mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-10-01 11:49:51 -04:00
Send the appservice access token as a header. (#13996)
Implements MSC2832 by sending application service access tokens in the Authorization header. The access token is also still sent as a query parameter until the application service ecosystem has fully migrated to using headers. In the future this could be made opt-in, or removed completely.
This commit is contained in:
parent
1613857b90
commit
27fa0fa698
1
changelog.d/13996.feature
Normal file
1
changelog.d/13996.feature
Normal file
@ -0,0 +1 @@
|
|||||||
|
Send application service access tokens as a header (and query parameter). Implement [MSC2832](https://github.com/matrix-org/matrix-spec-proposals/pull/2832).
|
@ -120,7 +120,11 @@ class ApplicationServiceApi(SimpleHttpClient):
|
|||||||
|
|
||||||
uri = service.url + ("/users/%s" % urllib.parse.quote(user_id))
|
uri = service.url + ("/users/%s" % urllib.parse.quote(user_id))
|
||||||
try:
|
try:
|
||||||
response = await self.get_json(uri, {"access_token": service.hs_token})
|
response = await self.get_json(
|
||||||
|
uri,
|
||||||
|
{"access_token": service.hs_token},
|
||||||
|
headers={"Authorization": f"Bearer {service.hs_token}"},
|
||||||
|
)
|
||||||
if response is not None: # just an empty json object
|
if response is not None: # just an empty json object
|
||||||
return True
|
return True
|
||||||
except CodeMessageException as e:
|
except CodeMessageException as e:
|
||||||
@ -140,7 +144,11 @@ class ApplicationServiceApi(SimpleHttpClient):
|
|||||||
|
|
||||||
uri = service.url + ("/rooms/%s" % urllib.parse.quote(alias))
|
uri = service.url + ("/rooms/%s" % urllib.parse.quote(alias))
|
||||||
try:
|
try:
|
||||||
response = await self.get_json(uri, {"access_token": service.hs_token})
|
response = await self.get_json(
|
||||||
|
uri,
|
||||||
|
{"access_token": service.hs_token},
|
||||||
|
headers={"Authorization": f"Bearer {service.hs_token}"},
|
||||||
|
)
|
||||||
if response is not None: # just an empty json object
|
if response is not None: # just an empty json object
|
||||||
return True
|
return True
|
||||||
except CodeMessageException as e:
|
except CodeMessageException as e:
|
||||||
@ -181,7 +189,9 @@ class ApplicationServiceApi(SimpleHttpClient):
|
|||||||
**fields,
|
**fields,
|
||||||
b"access_token": service.hs_token,
|
b"access_token": service.hs_token,
|
||||||
}
|
}
|
||||||
response = await self.get_json(uri, args=args)
|
response = await self.get_json(
|
||||||
|
uri, args=args, headers={"Authorization": f"Bearer {service.hs_token}"}
|
||||||
|
)
|
||||||
if not isinstance(response, list):
|
if not isinstance(response, list):
|
||||||
logger.warning(
|
logger.warning(
|
||||||
"query_3pe to %s returned an invalid response %r", uri, response
|
"query_3pe to %s returned an invalid response %r", uri, response
|
||||||
@ -217,7 +227,11 @@ class ApplicationServiceApi(SimpleHttpClient):
|
|||||||
urllib.parse.quote(protocol),
|
urllib.parse.quote(protocol),
|
||||||
)
|
)
|
||||||
try:
|
try:
|
||||||
info = await self.get_json(uri, {"access_token": service.hs_token})
|
info = await self.get_json(
|
||||||
|
uri,
|
||||||
|
{"access_token": service.hs_token},
|
||||||
|
headers={"Authorization": f"Bearer {service.hs_token}"},
|
||||||
|
)
|
||||||
|
|
||||||
if not _is_valid_3pe_metadata(info):
|
if not _is_valid_3pe_metadata(info):
|
||||||
logger.warning(
|
logger.warning(
|
||||||
@ -313,6 +327,7 @@ class ApplicationServiceApi(SimpleHttpClient):
|
|||||||
uri=uri,
|
uri=uri,
|
||||||
json_body=body,
|
json_body=body,
|
||||||
args={"access_token": service.hs_token},
|
args={"access_token": service.hs_token},
|
||||||
|
headers={"Authorization": f"Bearer {service.hs_token}"},
|
||||||
)
|
)
|
||||||
if logger.isEnabledFor(logging.DEBUG):
|
if logger.isEnabledFor(logging.DEBUG):
|
||||||
logger.debug(
|
logger.debug(
|
||||||
|
@ -69,10 +69,14 @@ class ApplicationServiceApiTestCase(unittest.HomeserverTestCase):
|
|||||||
|
|
||||||
self.request_url = None
|
self.request_url = None
|
||||||
|
|
||||||
async def get_json(url: str, args: Mapping[Any, Any]) -> List[JsonDict]:
|
async def get_json(
|
||||||
if not args.get(b"access_token"):
|
url: str, args: Mapping[Any, Any], headers: Mapping[Any, Any]
|
||||||
|
) -> List[JsonDict]:
|
||||||
|
# Ensure the access token is passed as both a header and query arg.
|
||||||
|
if not headers.get("Authorization") or not args.get(b"access_token"):
|
||||||
raise RuntimeError("Access token not provided")
|
raise RuntimeError("Access token not provided")
|
||||||
|
|
||||||
|
self.assertEqual(headers.get("Authorization"), f"Bearer {TOKEN}")
|
||||||
self.assertEqual(args.get(b"access_token"), TOKEN)
|
self.assertEqual(args.get(b"access_token"), TOKEN)
|
||||||
self.request_url = url
|
self.request_url = url
|
||||||
if url == URL_USER:
|
if url == URL_USER:
|
||||||
|
Loading…
Reference in New Issue
Block a user