Add helper function for getting access_tokens from requests

Rather than reimplementing the token parsing in the various places. This will make it easier to change the token parsing to allow access_tokens in HTTP headers.
2025-12-15 17:28:54 -05:00 · 2016-09-09 16:29:10 +01:00 · 2016-09-09 16:29:10 +01:00 · 8aee5aa068
commit 8aee5aa068
parent 685da5a3b0
6 changed files with 67 additions and 27 deletions
--- a/synapse/rest/client/v1/logout.py
+++ b/synapse/rest/client/v1/logout.py
@ -15,7 +15,7 @@

 from twisted.internet import defer

-from synapse.api.errors import AuthError, Codes
+from synapse.api.auth import get_access_token_from_request

 from .base import ClientV1RestServlet, client_path_patterns

@ -37,13 +37,7 @@ class LogoutRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_POST(self, request):
-        try:
-            access_token = request.args["access_token"][0]
-        except KeyError:
-            raise AuthError(
-                self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.",
-                errcode=Codes.MISSING_TOKEN
-            )
+        access_token = get_access_token_from_request(request)
        yield self.store.delete_access_token(access_token)
        defer.returnValue((200, {}))

--- a/synapse/rest/client/v1/register.py
+++ b/synapse/rest/client/v1/register.py
@ -18,6 +18,7 @@ from twisted.internet import defer

 from synapse.api.errors import SynapseError, Codes
 from synapse.api.constants import LoginType
+from synapse.api.auth import get_access_token_from_request
 from .base import ClientV1RestServlet, client_path_patterns
 import synapse.util.stringutils as stringutils
 from synapse.http.servlet import parse_json_object_from_request
@ -296,12 +297,11 @@ class RegisterRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def _do_app_service(self, request, register_json, session):
-        if "access_token" not in request.args:
-            raise SynapseError(400, "Expected application service token.")
+        as_token = get_access_token_from_request(request)
+
        if "user" not in register_json:
            raise SynapseError(400, "Expected 'user' key.")

-        as_token = request.args["access_token"][0]
        user_localpart = register_json["user"].encode("utf-8")

        handler = self.handlers.registration_handler
@ -390,11 +390,9 @@ class CreateUserRestServlet(ClientV1RestServlet):
    def on_POST(self, request):
        user_json = parse_json_object_from_request(request)

-        if "access_token" not in request.args:
-            raise SynapseError(400, "Expected application service token.")
-
+        access_token = get_access_token_from_request(request)
        app_service = yield self.store.get_app_service_by_token(
-            request.args["access_token"][0]
+            access_token
        )
        if not app_service:
            raise SynapseError(403, "Invalid application service token.")
--- a/synapse/rest/client/v1/transactions.py
+++ b/synapse/rest/client/v1/transactions.py
@ -17,6 +17,8 @@
 to ensure idempotency when performing PUTs using the REST API."""
 import logging

+from synapse.api.auth import get_access_token_from_request
+
 logger = logging.getLogger(__name__)


@ -90,6 +92,6 @@ class HttpTransactionStore(object):
        return response

    def _get_key(self, request):
-        token = request.args["access_token"][0]
+        token = get_access_token_from_request(request)
        path_without_txn_id = request.path.rsplit("/", 1)[0]
        return path_without_txn_id + "/" + token
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@ -15,6 +15,7 @@

 from twisted.internet import defer

+from synapse.api.auth import get_access_token_from_request, has_access_token
 from synapse.api.constants import LoginType
 from synapse.api.errors import SynapseError, Codes, UnrecognizedRequestError
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
@ -131,7 +132,7 @@ class RegisterRestServlet(RestServlet):
            desired_username = body['username']

        appservice = None
-        if 'access_token' in request.args:
+        if has_access_token(request):
            appservice = yield self.auth.get_appservice_by_req(request)

        # fork off as soon as possible for ASes and shared secret auth which
@ -143,10 +144,11 @@ class RegisterRestServlet(RestServlet):
            # 'user' key not 'username'). Since this is a new addition, we'll
            # fallback to 'username' if they gave one.
            desired_username = body.get("user", desired_username)
+            access_token = get_access_token_from_request(request)

            if isinstance(desired_username, basestring):
                result = yield self._do_appservice_registration(
-                    desired_username, request.args["access_token"][0], body
+                    desired_username, access_token, body
                )
            defer.returnValue((200, result))  # we throw for non 200 responses
            return
--- a/synapse/rest/client/v2_alpha/thirdparty.py
+++ b/synapse/rest/client/v2_alpha/thirdparty.py
@ -57,7 +57,7 @@ class ThirdPartyUserServlet(RestServlet):
        yield self.auth.get_user_by_req(request)

        fields = request.args
-        del fields["access_token"]
+        fields.pop("access_token", None)

        results = yield self.appservice_handler.query_3pe(
            ThirdPartyEntityKind.USER, protocol, fields
@ -81,7 +81,7 @@ class ThirdPartyLocationServlet(RestServlet):
        yield self.auth.get_user_by_req(request)

        fields = request.args
-        del fields["access_token"]
+        fields.pop("access_token", None)

        results = yield self.appservice_handler.query_3pe(
            ThirdPartyEntityKind.LOCATION, protocol, fields