Merge pull request #2623 from matrix-org/rav/callbacks_for_auth_providers

Allow password_auth_providers to return a callback
This commit is contained in:
David Baker 2017-11-02 10:49:03 +00:00 committed by GitHub
commit 1f080a6c97
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 7 deletions

View File

@ -70,6 +70,11 @@ Password auth provider classes may optionally provide the following methods.
the canonical ``@localpart:domain`` user id if authentication is successful, the canonical ``@localpart:domain`` user id if authentication is successful,
and ``None`` if not. and ``None`` if not.
Alternatively, the ``Deferred`` can resolve to a ``(str, func)`` tuple, in
which case the second field is a callback which will be called with the
result from the ``/login`` call (including ``access_token``, ``device_id``,
etc.)
``someprovider.check_password``\(*user_id*, *password*) ``someprovider.check_password``\(*user_id*, *password*)
This method provides a simpler interface than ``get_supported_login_types`` This method provides a simpler interface than ``get_supported_login_types``

View File

@ -270,6 +270,7 @@ class AuthHandler(BaseHandler):
sess = self._get_session_info(session_id) sess = self._get_session_info(session_id)
return sess.setdefault('serverdict', {}).get(key, default) return sess.setdefault('serverdict', {}).get(key, default)
@defer.inlineCallbacks
def _check_password_auth(self, authdict, _): def _check_password_auth(self, authdict, _):
if "user" not in authdict or "password" not in authdict: if "user" not in authdict or "password" not in authdict:
raise LoginError(400, "", Codes.MISSING_PARAM) raise LoginError(400, "", Codes.MISSING_PARAM)
@ -277,10 +278,11 @@ class AuthHandler(BaseHandler):
user_id = authdict["user"] user_id = authdict["user"]
password = authdict["password"] password = authdict["password"]
return self.validate_login(user_id, { (canonical_id, callback) = yield self.validate_login(user_id, {
"type": LoginType.PASSWORD, "type": LoginType.PASSWORD,
"password": password, "password": password,
}) })
defer.returnValue(canonical_id)
@defer.inlineCallbacks @defer.inlineCallbacks
def _check_recaptcha(self, authdict, clientip): def _check_recaptcha(self, authdict, clientip):
@ -517,7 +519,8 @@ class AuthHandler(BaseHandler):
login_submission (dict): the whole of the login submission login_submission (dict): the whole of the login submission
(including 'type' and other relevant fields) (including 'type' and other relevant fields)
Returns: Returns:
Deferred[str]: canonical user id Deferred[str, func]: canonical user id, and optional callback
to be called once the access token and device id are issued
Raises: Raises:
StoreError if there was a problem accessing the database StoreError if there was a problem accessing the database
SynapseError if there was a problem with the request SynapseError if there was a problem with the request
@ -581,11 +584,13 @@ class AuthHandler(BaseHandler):
), ),
) )
returned_user_id = yield provider.check_auth( result = yield provider.check_auth(
username, login_type, login_dict, username, login_type, login_dict,
) )
if returned_user_id: if result:
defer.returnValue(returned_user_id) if isinstance(result, str):
result = (result, None)
defer.returnValue(result)
if login_type == LoginType.PASSWORD: if login_type == LoginType.PASSWORD:
known_login_type = True known_login_type = True
@ -595,7 +600,7 @@ class AuthHandler(BaseHandler):
) )
if canonical_user_id: if canonical_user_id:
defer.returnValue(canonical_user_id) defer.returnValue((canonical_user_id, None))
if not known_login_type: if not known_login_type:
raise SynapseError(400, "Unknown login type %s" % login_type) raise SynapseError(400, "Unknown login type %s" % login_type)

View File

@ -219,7 +219,7 @@ class LoginRestServlet(ClientV1RestServlet):
raise SynapseError(400, "User identifier is missing 'user' key") raise SynapseError(400, "User identifier is missing 'user' key")
auth_handler = self.auth_handler auth_handler = self.auth_handler
canonical_user_id = yield auth_handler.validate_login( canonical_user_id, callback = yield auth_handler.validate_login(
identifier["user"], identifier["user"],
login_submission, login_submission,
) )
@ -238,6 +238,9 @@ class LoginRestServlet(ClientV1RestServlet):
"device_id": device_id, "device_id": device_id,
} }
if callback is not None:
yield callback(result)
defer.returnValue((200, result)) defer.returnValue((200, result))
@defer.inlineCallbacks @defer.inlineCallbacks