mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-12-24 20:39:22 -05:00
This reverts commit 71fc04069a
.
This broke 3PID invites as #5892 was required for it to work correctly.
This commit is contained in:
parent
5625abe503
commit
3057095a5d
@ -1 +0,0 @@
|
|||||||
Switch to the v2 lookup API for 3PID invites.
|
|
@ -282,16 +282,3 @@ class IdentityHandler(BaseHandler):
|
|||||||
except HttpResponseException as e:
|
except HttpResponseException as e:
|
||||||
logger.info("Proxied requestToken failed: %r", e)
|
logger.info("Proxied requestToken failed: %r", e)
|
||||||
raise e.to_synapse_error()
|
raise e.to_synapse_error()
|
||||||
|
|
||||||
|
|
||||||
class LookupAlgorithm:
|
|
||||||
"""
|
|
||||||
Supported hashing algorithms when performing a 3PID lookup.
|
|
||||||
|
|
||||||
SHA256 - Hashing an (address, medium, pepper) combo with sha256, then url-safe base64
|
|
||||||
encoding
|
|
||||||
NONE - Not performing any hashing. Simply sending an (address, medium) combo in plaintext
|
|
||||||
"""
|
|
||||||
|
|
||||||
SHA256 = "sha256"
|
|
||||||
NONE = "none"
|
|
||||||
|
@ -29,11 +29,9 @@ from twisted.internet import defer
|
|||||||
from synapse import types
|
from synapse import types
|
||||||
from synapse.api.constants import EventTypes, Membership
|
from synapse.api.constants import EventTypes, Membership
|
||||||
from synapse.api.errors import AuthError, Codes, HttpResponseException, SynapseError
|
from synapse.api.errors import AuthError, Codes, HttpResponseException, SynapseError
|
||||||
from synapse.handlers.identity import LookupAlgorithm
|
|
||||||
from synapse.types import RoomID, UserID
|
from synapse.types import RoomID, UserID
|
||||||
from synapse.util.async_helpers import Linearizer
|
from synapse.util.async_helpers import Linearizer
|
||||||
from synapse.util.distributor import user_joined_room, user_left_room
|
from synapse.util.distributor import user_joined_room, user_left_room
|
||||||
from synapse.util.hash import sha256_and_url_safe_base64
|
|
||||||
|
|
||||||
from ._base import BaseHandler
|
from ._base import BaseHandler
|
||||||
|
|
||||||
@ -525,7 +523,7 @@ class RoomMemberHandler(object):
|
|||||||
event (SynapseEvent): The membership event.
|
event (SynapseEvent): The membership event.
|
||||||
context: The context of the event.
|
context: The context of the event.
|
||||||
is_guest (bool): Whether the sender is a guest.
|
is_guest (bool): Whether the sender is a guest.
|
||||||
remote_room_hosts (list[str]|None): Homeservers which are likely to already be in
|
room_hosts ([str]): Homeservers which are likely to already be in
|
||||||
the room, and could be danced with in order to join this
|
the room, and could be danced with in order to join this
|
||||||
homeserver for the first time.
|
homeserver for the first time.
|
||||||
ratelimit (bool): Whether to rate limit this request.
|
ratelimit (bool): Whether to rate limit this request.
|
||||||
@ -636,7 +634,7 @@ class RoomMemberHandler(object):
|
|||||||
servers.remove(room_alias.domain)
|
servers.remove(room_alias.domain)
|
||||||
servers.insert(0, room_alias.domain)
|
servers.insert(0, room_alias.domain)
|
||||||
|
|
||||||
return RoomID.from_string(room_id), servers
|
return (RoomID.from_string(room_id), servers)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def _get_inviter(self, user_id, room_id):
|
def _get_inviter(self, user_id, room_id):
|
||||||
@ -699,44 +697,6 @@ class RoomMemberHandler(object):
|
|||||||
raise SynapseError(
|
raise SynapseError(
|
||||||
403, "Looking up third-party identifiers is denied from this server"
|
403, "Looking up third-party identifiers is denied from this server"
|
||||||
)
|
)
|
||||||
|
|
||||||
# Check what hashing details are supported by this identity server
|
|
||||||
use_v1 = False
|
|
||||||
hash_details = None
|
|
||||||
try:
|
|
||||||
hash_details = yield self.simple_http_client.get_json(
|
|
||||||
"%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server)
|
|
||||||
)
|
|
||||||
except (HttpResponseException, ValueError) as e:
|
|
||||||
# Catch HttpResponseExcept for a non-200 response code
|
|
||||||
# Catch ValueError for non-JSON response body
|
|
||||||
|
|
||||||
# Check if this identity server does not know about v2 lookups
|
|
||||||
if e.code == 404:
|
|
||||||
# This is an old identity server that does not yet support v2 lookups
|
|
||||||
use_v1 = True
|
|
||||||
else:
|
|
||||||
logger.warn("Error when looking up hashing details: %s" % (e,))
|
|
||||||
return None
|
|
||||||
|
|
||||||
if use_v1:
|
|
||||||
return (yield self._lookup_3pid_v1(id_server, medium, address))
|
|
||||||
|
|
||||||
return (yield self._lookup_3pid_v2(id_server, medium, address, hash_details))
|
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
|
||||||
def _lookup_3pid_v1(self, id_server, medium, address):
|
|
||||||
"""Looks up a 3pid in the passed identity server using v1 lookup.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
id_server (str): The server name (including port, if required)
|
|
||||||
of the identity server to use.
|
|
||||||
medium (str): The type of the third party identifier (e.g. "email").
|
|
||||||
address (str): The third party identifier (e.g. "foo@example.com").
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
str: the matrix ID of the 3pid, or None if it is not recognized.
|
|
||||||
"""
|
|
||||||
try:
|
try:
|
||||||
data = yield self.simple_http_client.get_json(
|
data = yield self.simple_http_client.get_json(
|
||||||
"%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server),
|
"%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server),
|
||||||
@ -751,83 +711,8 @@ class RoomMemberHandler(object):
|
|||||||
|
|
||||||
except IOError as e:
|
except IOError as e:
|
||||||
logger.warn("Error from identity server lookup: %s" % (e,))
|
logger.warn("Error from identity server lookup: %s" % (e,))
|
||||||
|
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
|
||||||
def _lookup_3pid_v2(self, id_server, medium, address, hash_details):
|
|
||||||
"""Looks up a 3pid in the passed identity server using v2 lookup.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
id_server (str): The server name (including port, if required)
|
|
||||||
of the identity server to use.
|
|
||||||
medium (str): The type of the third party identifier (e.g. "email").
|
|
||||||
address (str): The third party identifier (e.g. "foo@example.com").
|
|
||||||
hash_details (dict[str, str|list]): A dictionary containing hashing information
|
|
||||||
provided by an identity server.
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
Deferred[str|None]: the matrix ID of the 3pid, or None if it is not recognised.
|
|
||||||
"""
|
|
||||||
# Extract information from hash_details
|
|
||||||
supported_lookup_algorithms = hash_details["algorithms"]
|
|
||||||
lookup_pepper = hash_details["lookup_pepper"]
|
|
||||||
|
|
||||||
# Check if any of the supported lookup algorithms are present
|
|
||||||
if LookupAlgorithm.SHA256 in supported_lookup_algorithms:
|
|
||||||
# Perform a hashed lookup
|
|
||||||
lookup_algorithm = LookupAlgorithm.SHA256
|
|
||||||
|
|
||||||
# Hash address, medium and the pepper with sha256
|
|
||||||
to_hash = "%s %s %s" % (address, medium, lookup_pepper)
|
|
||||||
lookup_value = sha256_and_url_safe_base64(to_hash)
|
|
||||||
|
|
||||||
elif LookupAlgorithm.NONE in supported_lookup_algorithms:
|
|
||||||
# Perform a non-hashed lookup
|
|
||||||
lookup_algorithm = LookupAlgorithm.NONE
|
|
||||||
|
|
||||||
# Combine together plaintext address and medium
|
|
||||||
lookup_value = "%s %s" % (address, medium)
|
|
||||||
|
|
||||||
else:
|
|
||||||
logger.warn(
|
|
||||||
"None of the provided lookup algorithms of %s%s are supported: %s",
|
|
||||||
id_server_scheme,
|
|
||||||
id_server,
|
|
||||||
hash_details["algorithms"],
|
|
||||||
)
|
|
||||||
raise SynapseError(
|
|
||||||
400,
|
|
||||||
"Provided identity server does not support any v2 lookup "
|
|
||||||
"algorithms that this homeserver supports.",
|
|
||||||
)
|
|
||||||
|
|
||||||
try:
|
|
||||||
lookup_results = yield self.simple_http_client.post_json_get_json(
|
|
||||||
"%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server),
|
|
||||||
{
|
|
||||||
"addresses": [lookup_value],
|
|
||||||
"algorithm": lookup_algorithm,
|
|
||||||
"pepper": lookup_pepper,
|
|
||||||
},
|
|
||||||
)
|
|
||||||
except (HttpResponseException, ValueError) as e:
|
|
||||||
# Catch HttpResponseExcept for a non-200 response code
|
|
||||||
# Catch ValueError for non-JSON response body
|
|
||||||
logger.warn("Error when performing a 3pid lookup: %s" % (e,))
|
|
||||||
return None
|
|
||||||
|
|
||||||
# Check for a mapping from what we looked up to an MXID
|
|
||||||
if "mappings" not in lookup_results or not isinstance(
|
|
||||||
lookup_results["mappings"], dict
|
|
||||||
):
|
|
||||||
logger.debug("No results from 3pid lookup")
|
|
||||||
return None
|
|
||||||
|
|
||||||
# Return the MXID if it's available, or None otherwise
|
|
||||||
mxid = lookup_results["mappings"].get(lookup_value)
|
|
||||||
return mxid
|
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def _verify_any_signature(self, data, server_hostname):
|
def _verify_any_signature(self, data, server_hostname):
|
||||||
if server_hostname not in data["signatures"]:
|
if server_hostname not in data["signatures"]:
|
||||||
@ -1077,7 +962,9 @@ class RoomMemberMasterHandler(RoomMemberHandler):
|
|||||||
)
|
)
|
||||||
|
|
||||||
if complexity:
|
if complexity:
|
||||||
return complexity["v1"] > max_complexity
|
if complexity["v1"] > max_complexity:
|
||||||
|
return True
|
||||||
|
return False
|
||||||
return None
|
return None
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
@ -1093,7 +980,10 @@ class RoomMemberMasterHandler(RoomMemberHandler):
|
|||||||
max_complexity = self.hs.config.limit_remote_rooms.complexity
|
max_complexity = self.hs.config.limit_remote_rooms.complexity
|
||||||
complexity = yield self.store.get_room_complexity(room_id)
|
complexity = yield self.store.get_room_complexity(room_id)
|
||||||
|
|
||||||
return complexity["v1"] > max_complexity
|
if complexity["v1"] > max_complexity:
|
||||||
|
return True
|
||||||
|
|
||||||
|
return False
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
|
def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
# -*- coding: utf-8 -*-
|
|
||||||
|
|
||||||
# Copyright 2019 The Matrix.org Foundation C.I.C.
|
|
||||||
#
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
# you may not use this file except in compliance with the License.
|
|
||||||
# You may obtain a copy of the License at
|
|
||||||
#
|
|
||||||
# http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
#
|
|
||||||
# Unless required by applicable law or agreed to in writing, software
|
|
||||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
# See the License for the specific language governing permissions and
|
|
||||||
# limitations under the License.
|
|
||||||
|
|
||||||
import hashlib
|
|
||||||
|
|
||||||
import unpaddedbase64
|
|
||||||
|
|
||||||
|
|
||||||
def sha256_and_url_safe_base64(input_text):
|
|
||||||
"""SHA256 hash an input string, encode the digest as url-safe base64, and
|
|
||||||
return
|
|
||||||
|
|
||||||
:param input_text: string to hash
|
|
||||||
:type input_text: str
|
|
||||||
|
|
||||||
:returns a sha256 hashed and url-safe base64 encoded digest
|
|
||||||
:rtype: str
|
|
||||||
"""
|
|
||||||
digest = hashlib.sha256(input_text.encode()).digest()
|
|
||||||
return unpaddedbase64.encode_base64(digest, urlsafe=True)
|
|
Loading…
Reference in New Issue
Block a user