Make the AS login method call Auth.get_user_by_req for checking the AS token. (#13094)

This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly.

Signed-off-by: Quentin Gliech <quenting@element.io>
This commit is contained in:
Quentin Gliech 2022-07-12 12:06:29 -05:00 committed by GitHub
parent 2d82cdafd2
commit b19060a29b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 2 deletions

1
changelog.d/13094.misc Normal file
View File

@ -0,0 +1 @@
Make the AS login method call `Auth.get_user_by_req` for checking the AS token.

View File

@ -28,7 +28,7 @@ from typing import (
from typing_extensions import TypedDict
from synapse.api.errors import Codes, LoginError, SynapseError
from synapse.api.errors import Codes, InvalidClientTokenError, LoginError, SynapseError
from synapse.api.ratelimiting import Ratelimiter
from synapse.api.urls import CLIENT_API_PREFIX
from synapse.appservice import ApplicationService
@ -172,7 +172,13 @@ class LoginRestServlet(RestServlet):
try:
if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
appservice = self.auth.get_appservice_by_req(request)
requester = await self.auth.get_user_by_req(request)
appservice = requester.app_service
if appservice is None:
raise InvalidClientTokenError(
"This login method is only valid for application services"
)
if appservice.is_rate_limited():
await self._address_ratelimiter.ratelimit(