mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Burminate v1auth
This closes #2602 v1auth was created to account for the differences in status code between the v1 and v2_alpha revisions of the protocol (401 vs 403 for invalid tokens). However since those protocols were merged, this makes the r0 version/endpoint internally inconsistent, and violates the specification for the r0 endpoint. This might break clients that rely on this inconsistency with the specification. This is said to affect the legacy angular reference client. However, I feel that restoring parity with the spec is more important. Either way, it is critical to inform developers about this change, in case they rely on the illegal behaviour. Signed-off-by: Adrian Tschira <nota@notafile.com>
This commit is contained in:
parent
2ad3fc36e6
commit
6495dbb326
@ -52,6 +52,10 @@ class ClientV1RestServlet(RestServlet):
|
|||||||
"""A base Synapse REST Servlet for the client version 1 API.
|
"""A base Synapse REST Servlet for the client version 1 API.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
# This subclass was presumably created to allow the auth for the v1
|
||||||
|
# protocol version to be different, however this behaviour was removed.
|
||||||
|
# it may no longer be necessary
|
||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
"""
|
"""
|
||||||
Args:
|
Args:
|
||||||
@ -59,5 +63,5 @@ class ClientV1RestServlet(RestServlet):
|
|||||||
"""
|
"""
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
self.builder_factory = hs.get_event_builder_factory()
|
self.builder_factory = hs.get_event_builder_factory()
|
||||||
self.auth = hs.get_v1auth()
|
self.auth = hs.get_auth()
|
||||||
self.txns = HttpTransactionCache(hs.get_clock())
|
self.txns = HttpTransactionCache(hs.get_clock())
|
||||||
|
@ -150,7 +150,7 @@ class PushersRemoveRestServlet(RestServlet):
|
|||||||
super(RestServlet, self).__init__()
|
super(RestServlet, self).__init__()
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
self.notifier = hs.get_notifier()
|
self.notifier = hs.get_notifier()
|
||||||
self.auth = hs.get_v1auth()
|
self.auth = hs.get_auth()
|
||||||
self.pusher_pool = self.hs.get_pusherpool()
|
self.pusher_pool = self.hs.get_pusherpool()
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
|
@ -105,7 +105,6 @@ class HomeServer(object):
|
|||||||
'federation_client',
|
'federation_client',
|
||||||
'federation_server',
|
'federation_server',
|
||||||
'handlers',
|
'handlers',
|
||||||
'v1auth',
|
|
||||||
'auth',
|
'auth',
|
||||||
'state_handler',
|
'state_handler',
|
||||||
'state_resolution_handler',
|
'state_resolution_handler',
|
||||||
@ -225,15 +224,6 @@ class HomeServer(object):
|
|||||||
def build_simple_http_client(self):
|
def build_simple_http_client(self):
|
||||||
return SimpleHttpClient(self)
|
return SimpleHttpClient(self)
|
||||||
|
|
||||||
def build_v1auth(self):
|
|
||||||
orf = Auth(self)
|
|
||||||
# Matrix spec makes no reference to what HTTP status code is returned,
|
|
||||||
# but the V1 API uses 403 where it means 401, and the webclient
|
|
||||||
# relies on this behaviour, so V1 gets its own copy of the auth
|
|
||||||
# with backwards compat behaviour.
|
|
||||||
orf.TOKEN_NOT_FOUND_HTTP_STATUS = 403
|
|
||||||
return orf
|
|
||||||
|
|
||||||
def build_state_handler(self):
|
def build_state_handler(self):
|
||||||
return StateHandler(self)
|
return StateHandler(self)
|
||||||
|
|
||||||
|
@ -148,11 +148,16 @@ class EventStreamPermissionsTestCase(RestTestCase):
|
|||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def test_stream_basic_permissions(self):
|
def test_stream_basic_permissions(self):
|
||||||
# invalid token, expect 403
|
# invalid token, expect 401
|
||||||
|
# note: this is in violation of the original v1 spec, which expected
|
||||||
|
# 403. However, since the v1 spec no longer exists and the v1
|
||||||
|
# implementation is now part of the r0 implementation, the newer
|
||||||
|
# behaviour is used instead to be consistent with the r0 spec.
|
||||||
|
# see issue #2602
|
||||||
(code, response) = yield self.mock_resource.trigger_get(
|
(code, response) = yield self.mock_resource.trigger_get(
|
||||||
"/events?access_token=%s" % ("invalid" + self.token, )
|
"/events?access_token=%s" % ("invalid" + self.token, )
|
||||||
)
|
)
|
||||||
self.assertEquals(403, code, msg=str(response))
|
self.assertEquals(401, code, msg=str(response))
|
||||||
|
|
||||||
# valid token, expect content
|
# valid token, expect content
|
||||||
(code, response) = yield self.mock_resource.trigger_get(
|
(code, response) = yield self.mock_resource.trigger_get(
|
||||||
|
@ -52,7 +52,7 @@ class ProfileTestCase(unittest.TestCase):
|
|||||||
def _get_user_by_req(request=None, allow_guest=False):
|
def _get_user_by_req(request=None, allow_guest=False):
|
||||||
return synapse.types.create_requester(myid)
|
return synapse.types.create_requester(myid)
|
||||||
|
|
||||||
hs.get_v1auth().get_user_by_req = _get_user_by_req
|
hs.get_auth().get_user_by_req = _get_user_by_req
|
||||||
|
|
||||||
profile.register_servlets(hs, self.mock_resource)
|
profile.register_servlets(hs, self.mock_resource)
|
||||||
|
|
||||||
|
@ -60,7 +60,7 @@ class RoomPermissionsTestCase(RestTestCase):
|
|||||||
"token_id": 1,
|
"token_id": 1,
|
||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
@ -70,7 +70,7 @@ class RoomPermissionsTestCase(RestTestCase):
|
|||||||
|
|
||||||
synapse.rest.client.v1.room.register_servlets(hs, self.mock_resource)
|
synapse.rest.client.v1.room.register_servlets(hs, self.mock_resource)
|
||||||
|
|
||||||
self.auth = hs.get_v1auth()
|
self.auth = hs.get_auth()
|
||||||
|
|
||||||
# create some rooms under the name rmcreator_id
|
# create some rooms under the name rmcreator_id
|
||||||
self.uncreated_rmid = "!aa:test"
|
self.uncreated_rmid = "!aa:test"
|
||||||
@ -425,7 +425,7 @@ class RoomsMemberListTestCase(RestTestCase):
|
|||||||
"token_id": 1,
|
"token_id": 1,
|
||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
@ -507,7 +507,7 @@ class RoomsCreateTestCase(RestTestCase):
|
|||||||
"token_id": 1,
|
"token_id": 1,
|
||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
@ -597,7 +597,7 @@ class RoomTopicTestCase(RestTestCase):
|
|||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
|
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
@ -711,7 +711,7 @@ class RoomMemberStateTestCase(RestTestCase):
|
|||||||
"token_id": 1,
|
"token_id": 1,
|
||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
@ -843,7 +843,7 @@ class RoomMessagesTestCase(RestTestCase):
|
|||||||
"token_id": 1,
|
"token_id": 1,
|
||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
@ -945,7 +945,7 @@ class RoomInitialSyncTestCase(RestTestCase):
|
|||||||
"token_id": 1,
|
"token_id": 1,
|
||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
@ -1017,7 +1017,7 @@ class RoomMessageListTestCase(RestTestCase):
|
|||||||
"token_id": 1,
|
"token_id": 1,
|
||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
|
@ -68,7 +68,7 @@ class RoomTypingTestCase(RestTestCase):
|
|||||||
"is_guest": False,
|
"is_guest": False,
|
||||||
}
|
}
|
||||||
|
|
||||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||||
|
|
||||||
def _insert_client_ip(*args, **kwargs):
|
def _insert_client_ip(*args, **kwargs):
|
||||||
return defer.succeed(None)
|
return defer.succeed(None)
|
||||||
|
Loading…
Reference in New Issue
Block a user