete_device(requester.user.to_string(), device_id) await self.device_handler.delete_device(requester.user.to_string(), device_id)

View File

@ -271,11 +271,7 @@ class SigningKeyUploadServlet(RestServlet):
body = parse_json_object_from_request(request) body = parse_json_object_from_request(request)
await self.auth_handler.validate_user_via_ui_auth( await self.auth_handler.validate_user_via_ui_auth(
requester, requester, request, body, "add a device signing key to your account",
request,
body,
self.hs.get_ip_from_request(request),
"add a device signing key to your account",
) )
result = await self.e2e_keys_handler.upload_signing_keys_for_user(user_id, body) result = await self.e2e_keys_handler.upload_signing_keys_for_user(user_id, body)

View File

@ -353,7 +353,7 @@ class UsernameAvailabilityRestServlet(RestServlet):
403, "Registration has been disabled", errcode=Codes.FORBIDDEN 403, "Registration has been disabled", errcode=Codes.FORBIDDEN
) )
ip = self.hs.get_ip_from_request(request) ip = request.getClientIP()
with self.ratelimiter.ratelimit(ip) as wait_deferred: with self.ratelimiter.ratelimit(ip) as wait_deferred:
await wait_deferred await wait_deferred
@ -513,11 +513,7 @@ class RegisterRestServlet(RestServlet):
# not this will raise a user-interactive auth error. # not this will raise a user-interactive auth error.
try: try:
auth_result, params, session_id = await self.auth_handler.check_ui_auth( auth_result, params, session_id = await self.auth_handler.check_ui_auth(
self._registration_flows, self._registration_flows, request, body, "register a new account",
request,
body,
self.hs.get_ip_from_request(request),
"register a new account",
) )
except InteractiveAuthIncompleteError as e: except InteractiveAuthIncompleteError as e:
# The user needs to provide more steps to complete auth. # The user needs to provide more steps to complete auth.

View File

@ -283,10 +283,6 @@ class HomeServer(metaclass=abc.ABCMeta):
""" """
return self._reactor return self._reactor
def get_ip_from_request(self, request) -> str:
# X-Forwarded-For is handled by our custom request type.
return request.getClientIP()
def is_mine(self, domain_specific_string: DomainSpecificString) -> bool: def is_mine(self, domain_specific_string: DomainSpecificString) -> bool:
return domain_specific_string.domain == self.hostname return domain_specific_string.domain == self.hostname