Rewrite identity server URLs as required. (#4393)

This takes a mapping of <old> -> <new> and looks up and replaces as required.
2024-10-01 01:36:05 -04:00 · 2019-01-21 15:48:15 +00:00 · 2019-01-21 15:48:15 +00:00 · da757b7759
commit da757b7759
parent 59bc7debf0
2 changed files with 24 additions and 4 deletions
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@ -65,6 +65,8 @@ class RegistrationConfig(Config):
            self.replicate_user_profiles_to = [self.replicate_user_profiles_to, ]

        self.shadow_server = config.get("shadow_server", None)
+        self.rewrite_identity_server_urls = config.get("rewrite_identity_server_urls", {})
+

    def default_config(self, **kwargs):
        registration_shared_secret = random_string_with_symbols(50)
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@ -47,6 +47,7 @@ class IdentityHandler(BaseHandler):
        self.trust_any_id_server_just_for_testing_do_not_use = (
            hs.config.use_insecure_ssl_client_just_for_testing_do_not_use
        )
+        self.rewrite_identity_server_urls = hs.config.rewrite_identity_server_urls

    def _should_trust_id_server(self, id_server):
        if id_server not in self.trusted_id_servers:
@ -84,7 +85,10 @@ class IdentityHandler(BaseHandler):
                'credentials', id_server
            )
            defer.returnValue(None)
-
+        # if we have a rewrite rule set for the identity server,
+        # apply it now.
+        if id_server in self.rewrite_identity_server_urls:
+            id_server = self.rewrite_identity_server_urls[id_server]
        try:
            data = yield self.http_client.get_json(
                "https://%s%s" % (
@ -119,7 +123,10 @@ class IdentityHandler(BaseHandler):
            client_secret = creds['clientSecret']
        else:
            raise SynapseError(400, "No client_secret in creds")
-
+        # if we have a rewrite rule set for the identity server,
+        # apply it now.
+        if id_server in self.rewrite_identity_server_urls:
+            id_server = self.rewrite_identity_server_urls[id_server]
        try:
            data = yield self.http_client.post_urlencoded_get_json(
                "https://%s%s" % (
@ -162,6 +169,11 @@ class IdentityHandler(BaseHandler):
        # deletion request to.
        id_server = next(iter(self.trusted_id_servers))

+        # if we have a rewrite rule set for the identity server,
+        # apply it now.
+        if id_server in self.rewrite_identity_server_urls:
+            id_server = self.rewrite_identity_server_urls[id_server]
+
        url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
        content = {
            "mxid": mxid,
@ -210,7 +222,10 @@ class IdentityHandler(BaseHandler):
            'send_attempt': send_attempt,
        }
        params.update(kwargs)
-
+        # if we have a rewrite rule set for the identity server,
+        # apply it now.
+        if id_server in self.rewrite_identity_server_urls:
+            id_server = self.rewrite_identity_server_urls[id_server]
        try:
            data = yield self.http_client.post_json_get_json(
                "https://%s%s" % (
@ -242,7 +257,10 @@ class IdentityHandler(BaseHandler):
            'send_attempt': send_attempt,
        }
        params.update(kwargs)
-
+        # if we have a rewrite rule set for the identity server,
+        # apply it now.
+        if id_server in self.rewrite_identity_server_urls:
+            id_server = self.rewrite_identity_server_urls[id_server]
        try:
            data = yield self.http_client.post_json_get_json(
                "https://%s%s" % (