mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Use real AS object by passing it through the requester
This means synapse does not have to check if the AS is interested, but instead it effectively re-uses what it already knew about the requesting user
This commit is contained in:
parent
5b54d51d1e
commit
1b17d1a106
@ -603,10 +603,10 @@ class Auth(object):
|
||||
"""
|
||||
# Can optionally look elsewhere in the request (e.g. headers)
|
||||
try:
|
||||
user_id = yield self._get_appservice_user_id(request)
|
||||
user_id, as_user = yield self._get_appservice_user_id(request)
|
||||
if user_id:
|
||||
request.authenticated_entity = user_id
|
||||
defer.returnValue(synapse.types.create_requester(user_id))
|
||||
defer.returnValue(synapse.types.create_requester(user_id, as_user=as_user))
|
||||
|
||||
access_token = get_access_token_from_request(
|
||||
request, self.TOKEN_NOT_FOUND_HTTP_STATUS
|
||||
@ -644,7 +644,7 @@ class Auth(object):
|
||||
request.authenticated_entity = user.to_string()
|
||||
|
||||
defer.returnValue(synapse.types.create_requester(
|
||||
user, token_id, is_guest, device_id))
|
||||
user, token_id, is_guest, device_id, as_user=as_user))
|
||||
except KeyError:
|
||||
raise AuthError(
|
||||
self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.",
|
||||
@ -659,14 +659,14 @@ class Auth(object):
|
||||
)
|
||||
)
|
||||
if app_service is None:
|
||||
defer.returnValue(None)
|
||||
defer.returnValue((None, None))
|
||||
|
||||
if "user_id" not in request.args:
|
||||
defer.returnValue(app_service.sender)
|
||||
defer.returnValue((app_service.sender, app_service))
|
||||
|
||||
user_id = request.args["user_id"][0]
|
||||
if app_service.sender == user_id:
|
||||
defer.returnValue(app_service.sender)
|
||||
defer.returnValue((app_service.sender, app_service))
|
||||
|
||||
if not app_service.is_interested_in_user(user_id):
|
||||
raise AuthError(
|
||||
@ -678,7 +678,7 @@ class Auth(object):
|
||||
403,
|
||||
"Application service has not registered this user"
|
||||
)
|
||||
defer.returnValue(user_id)
|
||||
defer.returnValue((user_id, app_service))
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def get_user_by_access_token(self, token, rights="access"):
|
||||
|
@ -65,14 +65,9 @@ class BaseHandler(object):
|
||||
if app_service is not None:
|
||||
return # do not ratelimit app service senders
|
||||
|
||||
should_rate_limit = True
|
||||
|
||||
for service in self.store.get_app_services():
|
||||
if service.is_interested_in_user(user_id):
|
||||
should_rate_limit = service.is_rate_limited()
|
||||
break
|
||||
|
||||
if not should_rate_limit:
|
||||
if requester.as_user and not requester.as_user.is_rate_limited():
|
||||
# do not ratelimit users of which a non-rate-limited AS is
|
||||
# acting on behalf
|
||||
return
|
||||
|
||||
allowed, time_allowed = self.ratelimiter.send_message(
|
||||
|
@ -19,7 +19,7 @@ from collections import namedtuple
|
||||
|
||||
|
||||
Requester = namedtuple("Requester",
|
||||
["user", "access_token_id", "is_guest", "device_id"])
|
||||
["user", "access_token_id", "is_guest", "device_id", "as_user"])
|
||||
"""
|
||||
Represents the user making a request
|
||||
|
||||
@ -29,11 +29,12 @@ Attributes:
|
||||
request, or None if it came via the appservice API or similar
|
||||
is_guest (bool): True if the user making this request is a guest user
|
||||
device_id (str|None): device_id which was set at authentication time
|
||||
as_user (ApplicationService|None): the AS requesting on behalf of the user
|
||||
"""
|
||||
|
||||
|
||||
def create_requester(user_id, access_token_id=None, is_guest=False,
|
||||
device_id=None):
|
||||
device_id=None, as_user=None):
|
||||
"""
|
||||
Create a new ``Requester`` object
|
||||
|
||||
@ -43,13 +44,14 @@ def create_requester(user_id, access_token_id=None, is_guest=False,
|
||||
request, or None if it came via the appservice API or similar
|
||||
is_guest (bool): True if the user making this request is a guest user
|
||||
device_id (str|None): device_id which was set at authentication time
|
||||
as_user (ApplicationService|None): the AS requesting on behalf of the user
|
||||
|
||||
Returns:
|
||||
Requester
|
||||
"""
|
||||
if not isinstance(user_id, UserID):
|
||||
user_id = UserID.from_string(user_id)
|
||||
return Requester(user_id, access_token_id, is_guest, device_id)
|
||||
return Requester(user_id, access_token_id, is_guest, device_id, as_user)
|
||||
|
||||
|
||||
def get_domain_from_id(string):
|
||||
|
Loading…
Reference in New Issue
Block a user