mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
Drop support for calling /_matrix/client/v3/account/3pid/bind
without an id_access_token
(#13239)
Fixes #13201 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
This commit is contained in:
parent
52a0c8f2f7
commit
7218a0ca18
1
changelog.d/13239.removal
Normal file
1
changelog.d/13239.removal
Normal file
@ -0,0 +1 @@
|
|||||||
|
Drop support for calling `/_matrix/client/v3/account/3pid/bind` without an `id_access_token`, which was not permitted by the spec. Contributed by @Vetchu.
|
@ -162,8 +162,7 @@ class IdentityHandler:
|
|||||||
sid: str,
|
sid: str,
|
||||||
mxid: str,
|
mxid: str,
|
||||||
id_server: str,
|
id_server: str,
|
||||||
id_access_token: Optional[str] = None,
|
id_access_token: str,
|
||||||
use_v2: bool = True,
|
|
||||||
) -> JsonDict:
|
) -> JsonDict:
|
||||||
"""Bind a 3PID to an identity server
|
"""Bind a 3PID to an identity server
|
||||||
|
|
||||||
@ -173,8 +172,7 @@ class IdentityHandler:
|
|||||||
mxid: The MXID to bind the 3PID to
|
mxid: The MXID to bind the 3PID to
|
||||||
id_server: The domain of the identity server to query
|
id_server: The domain of the identity server to query
|
||||||
id_access_token: The access token to authenticate to the identity
|
id_access_token: The access token to authenticate to the identity
|
||||||
server with, if necessary. Required if use_v2 is true
|
server with
|
||||||
use_v2: Whether to use v2 Identity Service API endpoints. Defaults to True
|
|
||||||
|
|
||||||
Raises:
|
Raises:
|
||||||
SynapseError: On any of the following conditions
|
SynapseError: On any of the following conditions
|
||||||
@ -186,24 +184,15 @@ class IdentityHandler:
|
|||||||
"""
|
"""
|
||||||
logger.debug("Proxying threepid bind request for %s to %s", mxid, id_server)
|
logger.debug("Proxying threepid bind request for %s to %s", mxid, id_server)
|
||||||
|
|
||||||
# If an id_access_token is not supplied, force usage of v1
|
|
||||||
if id_access_token is None:
|
|
||||||
use_v2 = False
|
|
||||||
|
|
||||||
if not valid_id_server_location(id_server):
|
if not valid_id_server_location(id_server):
|
||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
400,
|
400,
|
||||||
"id_server must be a valid hostname with optional port and path components",
|
"id_server must be a valid hostname with optional port and path components",
|
||||||
)
|
)
|
||||||
|
|
||||||
# Decide which API endpoint URLs to use
|
|
||||||
headers = {}
|
|
||||||
bind_data = {"sid": sid, "client_secret": client_secret, "mxid": mxid}
|
bind_data = {"sid": sid, "client_secret": client_secret, "mxid": mxid}
|
||||||
if use_v2:
|
bind_url = "https://%s/_matrix/identity/v2/3pid/bind" % (id_server,)
|
||||||
bind_url = "https://%s/_matrix/identity/v2/3pid/bind" % (id_server,)
|
headers = {"Authorization": create_id_access_token_header(id_access_token)}
|
||||||
headers["Authorization"] = create_id_access_token_header(id_access_token) # type: ignore
|
|
||||||
else:
|
|
||||||
bind_url = "https://%s/_matrix/identity/api/v1/3pid/bind" % (id_server,)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# Use the blacklisting http client as this call is only to identity servers
|
# Use the blacklisting http client as this call is only to identity servers
|
||||||
@ -222,21 +211,14 @@ class IdentityHandler:
|
|||||||
|
|
||||||
return data
|
return data
|
||||||
except HttpResponseException as e:
|
except HttpResponseException as e:
|
||||||
if e.code != 404 or not use_v2:
|
logger.error("3PID bind failed with Matrix error: %r", e)
|
||||||
logger.error("3PID bind failed with Matrix error: %r", e)
|
raise e.to_synapse_error()
|
||||||
raise e.to_synapse_error()
|
|
||||||
except RequestTimedOutError:
|
except RequestTimedOutError:
|
||||||
raise SynapseError(500, "Timed out contacting identity server")
|
raise SynapseError(500, "Timed out contacting identity server")
|
||||||
except CodeMessageException as e:
|
except CodeMessageException as e:
|
||||||
data = json_decoder.decode(e.msg) # XXX WAT?
|
data = json_decoder.decode(e.msg) # XXX WAT?
|
||||||
return data
|
return data
|
||||||
|
|
||||||
logger.info("Got 404 when POSTing JSON %s, falling back to v1 URL", bind_url)
|
|
||||||
res = await self.bind_threepid(
|
|
||||||
client_secret, sid, mxid, id_server, id_access_token, use_v2=False
|
|
||||||
)
|
|
||||||
return res
|
|
||||||
|
|
||||||
async def try_unbind_threepid(self, mxid: str, threepid: dict) -> bool:
|
async def try_unbind_threepid(self, mxid: str, threepid: dict) -> bool:
|
||||||
"""Attempt to remove a 3PID from an identity server, or if one is not provided, all
|
"""Attempt to remove a 3PID from an identity server, or if one is not provided, all
|
||||||
identity servers we're aware the binding is present on
|
identity servers we're aware the binding is present on
|
||||||
|
@ -704,10 +704,12 @@ class ThreepidBindRestServlet(RestServlet):
|
|||||||
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||||
body = parse_json_object_from_request(request)
|
body = parse_json_object_from_request(request)
|
||||||
|
|
||||||
assert_params_in_dict(body, ["id_server", "sid", "client_secret"])
|
assert_params_in_dict(
|
||||||
|
body, ["id_server", "sid", "id_access_token", "client_secret"]
|
||||||
|
)
|
||||||
id_server = body["id_server"]
|
id_server = body["id_server"]
|
||||||
sid = body["sid"]
|
sid = body["sid"]
|
||||||
id_access_token = body.get("id_access_token") # optional
|
id_access_token = body["id_access_token"]
|
||||||
client_secret = body["client_secret"]
|
client_secret = body["client_secret"]
|
||||||
assert_valid_client_secret(client_secret)
|
assert_valid_client_secret(client_secret)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user