Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-08-07 09:02:14 -04:00
Code Issues Projects Releases Packages Wiki Activity

Revert "Revert accidental fast-forward merge from v1.49.0rc1"

Browse source 
This reverts commit 158d73ebdd.
This commit is contained in:
Olivier Wilkinson (reivilibre) 2021-12-14 14:22:01 +00:00
parent 158d73ebdd
commit 4dd9ea8f4f
165 changed files with 7715 additions and 2703 deletions
Download patch file Download diff file Expand all files Collapse all files

25
synapse/rest/admin/__init__.py
View file

@ -17,6 +17,7 @@
import logging
import platform
from http import HTTPStatus
from typing import TYPE_CHECKING, Optional, Tuple
import synapse
@ -39,6 +40,10 @@ from synapse.rest.admin.event_reports import (
EventReportDetailRestServlet,
EventReportsRestServlet,
)
from synapse.rest.admin.federation import (
DestinationsRestServlet,
ListDestinationsRestServlet,
)
from synapse.rest.admin.groups import DeleteGroupAdminRestServlet
from synapse.rest.admin.media import ListMediaInRoom, register_servlets_for_media_repo
from synapse.rest.admin.registration_tokens import (
@ -98,7 +103,7 @@ class VersionServlet(RestServlet):
}
def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
return 200, self.res
return HTTPStatus.OK, self.res
class PurgeHistoryRestServlet(RestServlet):
@ -130,7 +135,7 @@ class PurgeHistoryRestServlet(RestServlet):
event = await self.store.get_event(event_id)
if event.room_id != room_id:
raise SynapseError(400, "Event is for wrong room.")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Event is for wrong room.")
# RoomStreamToken expects [int] not Optional[int]
assert event.internal_metadata.stream_ordering is not None
@ -144,7 +149,9 @@ class PurgeHistoryRestServlet(RestServlet):
ts = body["purge_up_to_ts"]
if not isinstance(ts, int):
raise SynapseError(
400, "purge_up_to_ts must be an int", errcode=Codes.BAD_JSON
HTTPStatus.BAD_REQUEST,
"purge_up_to_ts must be an int",
errcode=Codes.BAD_JSON,
)
stream_ordering = await self.store.find_first_stream_ordering_after_ts(ts)
@ -160,7 +167,9 @@ class PurgeHistoryRestServlet(RestServlet):
stream_ordering,
)
raise SynapseError(
404, "there is no event to be purged", errcode=Codes.NOT_FOUND
HTTPStatus.NOT_FOUND,
"there is no event to be purged",
errcode=Codes.NOT_FOUND,
)
(stream, topo, _event_id) = r
token = "t%d-%d" % (topo, stream)
@ -173,7 +182,7 @@ class PurgeHistoryRestServlet(RestServlet):
)
else:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"must specify purge_up_to_event_id or purge_up_to_ts",
errcode=Codes.BAD_JSON,
)
@ -182,7 +191,7 @@ class PurgeHistoryRestServlet(RestServlet):
room_id, token, delete_local_events=delete_local_events
)
return 200, {"purge_id": purge_id}
return HTTPStatus.OK, {"purge_id": purge_id}
class PurgeHistoryStatusRestServlet(RestServlet):
@ -201,7 +210,7 @@ class PurgeHistoryStatusRestServlet(RestServlet):
if purge_status is None:
raise NotFoundError("purge id '%s' not found" % purge_id)
return 200, purge_status.asdict()
return HTTPStatus.OK, purge_status.asdict()
########################################################################################
@ -256,6 +265,8 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
ListRegistrationTokensRestServlet(hs).register(http_server)
NewRegistrationTokenRestServlet(hs).register(http_server)
RegistrationTokenRestServlet(hs).register(http_server)
DestinationsRestServlet(hs).register(http_server)
ListDestinationsRestServlet(hs).register(http_server)
# Some servlets only get registered for the main process.
if hs.config.worker.worker_app is None:

3
synapse/rest/admin/_base.py
View file

@ -13,6 +13,7 @@
# limitations under the License.
import re
from http import HTTPStatus
from typing import Iterable, Pattern
from synapse.api.auth import Auth
@ -62,4 +63,4 @@ async def assert_user_is_admin(auth: Auth, user_id: UserID) -> None:
"""
is_admin = await auth.is_server_admin(user_id)
if not is_admin:
raise AuthError(403, "You are not a server admin")
raise AuthError(HTTPStatus.FORBIDDEN, "You are not a server admin")

21
synapse/rest/admin/devices.py
View file

@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import NotFoundError, SynapseError
@ -53,7 +54,7 @@ class DeviceRestServlet(RestServlet):
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only lookup local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only lookup local users")
u = await self.store.get_user_by_id(target_user.to_string())
if u is None:
@ -62,7 +63,7 @@ class DeviceRestServlet(RestServlet):
device = await self.device_handler.get_device(
target_user.to_string(), device_id
)
return 200, device
return HTTPStatus.OK, device
async def on_DELETE(
self, request: SynapseRequest, user_id: str, device_id: str
@ -71,14 +72,14 @@ class DeviceRestServlet(RestServlet):
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only lookup local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only lookup local users")
u = await self.store.get_user_by_id(target_user.to_string())
if u is None:
raise NotFoundError("Unknown user")
await self.device_handler.delete_device(target_user.to_string(), device_id)
return 200, {}
return HTTPStatus.OK, {}
async def on_PUT(
self, request: SynapseRequest, user_id: str, device_id: str
@ -87,7 +88,7 @@ class DeviceRestServlet(RestServlet):
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only lookup local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only lookup local users")
u = await self.store.get_user_by_id(target_user.to_string())
if u is None:
@ -97,7 +98,7 @@ class DeviceRestServlet(RestServlet):
await self.device_handler.update_device(
target_user.to_string(), device_id, body
)
return 200, {}
return HTTPStatus.OK, {}
class DevicesRestServlet(RestServlet):
@ -124,14 +125,14 @@ class DevicesRestServlet(RestServlet):
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only lookup local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only lookup local users")
u = await self.store.get_user_by_id(target_user.to_string())
if u is None:
raise NotFoundError("Unknown user")
devices = await self.device_handler.get_devices_by_user(target_user.to_string())
return 200, {"devices": devices, "total": len(devices)}
return HTTPStatus.OK, {"devices": devices, "total": len(devices)}
class DeleteDevicesRestServlet(RestServlet):
@ -155,7 +156,7 @@ class DeleteDevicesRestServlet(RestServlet):
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only lookup local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only lookup local users")
u = await self.store.get_user_by_id(target_user.to_string())
if u is None:
@ -167,4 +168,4 @@ class DeleteDevicesRestServlet(RestServlet):
await self.device_handler.delete_devices(
target_user.to_string(), body["devices"]
)
return 200, {}
return HTTPStatus.OK, {}

21
synapse/rest/admin/event_reports.py
View file

@ -13,6 +13,7 @@
# limitations under the License.
import logging
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import Codes, NotFoundError, SynapseError
@ -66,21 +67,23 @@ class EventReportsRestServlet(RestServlet):
if start < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"The start parameter must be a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if limit < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"The limit parameter must be a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if direction not in ("f", "b"):
raise SynapseError(
400, "Unknown direction: %s" % (direction,), errcode=Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"Unknown direction: %s" % (direction,),
errcode=Codes.INVALID_PARAM,
)
event_reports, total = await self.store.get_event_reports_paginate(
@ -90,7 +93,7 @@ class EventReportsRestServlet(RestServlet):
if (start + limit) < total:
ret["next_token"] = start + len(event_reports)
return 200, ret
return HTTPStatus.OK, ret
class EventReportDetailRestServlet(RestServlet):
@ -127,13 +130,17 @@ class EventReportDetailRestServlet(RestServlet):
try:
resolved_report_id = int(report_id)
except ValueError:
raise SynapseError(400, message, errcode=Codes.INVALID_PARAM)
raise SynapseError(
HTTPStatus.BAD_REQUEST, message, errcode=Codes.INVALID_PARAM
)
if resolved_report_id < 0:
raise SynapseError(400, message, errcode=Codes.INVALID_PARAM)
raise SynapseError(
HTTPStatus.BAD_REQUEST, message, errcode=Codes.INVALID_PARAM
)
ret = await self.store.get_event_report(resolved_report_id)
if not ret:
raise NotFoundError("Event report not found")
return 200, ret
return HTTPStatus.OK, ret

135
synapse/rest/admin/federation.py Normal file
View file

@ -0,0 +1,135 @@
# Copyright 2021 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import Codes, NotFoundError, SynapseError
from synapse.http.servlet import RestServlet, parse_integer, parse_string
from synapse.http.site import SynapseRequest
from synapse.rest.admin._base import admin_patterns, assert_requester_is_admin
from synapse.storage.databases.main.transactions import DestinationSortOrder
from synapse.types import JsonDict
if TYPE_CHECKING:
from synapse.server import HomeServer
logger = logging.getLogger(__name__)
class ListDestinationsRestServlet(RestServlet):
"""Get request to list all destinations.
This needs user to have administrator access in Synapse.
GET /_synapse/admin/v1/federation/destinations?from=0&limit=10
returns:
200 OK with list of destinations if success otherwise an error.
The parameters `from` and `limit` are required only for pagination.
By default, a `limit` of 100 is used.
The parameter `destination` can be used to filter by destination.
The parameter `order_by` can be used to order the result.
"""
PATTERNS = admin_patterns("/federation/destinations$")
def __init__(self, hs: "HomeServer"):
self._auth = hs.get_auth()
self._store = hs.get_datastore()
async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
await assert_requester_is_admin(self._auth, request)
start = parse_integer(request, "from", default=0)
limit = parse_integer(request, "limit", default=100)
if start < 0:
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"Query parameter from must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if limit < 0:
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"Query parameter limit must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
destination = parse_string(request, "destination")
order_by = parse_string(
request,
"order_by",
default=DestinationSortOrder.DESTINATION.value,
allowed_values=[dest.value for dest in DestinationSortOrder],
)
direction = parse_string(request, "dir", default="f", allowed_values=("f", "b"))
destinations, total = await self._store.get_destinations_paginate(
start, limit, destination, order_by, direction
)
response = {"destinations": destinations, "total": total}
if (start + limit) < total:
response["next_token"] = str(start + len(destinations))
return HTTPStatus.OK, response
class DestinationsRestServlet(RestServlet):
"""Get details of a destination.
This needs user to have administrator access in Synapse.
GET /_synapse/admin/v1/federation/destinations/<destination>
returns:
200 OK with details of a destination if success otherwise an error.
"""
PATTERNS = admin_patterns("/federation/destinations/(?P<destination>[^/]+)$")
def __init__(self, hs: "HomeServer"):
self._auth = hs.get_auth()
self._store = hs.get_datastore()
async def on_GET(
self, request: SynapseRequest, destination: str
) -> Tuple[int, JsonDict]:
await assert_requester_is_admin(self._auth, request)
destination_retry_timings = await self._store.get_destination_retry_timings(
destination
)
if not destination_retry_timings:
raise NotFoundError("Unknown destination")
last_successful_stream_ordering = (
await self._store.get_destination_last_successful_stream_ordering(
destination
)
)
response = {
"destination": destination,
"failure_ts": destination_retry_timings.failure_ts,
"retry_last_ts": destination_retry_timings.retry_last_ts,
"retry_interval": destination_retry_timings.retry_interval,
"last_successful_stream_ordering": last_successful_stream_ordering,
}
return HTTPStatus.OK, response

5
synapse/rest/admin/groups.py
View file

@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import SynapseError
@ -43,7 +44,7 @@ class DeleteGroupAdminRestServlet(RestServlet):
await assert_user_is_admin(self.auth, requester.user)
if not self.is_mine_id(group_id):
raise SynapseError(400, "Can only delete local groups")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only delete local groups")
await self.group_server.delete_group(group_id, requester.user.to_string())
return 200, {}
return HTTPStatus.OK, {}

53
synapse/rest/admin/media.py
View file

@ -14,6 +14,7 @@
# limitations under the License.
import logging
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import AuthError, Codes, NotFoundError, SynapseError
@ -62,7 +63,7 @@ class QuarantineMediaInRoom(RestServlet):
room_id, requester.user.to_string()
)
return 200, {"num_quarantined": num_quarantined}
return HTTPStatus.OK, {"num_quarantined": num_quarantined}
class QuarantineMediaByUser(RestServlet):
@ -89,7 +90,7 @@ class QuarantineMediaByUser(RestServlet):
user_id, requester.user.to_string()
)
return 200, {"num_quarantined": num_quarantined}
return HTTPStatus.OK, {"num_quarantined": num_quarantined}
class QuarantineMediaByID(RestServlet):
@ -118,7 +119,7 @@ class QuarantineMediaByID(RestServlet):
server_name, media_id, requester.user.to_string()
)
return 200, {}
return HTTPStatus.OK, {}
class UnquarantineMediaByID(RestServlet):
@ -147,7 +148,7 @@ class UnquarantineMediaByID(RestServlet):
# Remove from quarantine this media id
await self.store.quarantine_media_by_id(server_name, media_id, None)
return 200, {}
return HTTPStatus.OK, {}
class ProtectMediaByID(RestServlet):
@ -170,7 +171,7 @@ class ProtectMediaByID(RestServlet):
# Protect this media id
await self.store.mark_local_media_as_safe(media_id, safe=True)
return 200, {}
return HTTPStatus.OK, {}
class UnprotectMediaByID(RestServlet):
@ -193,7 +194,7 @@ class UnprotectMediaByID(RestServlet):
# Unprotect this media id
await self.store.mark_local_media_as_safe(media_id, safe=False)
return 200, {}
return HTTPStatus.OK, {}
class ListMediaInRoom(RestServlet):
@ -211,11 +212,11 @@ class ListMediaInRoom(RestServlet):
requester = await self.auth.get_user_by_req(request)
is_admin = await self.auth.is_server_admin(requester.user)
if not is_admin:
raise AuthError(403, "You are not a server admin")
raise AuthError(HTTPStatus.FORBIDDEN, "You are not a server admin")
local_mxcs, remote_mxcs = await self.store.get_media_mxcs_in_room(room_id)
return 200, {"local": local_mxcs, "remote": remote_mxcs}
return HTTPStatus.OK, {"local": local_mxcs, "remote": remote_mxcs}
class PurgeMediaCacheRestServlet(RestServlet):
@ -233,13 +234,13 @@ class PurgeMediaCacheRestServlet(RestServlet):
if before_ts < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter before_ts must be a positive integer.",
errcode=Codes.INVALID_PARAM,
)
elif before_ts < 30000000000: # Dec 1970 in milliseconds, Aug 2920 in seconds
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter before_ts you provided is from the year 1970. "
+ "Double check that you are providing a timestamp in milliseconds.",
errcode=Codes.INVALID_PARAM,
@ -247,7 +248,7 @@ class PurgeMediaCacheRestServlet(RestServlet):
ret = await self.media_repository.delete_old_remote_media(before_ts)
return 200, ret
return HTTPStatus.OK, ret
class DeleteMediaByID(RestServlet):
@ -267,7 +268,7 @@ class DeleteMediaByID(RestServlet):
await assert_requester_is_admin(self.auth, request)
if self.server_name != server_name:
raise SynapseError(400, "Can only delete local media")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only delete local media")
if await self.store.get_local_media(media_id) is None:
raise NotFoundError("Unknown media")
@ -277,7 +278,7 @@ class DeleteMediaByID(RestServlet):
deleted_media, total = await self.media_repository.delete_local_media_ids(
[media_id]
)
return 200, {"deleted_media": deleted_media, "total": total}
return HTTPStatus.OK, {"deleted_media": deleted_media, "total": total}
class DeleteMediaByDateSize(RestServlet):
@ -304,26 +305,26 @@ class DeleteMediaByDateSize(RestServlet):
if before_ts < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter before_ts must be a positive integer.",
errcode=Codes.INVALID_PARAM,
)
elif before_ts < 30000000000: # Dec 1970 in milliseconds, Aug 2920 in seconds
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter before_ts you provided is from the year 1970. "
+ "Double check that you are providing a timestamp in milliseconds.",
errcode=Codes.INVALID_PARAM,
)
if size_gt < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter size_gt must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if self.server_name != server_name:
raise SynapseError(400, "Can only delete local media")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only delete local media")
logging.info(
"Deleting local media by timestamp: %s, size larger than: %s, keep profile media: %s"
@ -333,7 +334,7 @@ class DeleteMediaByDateSize(RestServlet):
deleted_media, total = await self.media_repository.delete_old_local_media(
before_ts, size_gt, keep_profiles
)
return 200, {"deleted_media": deleted_media, "total": total}
return HTTPStatus.OK, {"deleted_media": deleted_media, "total": total}
class UserMediaRestServlet(RestServlet):
@ -369,7 +370,7 @@ class UserMediaRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.is_mine(UserID.from_string(user_id)):
raise SynapseError(400, "Can only look up local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only look up local users")
user = await self.store.get_user_by_id(user_id)
if user is None:
@ -380,14 +381,14 @@ class UserMediaRestServlet(RestServlet):
if start < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter from must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if limit < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter limit must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
@ -425,7 +426,7 @@ class UserMediaRestServlet(RestServlet):
if (start + limit) < total:
ret["next_token"] = start + len(media)
return 200, ret
return HTTPStatus.OK, ret
async def on_DELETE(
self, request: SynapseRequest, user_id: str
@ -436,7 +437,7 @@ class UserMediaRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.is_mine(UserID.from_string(user_id)):
raise SynapseError(400, "Can only look up local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only look up local users")
user = await self.store.get_user_by_id(user_id)
if user is None:
@ -447,14 +448,14 @@ class UserMediaRestServlet(RestServlet):
if start < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter from must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if limit < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter limit must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
@ -492,7 +493,7 @@ class UserMediaRestServlet(RestServlet):
([row["media_id"] for row in media])
)
return 200, {"deleted_media": deleted_media, "total": total}
return HTTPStatus.OK, {"deleted_media": deleted_media, "total": total}
def register_servlets_for_media_repo(hs: "HomeServer", http_server: HttpServer) -> None:

51
synapse/rest/admin/registration_tokens.py
View file

@ -14,6 +14,7 @@
import logging
import string
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import Codes, NotFoundError, SynapseError
@ -77,7 +78,7 @@ class ListRegistrationTokensRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
valid = parse_boolean(request, "valid")
token_list = await self.store.get_registration_tokens(valid)
return 200, {"registration_tokens": token_list}
return HTTPStatus.OK, {"registration_tokens": token_list}
class NewRegistrationTokenRestServlet(RestServlet):
@ -123,16 +124,20 @@ class NewRegistrationTokenRestServlet(RestServlet):
if "token" in body:
token = body["token"]
if not isinstance(token, str):
raise SynapseError(400, "token must be a string", Codes.INVALID_PARAM)
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"token must be a string",
Codes.INVALID_PARAM,
)
if not (0 < len(token) <= 64):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"token must not be empty and must not be longer than 64 characters",
Codes.INVALID_PARAM,
)
if not set(token).issubset(self.allowed_chars_set):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"token must consist only of characters matched by the regex [A-Za-z0-9-_]",
Codes.INVALID_PARAM,
)
@ -142,11 +147,13 @@ class NewRegistrationTokenRestServlet(RestServlet):
length = body.get("length", 16)
if not isinstance(length, int):
raise SynapseError(
400, "length must be an integer", Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"length must be an integer",
Codes.INVALID_PARAM,
)
if not (0 < length <= 64):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"length must be greater than zero and not greater than 64",
Codes.INVALID_PARAM,
)
@ -162,7 +169,7 @@ class NewRegistrationTokenRestServlet(RestServlet):
or (isinstance(uses_allowed, int) and uses_allowed >= 0)
):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"uses_allowed must be a non-negative integer or null",
Codes.INVALID_PARAM,
)
@ -170,11 +177,15 @@ class NewRegistrationTokenRestServlet(RestServlet):
expiry_time = body.get("expiry_time", None)
if not isinstance(expiry_time, (int, type(None))):
raise SynapseError(
400, "expiry_time must be an integer or null", Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"expiry_time must be an integer or null",
Codes.INVALID_PARAM,
)
if isinstance(expiry_time, int) and expiry_time < self.clock.time_msec():
raise SynapseError(
400, "expiry_time must not be in the past", Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"expiry_time must not be in the past",
Codes.INVALID_PARAM,
)
created = await self.store.create_registration_token(
@ -182,7 +193,9 @@ class NewRegistrationTokenRestServlet(RestServlet):
)
if not created:
raise SynapseError(
400, f"Token already exists: {token}", Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
f"Token already exists: {token}",
Codes.INVALID_PARAM,
)
resp = {
@ -192,7 +205,7 @@ class NewRegistrationTokenRestServlet(RestServlet):
"completed": 0,
"expiry_time": expiry_time,
}
return 200, resp
return HTTPStatus.OK, resp
class RegistrationTokenRestServlet(RestServlet):
@ -261,7 +274,7 @@ class RegistrationTokenRestServlet(RestServlet):
if token_info is None:
raise NotFoundError(f"No such registration token: {token}")
return 200, token_info
return HTTPStatus.OK, token_info
async def on_PUT(self, request: SynapseRequest, token: str) -> Tuple[int, JsonDict]:
"""Update a registration token."""
@ -277,7 +290,7 @@ class RegistrationTokenRestServlet(RestServlet):
or (isinstance(uses_allowed, int) and uses_allowed >= 0)
):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"uses_allowed must be a non-negative integer or null",
Codes.INVALID_PARAM,
)
@ -287,11 +300,15 @@ class RegistrationTokenRestServlet(RestServlet):
expiry_time = body["expiry_time"]
if not isinstance(expiry_time, (int, type(None))):
raise SynapseError(
400, "expiry_time must be an integer or null", Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"expiry_time must be an integer or null",
Codes.INVALID_PARAM,
)
if isinstance(expiry_time, int) and expiry_time < self.clock.time_msec():
raise SynapseError(
400, "expiry_time must not be in the past", Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"expiry_time must not be in the past",
Codes.INVALID_PARAM,
)
new_attributes["expiry_time"] = expiry_time
@ -307,7 +324,7 @@ class RegistrationTokenRestServlet(RestServlet):
if token_info is None:
raise NotFoundError(f"No such registration token: {token}")
return 200, token_info
return HTTPStatus.OK, token_info
async def on_DELETE(
self, request: SynapseRequest, token: str
@ -316,6 +333,6 @@ class RegistrationTokenRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if await self.store.delete_registration_token(token):
return 200, {}
return HTTPStatus.OK, {}
raise NotFoundError(f"No such registration token: {token}")

84
synapse/rest/admin/rooms.py
View file

@ -102,10 +102,9 @@ class RoomRestV2Servlet(RestServlet):
)
if not RoomID.is_valid(room_id):
raise SynapseError(400, "%s is not a legal room ID" % (room_id,))
if not await self._store.get_room(room_id):
raise NotFoundError("Unknown room id %s" % (room_id,))
raise SynapseError(
HTTPStatus.BAD_REQUEST, "%s is not a legal room ID" % (room_id,)
)
delete_id = self._pagination_handler.start_shutdown_and_purge_room(
room_id=room_id,
@ -118,7 +117,7 @@ class RoomRestV2Servlet(RestServlet):
force_purge=force_purge,
)
return 200, {"delete_id": delete_id}
return HTTPStatus.OK, {"delete_id": delete_id}
class DeleteRoomStatusByRoomIdRestServlet(RestServlet):
@ -137,7 +136,9 @@ class DeleteRoomStatusByRoomIdRestServlet(RestServlet):
await assert_requester_is_admin(self._auth, request)
if not RoomID.is_valid(room_id):
raise SynapseError(400, "%s is not a legal room ID" % (room_id,))
raise SynapseError(
HTTPStatus.BAD_REQUEST, "%s is not a legal room ID" % (room_id,)
)
delete_ids = self._pagination_handler.get_delete_ids_by_room(room_id)
if delete_ids is None:
@ -153,7 +154,7 @@ class DeleteRoomStatusByRoomIdRestServlet(RestServlet):
**delete.asdict(),
}
]
return 200, {"results": cast(JsonDict, response)}
return HTTPStatus.OK, {"results": cast(JsonDict, response)}
class DeleteRoomStatusByDeleteIdRestServlet(RestServlet):
@ -175,7 +176,7 @@ class DeleteRoomStatusByDeleteIdRestServlet(RestServlet):
if delete_status is None:
raise NotFoundError("delete id '%s' not found" % delete_id)
return 200, cast(JsonDict, delete_status.asdict())
return HTTPStatus.OK, cast(JsonDict, delete_status.asdict())
class ListRoomRestServlet(RestServlet):
@ -217,7 +218,7 @@ class ListRoomRestServlet(RestServlet):
RoomSortOrder.STATE_EVENTS.value,
):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Unknown value for order_by: %s" % (order_by,),
errcode=Codes.INVALID_PARAM,
)
@ -225,7 +226,7 @@ class ListRoomRestServlet(RestServlet):
search_term = parse_string(request, "search_term", encoding="utf-8")
if search_term == "":
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"search_term cannot be an empty string",
errcode=Codes.INVALID_PARAM,
)
@ -233,7 +234,9 @@ class ListRoomRestServlet(RestServlet):
direction = parse_string(request, "dir", default="f")
if direction not in ("f", "b"):
raise SynapseError(
400, "Unknown direction: %s" % (direction,), errcode=Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"Unknown direction: %s" % (direction,),
errcode=Codes.INVALID_PARAM,
)
reverse_order = True if direction == "b" else False
@ -265,7 +268,7 @@ class ListRoomRestServlet(RestServlet):
else:
response["prev_batch"] = 0
return 200, response
return HTTPStatus.OK, response
class RoomRestServlet(RestServlet):
@ -310,7 +313,7 @@ class RoomRestServlet(RestServlet):
members = await self.store.get_users_in_room(room_id)
ret["joined_local_devices"] = await self.store.count_devices_by_users(members)
return 200, ret
return HTTPStatus.OK, ret
async def on_DELETE(
self, request: SynapseRequest, room_id: str
@ -386,7 +389,7 @@ class RoomRestServlet(RestServlet):
# See https://github.com/python/mypy/issues/4976#issuecomment-579883622
# for some discussion on why this is necessary. Either way,
# `ret` is an opaque dictionary blob as far as the rest of the app cares.
return 200, cast(JsonDict, ret)
return HTTPStatus.OK, cast(JsonDict, ret)
class RoomMembersRestServlet(RestServlet):
@ -413,7 +416,7 @@ class RoomMembersRestServlet(RestServlet):
members = await self.store.get_users_in_room(room_id)
ret = {"members": members, "total": len(members)}
return 200, ret
return HTTPStatus.OK, ret
class RoomStateRestServlet(RestServlet):
@ -443,16 +446,10 @@ class RoomStateRestServlet(RestServlet):
event_ids = await self.store.get_current_state_ids(room_id)
events = await self.store.get_events(event_ids.values())
now = self.clock.time_msec()
room_state = await self._event_serializer.serialize_events(
events.values(),
now,
# We don't bother bundling aggregations in when asked for state
# events, as clients won't use them.
bundle_relations=False,
)
room_state = await self._event_serializer.serialize_events(events.values(), now)
ret = {"state": room_state}
return 200, ret
return HTTPStatus.OK, ret
class JoinRoomAliasServlet(ResolveRoomIdMixin, RestServlet):
@ -481,7 +478,10 @@ class JoinRoomAliasServlet(ResolveRoomIdMixin, RestServlet):
target_user = UserID.from_string(content["user_id"])
if not self.hs.is_mine(target_user):
raise SynapseError(400, "This endpoint can only be used with local users")
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"This endpoint can only be used with local users",
)
if not await self.admin_handler.get_user(target_user):
raise NotFoundError("User not found")
@ -527,7 +527,7 @@ class JoinRoomAliasServlet(ResolveRoomIdMixin, RestServlet):
ratelimit=False,
)
return 200, {"room_id": room_id}
return HTTPStatus.OK, {"room_id": room_id}
class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
@ -568,7 +568,7 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
# Figure out which local users currently have power in the room, if any.
room_state = await self.state_handler.get_current_state(room_id)
if not room_state:
raise SynapseError(400, "Server not in room")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Server not in room")
create_event = room_state[(EventTypes.Create, "")]
power_levels = room_state.get((EventTypes.PowerLevels, ""))
@ -582,7 +582,9 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
admin_users.sort(key=lambda user: user_power[user])
if not admin_users:
raise SynapseError(400, "No local admin user in room")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "No local admin user in room"
)
admin_user_id = None
@ -599,7 +601,7 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
if not admin_user_id:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"No local admin user in room",
)
@ -610,7 +612,7 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
admin_user_id = create_event.sender
if not self.is_mine_id(admin_user_id):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"No local admin user in room",
)
@ -639,7 +641,8 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
except AuthError:
# The admin user we found turned out not to have enough power.
raise SynapseError(
400, "No local admin user in room with power to update power levels."
HTTPStatus.BAD_REQUEST,
"No local admin user in room with power to update power levels.",
)
# Now we check if the user we're granting admin rights to is already in
@ -653,7 +656,7 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
)
if is_joined:
return 200, {}
return HTTPStatus.OK, {}
join_rules = room_state.get((EventTypes.JoinRules, ""))
is_public = False
@ -661,7 +664,7 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
is_public = join_rules.content.get("join_rule") == JoinRules.PUBLIC
if is_public:
return 200, {}
return HTTPStatus.OK, {}
await self.room_member_handler.update_membership(
fake_requester,
@ -670,7 +673,7 @@ class MakeRoomAdminRestServlet(ResolveRoomIdMixin, RestServlet):
action=Membership.INVITE,
)
return 200, {}
return HTTPStatus.OK, {}
class ForwardExtremitiesRestServlet(ResolveRoomIdMixin, RestServlet):
@ -702,7 +705,7 @@ class ForwardExtremitiesRestServlet(ResolveRoomIdMixin, RestServlet):
room_id, _ = await self.resolve_room_id(room_identifier)
deleted_count = await self.store.delete_forward_extremities_for_room(room_id)
return 200, {"deleted": deleted_count}
return HTTPStatus.OK, {"deleted": deleted_count}
async def on_GET(
self, request: SynapseRequest, room_identifier: str
@ -713,7 +716,7 @@ class ForwardExtremitiesRestServlet(ResolveRoomIdMixin, RestServlet):
room_id, _ = await self.resolve_room_id(room_identifier)
extremities = await self.store.get_forward_extremities_for_room(room_id)
return 200, {"count": len(extremities), "results": extremities}
return HTTPStatus.OK, {"count": len(extremities), "results": extremities}
class RoomEventContextServlet(RestServlet):
@ -762,7 +765,9 @@ class RoomEventContextServlet(RestServlet):
)
if not results:
raise SynapseError(404, "Event not found.", errcode=Codes.NOT_FOUND)
raise SynapseError(
HTTPStatus.NOT_FOUND, "Event not found.", errcode=Codes.NOT_FOUND
)
time_now = self.clock.time_msec()
results["events_before"] = await self._event_serializer.serialize_events(
@ -775,13 +780,10 @@ class RoomEventContextServlet(RestServlet):
results["events_after"], time_now
)
results["state"] = await self._event_serializer.serialize_events(
results["state"],
time_now,
# No need to bundle aggregations for state events
bundle_relations=False,
results["state"], time_now
)
return 200, results
return HTTPStatus.OK, results
class BlockRoomRestServlet(RestServlet):

11
synapse/rest/admin/server_notice_servlet.py
View file

@ -11,6 +11,7 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from http import HTTPStatus
from typing import TYPE_CHECKING, Awaitable, Optional, Tuple
from synapse.api.constants import EventTypes
@ -82,11 +83,15 @@ class SendServerNoticeServlet(RestServlet):
# but worker processes still need to initialise SendServerNoticeServlet (as it is part of the
# admin api).
if not self.server_notices_manager.is_enabled():
raise SynapseError(400, "Server notices are not enabled on this server")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Server notices are not enabled on this server"
)
target_user = UserID.from_string(body["user_id"])
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Server notices can only be sent to local users")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Server notices can only be sent to local users"
)
if not await self.admin_handler.get_user(target_user):
raise NotFoundError("User not found")
@ -99,7 +104,7 @@ class SendServerNoticeServlet(RestServlet):
txn_id=txn_id,
)
return 200, {"event_id": event.event_id}
return HTTPStatus.OK, {"event_id": event.event_id}
def on_PUT(
self, request: SynapseRequest, txn_id: str

21
synapse/rest/admin/statistics.py
View file

@ -13,6 +13,7 @@
# limitations under the License.
import logging
from http import HTTPStatus
from typing import TYPE_CHECKING, Tuple
from synapse.api.errors import Codes, SynapseError
@ -53,7 +54,7 @@ class UserMediaStatisticsRestServlet(RestServlet):
UserSortOrder.DISPLAYNAME.value,
):
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Unknown value for order_by: %s" % (order_by,),
errcode=Codes.INVALID_PARAM,
)
@ -61,7 +62,7 @@ class UserMediaStatisticsRestServlet(RestServlet):
start = parse_integer(request, "from", default=0)
if start < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter from must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
@ -69,7 +70,7 @@ class UserMediaStatisticsRestServlet(RestServlet):
limit = parse_integer(request, "limit", default=100)
if limit < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter limit must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
@ -77,7 +78,7 @@ class UserMediaStatisticsRestServlet(RestServlet):
from_ts = parse_integer(request, "from_ts", default=0)
if from_ts < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter from_ts must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
@ -86,13 +87,13 @@ class UserMediaStatisticsRestServlet(RestServlet):
if until_ts is not None:
if until_ts < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter until_ts must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if until_ts <= from_ts:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter until_ts must be greater than from_ts.",
errcode=Codes.INVALID_PARAM,
)
@ -100,7 +101,7 @@ class UserMediaStatisticsRestServlet(RestServlet):
search_term = parse_string(request, "search_term")
if search_term == "":
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter search_term cannot be an empty string.",
errcode=Codes.INVALID_PARAM,
)
@ -108,7 +109,9 @@ class UserMediaStatisticsRestServlet(RestServlet):
direction = parse_string(request, "dir", default="f")
if direction not in ("f", "b"):
raise SynapseError(
400, "Unknown direction: %s" % (direction,), errcode=Codes.INVALID_PARAM
HTTPStatus.BAD_REQUEST,
"Unknown direction: %s" % (direction,),
errcode=Codes.INVALID_PARAM,
)
users_media, total = await self.store.get_users_media_usage_paginate(
@ -118,4 +121,4 @@ class UserMediaStatisticsRestServlet(RestServlet):
if (start + limit) < total:
ret["next_token"] = start + len(users_media)
return 200, ret
return HTTPStatus.OK, ret

173
synapse/rest/admin/users.py
View file

@ -79,14 +79,14 @@ class UsersRestServletV2(RestServlet):
if start < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter from must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
if limit < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Query parameter limit must be a string representing a positive integer.",
errcode=Codes.INVALID_PARAM,
)
@ -122,7 +122,7 @@ class UsersRestServletV2(RestServlet):
if (start + limit) < total:
ret["next_token"] = str(start + len(users))
return 200, ret
return HTTPStatus.OK, ret
class UserRestServletV2(RestServlet):
@ -172,14 +172,14 @@ class UserRestServletV2(RestServlet):
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only look up local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only look up local users")
ret = await self.admin_handler.get_user(target_user)
if not ret:
raise NotFoundError("User not found")
return 200, ret
return HTTPStatus.OK, ret
async def on_PUT(
self, request: SynapseRequest, user_id: str
@ -191,7 +191,10 @@ class UserRestServletV2(RestServlet):
body = parse_json_object_from_request(request)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "This endpoint can only be used with local users")
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"This endpoint can only be used with local users",
)
user = await self.admin_handler.get_user(target_user)
user_id = target_user.to_string()
@ -210,7 +213,7 @@ class UserRestServletV2(RestServlet):
user_type = body.get("user_type", None)
if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
raise SynapseError(400, "Invalid user type")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid user type")
set_admin_to = body.get("admin", False)
if not isinstance(set_admin_to, bool):
@ -223,11 +226,13 @@ class UserRestServletV2(RestServlet):
password = body.get("password", None)
if password is not None:
if not isinstance(password, str) or len(password) > 512:
raise SynapseError(400, "Invalid password")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid password")
deactivate = body.get("deactivated", False)
if not isinstance(deactivate, bool):
raise SynapseError(400, "'deactivated' parameter is not of type boolean")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "'deactivated' parameter is not of type boolean"
)
# convert List[Dict[str, str]] into List[Tuple[str, str]]
if external_ids is not None:
@ -282,7 +287,9 @@ class UserRestServletV2(RestServlet):
user_id,
)
except ExternalIDReuseException:
raise SynapseError(409, "External id is already in use.")
raise SynapseError(
HTTPStatus.CONFLICT, "External id is already in use."
)
if "avatar_url" in body and isinstance(body["avatar_url"], str):
await self.profile_handler.set_avatar_url(
@ -293,7 +300,9 @@ class UserRestServletV2(RestServlet):
if set_admin_to != user["admin"]:
auth_user = requester.user
if target_user == auth_user and not set_admin_to:
raise SynapseError(400, "You may not demote yourself.")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "You may not demote yourself."
)
await self.store.set_server_admin(target_user, set_admin_to)
@ -319,7 +328,8 @@ class UserRestServletV2(RestServlet):
and self.auth_handler.can_change_password()
):
raise SynapseError(
400, "Must provide a password to re-activate an account."
HTTPStatus.BAD_REQUEST,
"Must provide a password to re-activate an account.",
)
await self.deactivate_account_handler.activate_account(
@ -332,7 +342,7 @@ class UserRestServletV2(RestServlet):
user = await self.admin_handler.get_user(target_user)
assert user is not None
return 200, user
return HTTPStatus.OK, user
else: # create user
displayname = body.get("displayname", None)
@ -381,7 +391,9 @@ class UserRestServletV2(RestServlet):
user_id,
)
except ExternalIDReuseException:
raise SynapseError(409, "External id is already in use.")
raise SynapseError(
HTTPStatus.CONFLICT, "External id is already in use."
)
if "avatar_url" in body and isinstance(body["avatar_url"], str):
await self.profile_handler.set_avatar_url(
@ -429,51 +441,61 @@ class UserRegisterServlet(RestServlet):
nonce = secrets.token_hex(64)
self.nonces[nonce] = int(self.reactor.seconds())
return 200, {"nonce": nonce}
return HTTPStatus.OK, {"nonce": nonce}
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
self._clear_old_nonces()
if not self.hs.config.registration.registration_shared_secret:
raise SynapseError(400, "Shared secret registration is not enabled")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Shared secret registration is not enabled"
)
body = parse_json_object_from_request(request)
if "nonce" not in body:
raise SynapseError(400, "nonce must be specified", errcode=Codes.BAD_JSON)
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"nonce must be specified",
errcode=Codes.BAD_JSON,
)
nonce = body["nonce"]
if nonce not in self.nonces:
raise SynapseError(400, "unrecognised nonce")
raise SynapseError(HTTPStatus.BAD_REQUEST, "unrecognised nonce")
# Delete the nonce, so it can't be reused, even if it's invalid
del self.nonces[nonce]
if "username" not in body:
raise SynapseError(
400, "username must be specified", errcode=Codes.BAD_JSON
HTTPStatus.BAD_REQUEST,
"username must be specified",
errcode=Codes.BAD_JSON,
)
else:
if not isinstance(body["username"], str) or len(body["username"]) > 512:
raise SynapseError(400, "Invalid username")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid username")
username = body["username"].encode("utf-8")
if b"\x00" in username:
raise SynapseError(400, "Invalid username")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid username")
if "password" not in body:
raise SynapseError(
400, "password must be specified", errcode=Codes.BAD_JSON
HTTPStatus.BAD_REQUEST,
"password must be specified",
errcode=Codes.BAD_JSON,
)
else:
password = body["password"]
if not isinstance(password, str) or len(password) > 512:
raise SynapseError(400, "Invalid password")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid password")
password_bytes = password.encode("utf-8")
if b"\x00" in password_bytes:
raise SynapseError(400, "Invalid password")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid password")
password_hash = await self.auth_handler.hash(password)
@ -482,10 +504,12 @@ class UserRegisterServlet(RestServlet):
displayname = body.get("displayname", None)
if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
raise SynapseError(400, "Invalid user type")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid user type")
if "mac" not in body:
raise SynapseError(400, "mac must be specified", errcode=Codes.BAD_JSON)
raise SynapseError(
HTTPStatus.BAD_REQUEST, "mac must be specified", errcode=Codes.BAD_JSON
)
got_mac = body["mac"]
@ -507,7 +531,7 @@ class UserRegisterServlet(RestServlet):
want_mac = want_mac_builder.hexdigest()
if not hmac.compare_digest(want_mac.encode("ascii"), got_mac.encode("ascii")):
raise SynapseError(403, "HMAC incorrect")
raise SynapseError(HTTPStatus.FORBIDDEN, "HMAC incorrect")
# Reuse the parts of RegisterRestServlet to reduce code duplication
from synapse.rest.client.register import RegisterRestServlet
@ -524,7 +548,7 @@ class UserRegisterServlet(RestServlet):
)
result = await register._create_registration_details(user_id, body)
return 200, result
return HTTPStatus.OK, result
class WhoisRestServlet(RestServlet):
@ -552,11 +576,11 @@ class WhoisRestServlet(RestServlet):
await assert_user_is_admin(self.auth, auth_user)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only whois a local user")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only whois a local user")
ret = await self.admin_handler.get_whois(target_user)
return 200, ret
return HTTPStatus.OK, ret
class DeactivateAccountRestServlet(RestServlet):
@ -575,7 +599,9 @@ class DeactivateAccountRestServlet(RestServlet):
await assert_user_is_admin(self.auth, requester.user)
if not self.is_mine(UserID.from_string(target_user_id)):
raise SynapseError(400, "Can only deactivate local users")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Can only deactivate local users"
)
if not await self.store.get_user_by_id(target_user_id):
raise NotFoundError("User not found")
@ -597,7 +623,7 @@ class DeactivateAccountRestServlet(RestServlet):
else:
id_server_unbind_result = "no-support"
return 200, {"id_server_unbind_result": id_server_unbind_result}
return HTTPStatus.OK, {"id_server_unbind_result": id_server_unbind_result}
class AccountValidityRenewServlet(RestServlet):
@ -620,7 +646,7 @@ class AccountValidityRenewServlet(RestServlet):
if "user_id" not in body:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"Missing property 'user_id' in the request body",
)
@ -631,7 +657,7 @@ class AccountValidityRenewServlet(RestServlet):
)
res = {"expiration_ts": expiration_ts}
return 200, res
return HTTPStatus.OK, res
class ResetPasswordRestServlet(RestServlet):
@ -678,7 +704,7 @@ class ResetPasswordRestServlet(RestServlet):
await self._set_password_handler.set_password(
target_user_id, new_password_hash, logout_devices, requester
)
return 200, {}
return HTTPStatus.OK, {}
class SearchUsersRestServlet(RestServlet):
@ -712,16 +738,16 @@ class SearchUsersRestServlet(RestServlet):
# To allow all users to get the users list
# if not is_admin and target_user != auth_user:
# raise AuthError(403, "You are not a server admin")
# raise AuthError(HTTPStatus.FORBIDDEN, "You are not a server admin")
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Can only users a local user")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only users a local user")
term = parse_string(request, "term", required=True)
logger.info("term: %s ", term)
ret = await self.store.search_users(term)
return 200, ret
return HTTPStatus.OK, ret
class UserAdminServlet(RestServlet):
@ -765,11 +791,14 @@ class UserAdminServlet(RestServlet):
target_user = UserID.from_string(user_id)
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Only local users can be admins of this homeserver")
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"Only local users can be admins of this homeserver",
)
is_admin = await self.store.is_server_admin(target_user)
return 200, {"admin": is_admin}
return HTTPStatus.OK, {"admin": is_admin}
async def on_PUT(
self, request: SynapseRequest, user_id: str
@ -785,16 +814,19 @@ class UserAdminServlet(RestServlet):
assert_params_in_dict(body, ["admin"])
if not self.hs.is_mine(target_user):
raise SynapseError(400, "Only local users can be admins of this homeserver")
raise SynapseError(
HTTPStatus.BAD_REQUEST,
"Only local users can be admins of this homeserver",
)
set_admin_to = bool(body["admin"])
if target_user == auth_user and not set_admin_to:
raise SynapseError(400, "You may not demote yourself.")
raise SynapseError(HTTPStatus.BAD_REQUEST, "You may not demote yourself.")
await self.store.set_server_admin(target_user, set_admin_to)
return 200, {}
return HTTPStatus.OK, {}
class UserMembershipRestServlet(RestServlet):
@ -816,7 +848,7 @@ class UserMembershipRestServlet(RestServlet):
room_ids = await self.store.get_rooms_for_user(user_id)
ret = {"joined_rooms": list(room_ids), "total": len(room_ids)}
return 200, ret
return HTTPStatus.OK, ret
class PushersRestServlet(RestServlet):
@ -845,7 +877,7 @@ class PushersRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.is_mine(UserID.from_string(user_id)):
raise SynapseError(400, "Can only look up local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only look up local users")
if not await self.store.get_user_by_id(user_id):
raise NotFoundError("User not found")
@ -854,7 +886,10 @@ class PushersRestServlet(RestServlet):
filtered_pushers = [p.as_dict() for p in pushers]
return 200, {"pushers": filtered_pushers, "total": len(filtered_pushers)}
return HTTPStatus.OK, {
"pushers": filtered_pushers,
"total": len(filtered_pushers),
}
class UserTokenRestServlet(RestServlet):
@ -887,16 +922,22 @@ class UserTokenRestServlet(RestServlet):
auth_user = requester.user
if not self.hs.is_mine_id(user_id):
raise SynapseError(400, "Only local users can be logged in as")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Only local users can be logged in as"
)
body = parse_json_object_from_request(request, allow_empty_body=True)
valid_until_ms = body.get("valid_until_ms")
if valid_until_ms and not isinstance(valid_until_ms, int):
raise SynapseError(400, "'valid_until_ms' parameter must be an int")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "'valid_until_ms' parameter must be an int"
)
if auth_user.to_string() == user_id:
raise SynapseError(400, "Cannot use admin API to login as self")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Cannot use admin API to login as self"
)
token = await self.auth_handler.create_access_token_for_user_id(
user_id=auth_user.to_string(),
@ -905,7 +946,7 @@ class UserTokenRestServlet(RestServlet):
puppets_user_id=user_id,
)
return 200, {"access_token": token}
return HTTPStatus.OK, {"access_token": token}
class ShadowBanRestServlet(RestServlet):
@ -947,11 +988,13 @@ class ShadowBanRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.hs.is_mine_id(user_id):
raise SynapseError(400, "Only local users can be shadow-banned")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Only local users can be shadow-banned"
)
await self.store.set_shadow_banned(UserID.from_string(user_id), True)
return 200, {}
return HTTPStatus.OK, {}
async def on_DELETE(
self, request: SynapseRequest, user_id: str
@ -959,11 +1002,13 @@ class ShadowBanRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.hs.is_mine_id(user_id):
raise SynapseError(400, "Only local users can be shadow-banned")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Only local users can be shadow-banned"
)
await self.store.set_shadow_banned(UserID.from_string(user_id), False)
return 200, {}
return HTTPStatus.OK, {}
class RateLimitRestServlet(RestServlet):
@ -995,7 +1040,7 @@ class RateLimitRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.hs.is_mine_id(user_id):
raise SynapseError(400, "Can only look up local users")
raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only look up local users")
if not await self.store.get_user_by_id(user_id):
raise NotFoundError("User not found")
@ -1016,7 +1061,7 @@ class RateLimitRestServlet(RestServlet):
else:
ret = {}
return 200, ret
return HTTPStatus.OK, ret
async def on_POST(
self, request: SynapseRequest, user_id: str
@ -1024,7 +1069,9 @@ class RateLimitRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.hs.is_mine_id(user_id):
raise SynapseError(400, "Only local users can be ratelimited")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Only local users can be ratelimited"
)
if not await self.store.get_user_by_id(user_id):
raise NotFoundError("User not found")
@ -1036,14 +1083,14 @@ class RateLimitRestServlet(RestServlet):
if not isinstance(messages_per_second, int) or messages_per_second < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"%r parameter must be a positive int" % (messages_per_second,),
errcode=Codes.INVALID_PARAM,
)
if not isinstance(burst_count, int) or burst_count < 0:
raise SynapseError(
400,
HTTPStatus.BAD_REQUEST,
"%r parameter must be a positive int" % (burst_count,),
errcode=Codes.INVALID_PARAM,
)
@ -1059,7 +1106,7 @@ class RateLimitRestServlet(RestServlet):
"burst_count": ratelimit.burst_count,
}
return 200, ret
return HTTPStatus.OK, ret
async def on_DELETE(
self, request: SynapseRequest, user_id: str
@ -1067,11 +1114,13 @@ class RateLimitRestServlet(RestServlet):
await assert_requester_is_admin(self.auth, request)
if not self.hs.is_mine_id(user_id):
raise SynapseError(400, "Only local users can be ratelimited")
raise SynapseError(
HTTPStatus.BAD_REQUEST, "Only local users can be ratelimited"
)
if not await self.store.get_user_by_id(user_id):
raise NotFoundError("User not found")
await self.store.delete_ratelimit_for_user(user_id)
return 200, {}
return HTTPStatus.OK, {}

88
synapse/rest/client/login.py
View file

@ -14,7 +14,17 @@
import logging
import re
from typing import TYPE_CHECKING, Any, Awaitable, Callable, Dict, List, Optional, Tuple
from typing import (
TYPE_CHECKING,
Any,
Awaitable,
Callable,
Dict,
List,
Optional,
Tuple,
Union,
)
from typing_extensions import TypedDict
@ -28,7 +38,6 @@ from synapse.http.server import HttpServer, finish_request
from synapse.http.servlet import (
RestServlet,
assert_params_in_dict,
parse_boolean,
parse_bytes_from_args,
parse_json_object_from_request,
parse_string,
@ -63,7 +72,7 @@ class LoginRestServlet(RestServlet):
JWT_TYPE_DEPRECATED = "m.login.jwt"
APPSERVICE_TYPE = "m.login.application_service"
APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service"
REFRESH_TOKEN_PARAM = "org.matrix.msc2918.refresh_token"
REFRESH_TOKEN_PARAM = "refresh_token"
def __init__(self, hs: "HomeServer"):
super().__init__()
@ -81,7 +90,7 @@ class LoginRestServlet(RestServlet):
self.saml2_enabled = hs.config.saml2.saml2_enabled
self.cas_enabled = hs.config.cas.cas_enabled
self.oidc_enabled = hs.config.oidc.oidc_enabled
self._msc2918_enabled = (
self._refresh_tokens_enabled = (
hs.config.registration.refreshable_access_token_lifetime is not None
)
@ -154,14 +163,16 @@ class LoginRestServlet(RestServlet):
async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]:
login_submission = parse_json_object_from_request(request)
if self._msc2918_enabled:
# Check if this login should also issue a refresh token, as per
# MSC2918
should_issue_refresh_token = parse_boolean(
request, name=LoginRestServlet.REFRESH_TOKEN_PARAM, default=False
)
else:
should_issue_refresh_token = False
# Check to see if the client requested a refresh token.
client_requested_refresh_token = login_submission.get(
LoginRestServlet.REFRESH_TOKEN_PARAM, False
)
if not isinstance(client_requested_refresh_token, bool):
raise SynapseError(400, "`refresh_token` should be true or false.")
should_issue_refresh_token = (
self._refresh_tokens_enabled and client_requested_refresh_token
)
try:
if login_submission["type"] in (
@ -291,6 +302,7 @@ class LoginRestServlet(RestServlet):
ratelimit: bool = True,
auth_provider_id: Optional[str] = None,
should_issue_refresh_token: bool = False,
auth_provider_session_id: Optional[str] = None,
) -> LoginResponse:
"""Called when we've successfully authed the user and now need to
actually login them in (e.g. create devices). This gets called on
@ -306,10 +318,10 @@ class LoginRestServlet(RestServlet):
create_non_existent_users: Whether to create the user if they don't
exist. Defaults to False.
ratelimit: Whether to ratelimit the login request.
auth_provider_id: The SSO IdP the user used, if any (just used for the
prometheus metrics).
auth_provider_id: The SSO IdP the user used, if any.
should_issue_refresh_token: True if this login should issue
a refresh token alongside the access token.
auth_provider_session_id: The session ID got during login from the SSO IdP.
Returns:
result: Dictionary of account information after successful login.
@ -342,6 +354,7 @@ class LoginRestServlet(RestServlet):
initial_display_name,
auth_provider_id=auth_provider_id,
should_issue_refresh_token=should_issue_refresh_token,
auth_provider_session_id=auth_provider_session_id,
)
result = LoginResponse(
@ -387,6 +400,7 @@ class LoginRestServlet(RestServlet):
self.auth_handler._sso_login_callback,
auth_provider_id=res.auth_provider_id,
should_issue_refresh_token=should_issue_refresh_token,
auth_provider_session_id=res.auth_provider_session_id,
)
async def _do_jwt_login(
@ -448,9 +462,7 @@ def _get_auth_flow_dict_for_idp(idp: SsoIdentityProvider) -> JsonDict:
class RefreshTokenServlet(RestServlet):
PATTERNS = client_patterns(
"/org.matrix.msc2918.refresh_token/refresh$", releases=(), unstable=True
)
PATTERNS = (re.compile("^/_matrix/client/v1/refresh$"),)
def __init__(self, hs: "HomeServer"):
self._auth_handler = hs.get_auth_handler()
@ -458,6 +470,7 @@ class RefreshTokenServlet(RestServlet):
self.refreshable_access_token_lifetime = (
hs.config.registration.refreshable_access_token_lifetime
)
self.refresh_token_lifetime = hs.config.registration.refresh_token_lifetime
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
refresh_submission = parse_json_object_from_request(request)
@ -467,29 +480,40 @@ class RefreshTokenServlet(RestServlet):
if not isinstance(token, str):
raise SynapseError(400, "Invalid param: refresh_token", Codes.INVALID_PARAM)
valid_until_ms = (
self._clock.time_msec() + self.refreshable_access_token_lifetime
)
access_token, refresh_token = await self._auth_handler.refresh_token(
token, valid_until_ms
)
expires_in_ms = valid_until_ms - self._clock.time_msec()
return (
200,
{
"access_token": access_token,
"refresh_token": refresh_token,
"expires_in_ms": expires_in_ms,
},
now = self._clock.time_msec()
access_valid_until_ms = None
if self.refreshable_access_token_lifetime is not None:
access_valid_until_ms = now + self.refreshable_access_token_lifetime
refresh_valid_until_ms = None
if self.refresh_token_lifetime is not None:
refresh_valid_until_ms = now + self.refresh_token_lifetime
(
access_token,
refresh_token,
actual_access_token_expiry,
) = await self._auth_handler.refresh_token(
token, access_valid_until_ms, refresh_valid_until_ms
)
response: Dict[str, Union[str, int]] = {
"access_token": access_token,
"refresh_token": refresh_token,
}
# expires_in_ms is only present if the token expires
if actual_access_token_expiry is not None:
response["expires_in_ms"] = actual_access_token_expiry - now
return 200, response
class SsoRedirectServlet(RestServlet):
PATTERNS = list(client_patterns("/login/(cas|sso)/redirect$", v1=True)) + [
re.compile(
"^"
+ CLIENT_API_PREFIX
+ "/r0/login/sso/redirect/(?P<idp_id>[A-Za-z0-9_.~-]+)$"
+ "/(r0|v3)/login/sso/redirect/(?P<idp_id>[A-Za-z0-9_.~-]+)$"
)
]

20
synapse/rest/client/register.py
View file

@ -41,7 +41,6 @@ from synapse.http.server import HttpServer, finish_request, respond_with_html
from synapse.http.servlet import (
RestServlet,
assert_params_in_dict,
parse_boolean,
parse_json_object_from_request,
parse_string,
)
@ -420,7 +419,7 @@ class RegisterRestServlet(RestServlet):
self.password_policy_handler = hs.get_password_policy_handler()
self.clock = hs.get_clock()
self._registration_enabled = self.hs.config.registration.enable_registration
self._msc2918_enabled = (
self._refresh_tokens_enabled = (
hs.config.registration.refreshable_access_token_lifetime is not None
)
@ -446,14 +445,15 @@ class RegisterRestServlet(RestServlet):
f"Do not understand membership kind: {kind}",
)
if self._msc2918_enabled:
# Check if this registration should also issue a refresh token, as
# per MSC2918
should_issue_refresh_token = parse_boolean(
request, name="org.matrix.msc2918.refresh_token", default=False
)
else:
should_issue_refresh_token = False
# Check if the clients wishes for this registration to issue a refresh
# token.
client_requested_refresh_tokens = body.get("refresh_token", False)
if not isinstance(client_requested_refresh_tokens, bool):
raise SynapseError(400, "`refresh_token` should be true or false.")
should_issue_refresh_token = (
self._refresh_tokens_enabled and client_requested_refresh_tokens
)
# Pull out the provided username and do basic sanity checks early since
# the auth layer will store these in sessions.

16
synapse/rest/client/relations.py
View file

@ -224,18 +224,14 @@ class RelationPaginationServlet(RestServlet):
)
now = self.clock.time_msec()
# We set bundle_relations to False when retrieving the original
# event because we want the content before relations were applied to
# it.
# Do not bundle aggregations when retrieving the original event because
# we want the content before relations are applied to it.
original_event = await self._event_serializer.serialize_event(
event, now, bundle_relations=False
)
# Similarly, we don't allow relations to be applied to relations, so we
# return the original relations without any aggregations on top of them
# here.
serialized_events = await self._event_serializer.serialize_events(
events, now, bundle_relations=False
event, now, bundle_aggregations=False
)
# The relations returned for the requested event do include their
# bundled aggregations.
serialized_events = await self._event_serializer.serialize_events(events, now)
return_value = pagination_chunk.to_dict()
return_value["chunk"] = serialized_events

67
synapse/rest/client/room.py
View file

@ -716,10 +716,7 @@ class RoomEventContextServlet(RestServlet):
results["events_after"], time_now
)
results["state"] = await self._event_serializer.serialize_events(
results["state"],
time_now,
# No need to bundle aggregations for state events
bundle_relations=False,
results["state"], time_now
)
return 200, results
@ -1070,6 +1067,62 @@ def register_txn_path(
)
class TimestampLookupRestServlet(RestServlet):
"""
API endpoint to fetch the `event_id` of the closest event to the given
timestamp (`ts` query parameter) in the given direction (`dir` query
parameter).
Useful for cases like jump to date so you can start paginating messages from
a given date in the archive.
`ts` is a timestamp in milliseconds where we will find the closest event in
the given direction.
`dir` can be `f` or `b` to indicate forwards and backwards in time from the
given timestamp.
GET /_matrix/client/unstable/org.matrix.msc3030/rooms/<roomID>/timestamp_to_event?ts=<timestamp>&dir=<direction>
{
"event_id": ...
}
"""
PATTERNS = (
re.compile(
"^/_matrix/client/unstable/org.matrix.msc3030"
"/rooms/(?P<room_id>[^/]*)/timestamp_to_event$"
),
)
def __init__(self, hs: "HomeServer"):
super().__init__()
self._auth = hs.get_auth()
self._store = hs.get_datastore()
self.timestamp_lookup_handler = hs.get_timestamp_lookup_handler()
async def on_GET(
self, request: SynapseRequest, room_id: str
) -> Tuple[int, JsonDict]:
requester = await self._auth.get_user_by_req(request)
await self._auth.check_user_in_room(room_id, requester.user.to_string())
timestamp = parse_integer(request, "ts", required=True)
direction = parse_string(request, "dir", default="f", allowed_values=["f", "b"])
(
event_id,
origin_server_ts,
) = await self.timestamp_lookup_handler.get_event_for_timestamp(
requester, room_id, timestamp, direction
)
return 200, {
"event_id": event_id,
"origin_server_ts": origin_server_ts,
}
class RoomSpaceSummaryRestServlet(RestServlet):
PATTERNS = (
re.compile(
@ -1140,7 +1193,7 @@ class RoomSpaceSummaryRestServlet(RestServlet):
class RoomHierarchyRestServlet(RestServlet):
PATTERNS = (
re.compile(
"^/_matrix/client/unstable/org.matrix.msc2946"
"^/_matrix/client/(v1|unstable/org.matrix.msc2946)"
"/rooms/(?P<room_id>[^/]*)/hierarchy$"
),
)
@ -1168,7 +1221,7 @@ class RoomHierarchyRestServlet(RestServlet):
)
return 200, await self._room_summary_handler.get_room_hierarchy(
requester.user.to_string(),
requester,
room_id,
suggested_only=parse_boolean(request, "suggested_only", default=False),
max_depth=max_depth,
@ -1239,6 +1292,8 @@ def register_servlets(
RoomAliasListServlet(hs).register(http_server)
SearchRestServlet(hs).register(http_server)
RoomCreateRestServlet(hs).register(http_server)
if hs.config.experimental.msc3030_enabled:
TimestampLookupRestServlet(hs).register(http_server)
# Some servlets only get registered for the main process.
if not is_worker:

6
synapse/rest/client/sync.py
View file

@ -520,9 +520,9 @@ class SyncRestServlet(RestServlet):
return self._event_serializer.serialize_events(
events,
time_now=time_now,
# We don't bundle "live" events, as otherwise clients
# will end up double counting annotations.
bundle_relations=False,
# Don't bother to bundle aggregations if the timeline is unlimited,
# as clients will have all the necessary information.
bundle_aggregations=room.timeline.limited,
token_id=token_id,
event_format=event_formatter,
only_event_fields=only_fields,

107
synapse/rest/media/v1/filepath.py
View file

@ -43,47 +43,75 @@ GetPathMethod = TypeVar(
)
def _wrap_with_jail_check(func: GetPathMethod) -> GetPathMethod:
def _wrap_with_jail_check(relative: bool) -> Callable[[GetPathMethod], GetPathMethod]:
"""Wraps a path-returning method to check that the returned path(s) do not escape
the media store directory.
The path-returning method may return either a single path, or a list of paths.
The check is not expected to ever fail, unless `func` is missing a call to
`_validate_path_component`, or `_validate_path_component` is buggy.
Args:
func: The `MediaFilePaths` method to wrap. The method may return either a single
path, or a list of paths. Returned paths may be either absolute or relative.
relative: A boolean indicating whether the wrapped method returns paths relative
to the media store directory.
Returns:
The method, wrapped with a check to ensure that the returned path(s) lie within
the media store directory. Raises a `ValueError` if the check fails.
A method which will wrap a path-returning method, adding a check to ensure that
the returned path(s) lie within the media store directory. The check will raise
a `ValueError` if it fails.
"""
@functools.wraps(func)
def _wrapped(
self: "MediaFilePaths", *args: Any, **kwargs: Any
) -> Union[str, List[str]]:
path_or_paths = func(self, *args, **kwargs)
def _wrap_with_jail_check_inner(func: GetPathMethod) -> GetPathMethod:
@functools.wraps(func)
def _wrapped(
self: "MediaFilePaths", *args: Any, **kwargs: Any
) -> Union[str, List[str]]:
path_or_paths = func(self, *args, **kwargs)
if isinstance(path_or_paths, list):
paths_to_check = path_or_paths
else:
paths_to_check = [path_or_paths]
if isinstance(path_or_paths, list):
paths_to_check = path_or_paths
else:
paths_to_check = [path_or_paths]
for path in paths_to_check:
# path may be an absolute or relative path, depending on the method being
# wrapped. When "appending" an absolute path, `os.path.join` discards the
# previous path, which is desired here.
normalized_path = os.path.normpath(os.path.join(self.real_base_path, path))
if (
os.path.commonpath([normalized_path, self.real_base_path])
!= self.real_base_path
):
raise ValueError(f"Invalid media store path: {path!r}")
for path in paths_to_check:
# Construct the path that will ultimately be used.
# We cannot guess whether `path` is relative to the media store
# directory, since the media store directory may itself be a relative
# path.
if relative:
path = os.path.join(self.base_path, path)
normalized_path = os.path.normpath(path)
return path_or_paths
# Now that `normpath` has eliminated `../`s and `./`s from the path,
# `os.path.commonpath` can be used to check whether it lies within the
# media store directory.
if (
os.path.commonpath([normalized_path, self.normalized_base_path])
!= self.normalized_base_path
):
# The path resolves to outside the media store directory,
# or `self.base_path` is `.`, which is an unlikely configuration.
raise ValueError(f"Invalid media store path: {path!r}")
return cast(GetPathMethod, _wrapped)
# Note that `os.path.normpath`/`abspath` has a subtle caveat:
# `a/b/c/../c` will normalize to `a/b/c`, but the former refers to a
# different path if `a/b/c` is a symlink. That is, the check above is
# not perfect and may allow a certain restricted subset of untrustworthy
# paths through. Since the check above is secondary to the main
# `_validate_path_component` checks, it's less important for it to be
# perfect.
#
# As an alternative, `os.path.realpath` will resolve symlinks, but
# proves problematic if there are symlinks inside the media store.
# eg. if `url_store/` is symlinked to elsewhere, its canonical path
# won't match that of the main media store directory.
return path_or_paths
return cast(GetPathMethod, _wrapped)
return _wrap_with_jail_check_inner
ALLOWED_CHARACTERS = set(
@ -127,9 +155,7 @@ class MediaFilePaths:
def __init__(self, primary_base_path: str):
self.base_path = primary_base_path
# The media store directory, with all symlinks resolved.
self.real_base_path = os.path.realpath(primary_base_path)
self.normalized_base_path = os.path.normpath(self.base_path)
# Refuse to initialize if paths cannot be validated correctly for the current
# platform.
@ -140,7 +166,7 @@ class MediaFilePaths:
# for certain homeservers there, since ":"s aren't allowed in paths.
assert os.name == "posix"
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def local_media_filepath_rel(self, media_id: str) -> str:
return os.path.join(
"local_content",
@ -151,7 +177,7 @@ class MediaFilePaths:
local_media_filepath = _wrap_in_base_path(local_media_filepath_rel)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def local_media_thumbnail_rel(
self, media_id: str, width: int, height: int, content_type: str, method: str
) -> str:
@ -167,7 +193,7 @@ class MediaFilePaths:
local_media_thumbnail = _wrap_in_base_path(local_media_thumbnail_rel)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=False)
def local_media_thumbnail_dir(self, media_id: str) -> str:
"""
Retrieve the local store path of thumbnails of a given media_id
@ -185,7 +211,7 @@ class MediaFilePaths:
_validate_path_component(media_id[4:]),
)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def remote_media_filepath_rel(self, server_name: str, file_id: str) -> str:
return os.path.join(
"remote_content",
@ -197,7 +223,7 @@ class MediaFilePaths:
remote_media_filepath = _wrap_in_base_path(remote_media_filepath_rel)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def remote_media_thumbnail_rel(
self,
server_name: str,
@ -223,7 +249,7 @@ class MediaFilePaths:
# Legacy path that was used to store thumbnails previously.
# Should be removed after some time, when most of the thumbnails are stored
# using the new path.
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def remote_media_thumbnail_rel_legacy(
self, server_name: str, file_id: str, width: int, height: int, content_type: str
) -> str:
@ -238,6 +264,7 @@ class MediaFilePaths:
_validate_path_component(file_name),
)
@_wrap_with_jail_check(relative=False)
def remote_media_thumbnail_dir(self, server_name: str, file_id: str) -> str:
return os.path.join(
self.base_path,
@ -248,7 +275,7 @@ class MediaFilePaths:
_validate_path_component(file_id[4:]),
)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def url_cache_filepath_rel(self, media_id: str) -> str:
if NEW_FORMAT_ID_RE.match(media_id):
# Media id is of the form <DATE><RANDOM_STRING>
@ -268,7 +295,7 @@ class MediaFilePaths:
url_cache_filepath = _wrap_in_base_path(url_cache_filepath_rel)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=False)
def url_cache_filepath_dirs_to_delete(self, media_id: str) -> List[str]:
"The dirs to try and remove if we delete the media_id file"
if NEW_FORMAT_ID_RE.match(media_id):
@ -290,7 +317,7 @@ class MediaFilePaths:
),
]
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def url_cache_thumbnail_rel(
self, media_id: str, width: int, height: int, content_type: str, method: str
) -> str:
@ -318,7 +345,7 @@ class MediaFilePaths:
url_cache_thumbnail = _wrap_in_base_path(url_cache_thumbnail_rel)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=True)
def url_cache_thumbnail_directory_rel(self, media_id: str) -> str:
# Media id is of the form <DATE><RANDOM_STRING>
# E.g.: 2017-09-28-fsdRDt24DS234dsf
@ -341,7 +368,7 @@ class MediaFilePaths:
url_cache_thumbnail_directory_rel
)
@_wrap_with_jail_check
@_wrap_with_jail_check(relative=False)
def url_cache_thumbnail_dirs_to_delete(self, media_id: str) -> List[str]:
"The dirs to try and remove if we delete the media_id thumbnails"
# Media id is of the form <DATE><RANDOM_STRING>