Skip to content

Commit

Permalink
Skip UIA device endpoints for ASes
Browse files Browse the repository at this point in the history
  • Loading branch information
sandhose committed Sep 12, 2024
1 parent 68cb2b9 commit 12a0b2d
Showing 1 changed file with 31 additions and 21 deletions.
52 changes: 31 additions & 21 deletions synapse/rest/client/devices.py
Original file line number Diff line number Diff line change
Expand Up @@ -114,15 +114,19 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
else:
raise e

await self.auth_handler.validate_user_via_ui_auth(
requester,
request,
body.dict(exclude_unset=True),
"remove device(s) from your account",
# Users might call this multiple times in a row while cleaning up
# devices, allow a single UI auth session to be re-used.
can_skip_ui_auth=True,
)
if requester.app_service and requester.app_service.msc4190_device_management:
# MSC4190 can skip UIA for this endpoint
pass
else:
await self.auth_handler.validate_user_via_ui_auth(
requester,
request,
body.dict(exclude_unset=True),
"remove device(s) from your account",
# Users might call this multiple times in a row while cleaning up
# devices, allow a single UI auth session to be re-used.
can_skip_ui_auth=True,
)

await self.device_handler.delete_devices(
requester.user.to_string(), body.devices
Expand Down Expand Up @@ -175,9 +179,6 @@ class DeleteBody(RequestBodyModel):
async def on_DELETE(
self, request: SynapseRequest, device_id: str
) -> Tuple[int, JsonDict]:
if self._msc3861_oauth_delegation_enabled:
raise UnrecognizedRequestError(code=404)

requester = await self.auth.get_user_by_req(request)

try:
Expand All @@ -192,15 +193,24 @@ async def on_DELETE(
else:
raise

await self.auth_handler.validate_user_via_ui_auth(
requester,
request,
body.dict(exclude_unset=True),
"remove a device from your account",
# Users might call this multiple times in a row while cleaning up
# devices, allow a single UI auth session to be re-used.
can_skip_ui_auth=True,
)
if requester.app_service and requester.app_service.msc4190_device_management:
# MSC4190 allows appservices to delete devices through this endpoint without UIA
# It's also allowed with MSC3861 enabled
pass

else:
if self._msc3861_oauth_delegation_enabled:
raise UnrecognizedRequestError(code=404)

await self.auth_handler.validate_user_via_ui_auth(
requester,
request,
body.dict(exclude_unset=True),
"remove a device from your account",
# Users might call this multiple times in a row while cleaning up
# devices, allow a single UI auth session to be re-used.
can_skip_ui_auth=True,
)

await self.device_handler.delete_devices(
requester.user.to_string(), [device_id]
Expand Down

0 comments on commit 12a0b2d

Please sign in to comment.