Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge pull request #3161 from NotAFile/remove-v1auth
Browse files Browse the repository at this point in the history 
Make Client-Server API return 403 for invalid token
  • Loading branch information
@richvdh
richvdh authored May 3, 2018
2 parents 53a5fdf + 6495dbb commit 902673e
Show file tree
Hide file tree
Showing 7 changed files with 24 additions and 25 deletions.
6 changes: 5 additions & 1 deletion synapse/rest/client/v1/base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,16 @@ class ClientV1RestServlet(RestServlet):
"""A base Synapse REST Servlet for the client version 1 API.
"""

# This subclass was presumably created to allow the auth for the v1
# protocol version to be different, however this behaviour was removed.
# it may no longer be necessary

def __init__(self, hs):
"""
Args:
hs (synapse.server.HomeServer):
"""
self.hs = hs
self.builder_factory = hs.get_event_builder_factory()
self.auth = hs.get_v1auth()
self.auth = hs.get_auth()
self.txns = HttpTransactionCache(hs.get_clock())
2 changes: 1 addition & 1 deletion synapse/rest/client/v1/pusher.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ def __init__(self, hs):
super(RestServlet, self).__init__()
self.hs = hs
self.notifier = hs.get_notifier()
self.auth = hs.get_v1auth()
self.auth = hs.get_auth()
self.pusher_pool = self.hs.get_pusherpool()

@defer.inlineCallbacks
Expand Down
10 changes: 0 additions & 10 deletions synapse/server.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,6 @@ def build_DEPENDENCY(self)
'federation_client',
'federation_server',
'handlers',
'v1auth',
'auth',
'state_handler',
'state_resolution_handler',
Expand Down Expand Up @@ -225,15 +224,6 @@ def build_http_client_context_factory(self):
def build_simple_http_client(self):
return SimpleHttpClient(self)

def build_v1auth(self):
orf = Auth(self)
# Matrix spec makes no reference to what HTTP status code is returned,
# but the V1 API uses 403 where it means 401, and the webclient
# relies on this behaviour, so V1 gets its own copy of the auth
# with backwards compat behaviour.
orf.TOKEN_NOT_FOUND_HTTP_STATUS = 403
return orf

def build_state_handler(self):
return StateHandler(self)

Expand Down
9 changes: 7 additions & 2 deletions tests/rest/client/v1/test_events.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,11 +148,16 @@ def tearDown(self):

@defer.inlineCallbacks
def test_stream_basic_permissions(self):
# invalid token, expect 403
# invalid token, expect 401
# note: this is in violation of the original v1 spec, which expected
# 403. However, since the v1 spec no longer exists and the v1
# implementation is now part of the r0 implementation, the newer
# behaviour is used instead to be consistent with the r0 spec.
# see issue #2602
(code, response) = yield self.mock_resource.trigger_get(
"/events?access_token=%s" % ("invalid" + self.token, )
)
self.assertEquals(403, code, msg=str(response))
self.assertEquals(401, code, msg=str(response))

# valid token, expect content
(code, response) = yield self.mock_resource.trigger_get(
Expand Down
2 changes: 1 addition & 1 deletion tests/rest/client/v1/test_profile.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ def setUp(self):
def _get_user_by_req(request=None, allow_guest=False):
return synapse.types.create_requester(myid)

hs.get_v1auth().get_user_by_req = _get_user_by_req
hs.get_auth().get_user_by_req = _get_user_by_req

profile.register_servlets(hs, self.mock_resource)

Expand Down
18 changes: 9 additions & 9 deletions tests/rest/client/v1/test_rooms.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"token_id": 1,
"is_guest": False,
}
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand All @@ -70,7 +70,7 @@ def _insert_client_ip(*args, **kwargs):

synapse.rest.client.v1.room.register_servlets(hs, self.mock_resource)

self.auth = hs.get_v1auth()
self.auth = hs.get_auth()

# create some rooms under the name rmcreator_id
self.uncreated_rmid = "!aa:test"
Expand Down Expand Up @@ -425,7 +425,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"token_id": 1,
"is_guest": False,
}
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down Expand Up @@ -507,7 +507,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"token_id": 1,
"is_guest": False,
}
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down Expand Up @@ -597,7 +597,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"is_guest": False,
}

hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down Expand Up @@ -711,7 +711,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"token_id": 1,
"is_guest": False,
}
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down Expand Up @@ -843,7 +843,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"token_id": 1,
"is_guest": False,
}
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down Expand Up @@ -945,7 +945,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"token_id": 1,
"is_guest": False,
}
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down Expand Up @@ -1017,7 +1017,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"token_id": 1,
"is_guest": False,
}
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down
2 changes: 1 addition & 1 deletion tests/rest/client/v1/test_typing.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ def get_user_by_access_token(token=None, allow_guest=False):
"is_guest": False,
}

hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
hs.get_auth().get_user_by_access_token = get_user_by_access_token

def _insert_client_ip(*args, **kwargs):
return defer.succeed(None)
Expand Down

0 comments on commit 902673e

Please sign in to comment.