OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity
MatrixSynapse/synapse/api/auth.py

527 lines
18 KiB
Python
Raw Normal View History

Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
# -*- coding: utf-8 -*-
fix the copyright holder from matrix.org to OpenMarket Ltd, as matrix.org hasn't been incorporated in time for launch.
2014-09-03 18:29:13 +02:00
# Copyright 2014 OpenMarket Ltd
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
add in whitespace after copyright statements to improve legibility
2014-08-13 04:14:34 +02:00
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
"""This module contains classes for authenticating the user."""
fix whitespace
2014-08-13 21:53:38 +02:00
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
from twisted.internet import defer
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
from synapse.api.constants import Membership, JoinRules
Validate power levels event changes. Change error messages to be more helpful. Fix bug where we checked the wrong power levels
2014-09-05 22:54:16 +02:00
from synapse.api.errors import AuthError, StoreError, Codes, SynapseError
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event SYN-12 # comment Auth has been added.
2014-09-23 18:36:17 +02:00
from synapse.api.events.room import (
Rename deletions to redactions
2014-09-24 16:27:59 +02:00
RoomMemberEvent, RoomPowerLevelsEvent, RoomRedactionEvent,
Start implementing auth chains
2014-11-06 19:42:18 +01:00
RoomJoinRulesEvent, RoomCreateEvent,
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event SYN-12 # comment Auth has been added.
2014-09-23 18:36:17 +02:00
)
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
from synapse.util.logutils import log_function
Fix joining over federation
2014-11-07 11:42:44 +01:00
from syutil.base64util import encode_base64
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
import logging
logger = logging.getLogger(__name__)
class Auth(object):
def __init__(self, hs):
self.hs = hs
self.store = hs.get_datastore()
Fix bugs with invites/joins across federatiom. Both in terms of auth and not trying to fetch missing PDUs for invites, joins etc.
2014-11-12 12:22:51 +01:00
self.state = hs.get_state_handler()
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
def check(self, event, raises=False):
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
""" Checks if this event is correctly authed.
Returns:
True if the auth checks pass.
Raises:
AuthError if there was a problem authorising this event. This will
be raised only if raises=True.
"""
try:
Impl: /rooms/roomid/state/eventtype/state_key - Renamed RoomTopicRestServlet to RoomStateEventRestServlet. Support generic state event sending.
2014-08-22 16:59:15 +02:00
if hasattr(event, "room_id"):
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
if event.old_state_events is None:
Finish implementing the new join dance.
2014-10-17 16:04:17 +02:00
# Oh, we don't know what the state of the room was, so we
# are trusting that this is allowed (at least for now)
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
logger.warn("Trusting event: %s", event.event_id)
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
return True
Finish implementing the new join dance.
2014-10-17 16:04:17 +02:00
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
if hasattr(event, "outlier") and event.outlier is True:
Finish implementing the new join dance.
2014-10-17 16:04:17 +02:00
# TODO (erikj): Auth for outliers is done differently.
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
return True
Finish implementing the new join dance.
2014-10-17 16:04:17 +02:00
Use state groups to get current state. Make join dance actually work.
2014-10-17 19:56:42 +02:00
if event.type == RoomCreateEvent.TYPE:
# FIXME
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
return True
Use state groups to get current state. Make join dance actually work.
2014-10-17 19:56:42 +02:00
Impl: /rooms/roomid/state/eventtype/state_key - Renamed RoomTopicRestServlet to RoomStateEventRestServlet. Support generic state event sending.
2014-08-22 16:59:15 +02:00
if event.type == RoomMemberEvent.TYPE:
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
allowed = self.is_membership_change_allowed(event)
if allowed:
logger.debug("Allowing! %s", event)
else:
logger.debug("Denying! %s", event)
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
return allowed
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
Add an EventValidator. Fix bugs in auth ++ storage
2014-11-10 19:24:43 +01:00
self.check_event_sender_in_room(event)
Fix joining over federation
2014-11-07 11:42:44 +01:00
self._can_send_event(event)
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
if event.type == RoomPowerLevelsEvent.TYPE:
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
self._check_power_levels(event)
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Rename deletions to redactions
2014-09-24 16:27:59 +02:00
if event.type == RoomRedactionEvent.TYPE:
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
self._check_redaction(event)
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event SYN-12 # comment Auth has been added.
2014-09-23 18:36:17 +02:00
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
logger.debug("Allowing! %s", event)
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
return True
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
else:
Impl: /rooms/roomid/state/eventtype/state_key - Renamed RoomTopicRestServlet to RoomStateEventRestServlet. Support generic state event sending.
2014-08-22 16:59:15 +02:00
raise AuthError(500, "Unknown event: %s" % event)
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
except AuthError as e:
Add an EventValidator. Fix bugs in auth ++ storage
2014-11-10 19:24:43 +01:00
logger.info(
"Event auth check failed on event %s with msg: %s",
event, e.msg
)
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
logger.info("Denying! %s", event)
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
if raises:
Fix bugs with invites/joins across federatiom. Both in terms of auth and not trying to fetch missing PDUs for invites, joins etc.
2014-11-12 12:22:51 +01:00
raise
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
return False
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
@defer.inlineCallbacks
def check_joined_room(self, room_id, user_id):
try:
member = yield self.store.get_room_member(
room_id=room_id,
user_id=user_id
)
Take a snapshot of the state of the room before performing updates
2014-08-22 18:00:10 +02:00
self._check_joined_room(member, user_id, room_id)
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
defer.returnValue(member)
except AttributeError:
pass
defer.returnValue(None)
Fix backfill to work. Add auth to backfill request
2014-11-10 12:59:51 +01:00
@defer.inlineCallbacks
def check_host_in_room(self, room_id, host):
Fix bugs with invites/joins across federatiom. Both in terms of auth and not trying to fetch missing PDUs for invites, joins etc.
2014-11-12 12:22:51 +01:00
curr_state = yield self.state.get_current_state(room_id)
Fix backfill to work. Add auth to backfill request
2014-11-10 12:59:51 +01:00
Fix bugs with invites/joins across federatiom. Both in terms of auth and not trying to fetch missing PDUs for invites, joins etc.
2014-11-12 12:22:51 +01:00
for event in curr_state:
if event.type == RoomMemberEvent.TYPE:
try:
if self.hs.parse_userid(event.state_key).domain != host:
continue
except:
logger.warn("state_key not user_id: %s", event.state_key)
continue
if event.content["membership"] == Membership.JOIN:
defer.returnValue(True)
defer.returnValue(False)
Fix backfill to work. Add auth to backfill request
2014-11-10 12:59:51 +01:00
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
def check_event_sender_in_room(self, event):
key = (RoomMemberEvent.TYPE, event.user_id, )
member_event = event.state_events.get(key)
return self._check_joined_room(
member_event,
event.user_id,
event.room_id
)
Take a snapshot of the state of the room before performing updates
2014-08-22 18:00:10 +02:00
def _check_joined_room(self, member, user_id, room_id):
if not member or member.membership != Membership.JOIN:
add _get_room_member, fix datastore methods
2014-08-27 16:31:04 +02:00
raise AuthError(403, "User %s not in room %s (%s)" % (
user_id, room_id, repr(member)
))
Take a snapshot of the state of the room before performing updates
2014-08-22 18:00:10 +02:00
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
@log_function
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
def is_membership_change_allowed(self, event):
Removed member list servlet: now using generic state paths.
2014-08-26 10:26:07 +02:00
target_user_id = event.state_key
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
# get info about the caller
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
key = (RoomMemberEvent.TYPE, event.user_id, )
caller = event.old_state_events.get(key)
Fix invite auth
2014-11-10 11:35:43 +01:00
caller_in_room = caller and caller.membership == Membership.JOIN
caller_invited = caller and caller.membership == Membership.INVITE
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
# get info about the target
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
key = (RoomMemberEvent.TYPE, target_user_id, )
target = event.old_state_events.get(key)
Fix invite auth
2014-11-10 11:35:43 +01:00
target_in_room = target and target.membership == Membership.JOIN
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
membership = event.content["membership"]
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
key = (RoomJoinRulesEvent.TYPE, "", )
join_rule_event = event.old_state_events.get(key)
if join_rule_event:
join_rule = join_rule_event.content.get(
"join_rule", JoinRules.INVITE
)
else:
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
join_rule = JoinRules.INVITE
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
user_level = self._get_power_level_from_event_state(
event,
event.user_id,
)
ban_level, kick_level, redact_level = (
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
self._get_ops_level_from_event_state(
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
event
)
)
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
logger.debug(
"is_membership_change_allowed: %s",
{
"caller_in_room": caller_in_room,
Fix invite auth
2014-11-10 11:35:43 +01:00
"caller_invited": caller_invited,
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
"target_in_room": target_in_room,
"membership": membership,
"join_rule": join_rule,
"target_user_id": target_user_id,
"event.user_id": event.user_id,
}
)
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
if Membership.INVITE == membership:
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
# TODO (erikj): We should probably handle this more intelligently
# PRIVATE join rules.
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
# Invites are valid iff caller is in the room and target isn't.
if not caller_in_room: # caller isn't joined
raise AuthError(403, "You are not in room %s." % event.room_id)
elif target_in_room: # the target is already in the room.
raise AuthError(403, "%s is already in the room." %
Removed member list servlet: now using generic state paths.
2014-08-26 10:26:07 +02:00
target_user_id)
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
elif Membership.JOIN == membership:
# Joins are valid iff caller == target and they were:
# invited: They are accepting the invitation
# joined: It's a NOOP
Removed member list servlet: now using generic state paths.
2014-08-26 10:26:07 +02:00
if event.user_id != target_user_id:
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
raise AuthError(403, "Cannot force another user to join.")
Start implementing the invite/join dance. Continue moving auth to use event.state_events
2014-10-16 17:56:51 +02:00
elif join_rule == JoinRules.PUBLIC:
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
pass
elif join_rule == JoinRules.INVITE:
Fix invite auth
2014-11-10 11:35:43 +01:00
if not caller_in_room and not caller_invited:
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
raise AuthError(403, "You are not invited to this room.")
else:
# TODO (erikj): may_join list
# TODO (erikj): private rooms
raise AuthError(403, "You are not allowed to join this room")
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
elif Membership.LEAVE == membership:
Add beginnings of ban support.
2014-09-01 17:15:34 +02:00
# TODO (erikj): Implement kicks.
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
if not caller_in_room: # trying to leave a room you aren't joined
raise AuthError(403, "You are not in room %s." % event.room_id)
Removed member list servlet: now using generic state paths.
2014-08-26 10:26:07 +02:00
elif target_user_id != event.user_id:
Fix bug where we didn't correctly store the ops power levels event.
2014-09-02 13:11:52 +02:00
if kick_level:
kick_level = int(kick_level)
else:
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
kick_level = 50 # FIXME (erikj): What should we do here?
Fix bug where we didn't correctly store the ops power levels event.
2014-09-02 13:11:52 +02:00
Implement auth for kicking.
2014-09-02 11:52:49 +02:00
if user_level < kick_level:
raise AuthError(
403, "You cannot kick user %s." % target_user_id
)
Add beginnings of ban support.
2014-09-01 17:15:34 +02:00
elif Membership.BAN == membership:
if ban_level:
ban_level = int(ban_level)
else:
Change the default power levels to be 0, 50 and 100
2014-09-04 17:16:26 +02:00
ban_level = 50 # FIXME (erikj): What should we do here?
Add beginnings of ban support.
2014-09-01 17:15:34 +02:00
Add all the necessary checks to make banning work.
2014-09-01 19:24:56 +02:00
if user_level < ban_level:
Add beginnings of ban support.
2014-09-01 17:15:34 +02:00
raise AuthError(403, "You don't have permission to ban")
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
else:
raise AuthError(500, "Unknown membership %s" % membership)
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
return True
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
def _get_power_level_from_event_state(self, event, user_id):
key = (RoomPowerLevelsEvent.TYPE, "", )
power_level_event = event.old_state_events.get(key)
level = None
if power_level_event:
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
level = power_level_event.content.get("users", {}).get(user_id)
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
if not level:
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
level = power_level_event.content.get("users_default", 0)
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
return level
def _get_ops_level_from_event_state(self, event):
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
key = (RoomPowerLevelsEvent.TYPE, "", )
power_level_event = event.old_state_events.get(key)
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
if power_level_event:
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
return (
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
power_level_event.content.get("ban", 50),
power_level_event.content.get("kick", 50),
power_level_event.content.get("redact", 50),
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
)
return None, None, None,
Track the IP users connect with. Add an admin column to users table.
2014-09-26 17:36:24 +02:00
@defer.inlineCallbacks
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
def get_user_by_req(self, request):
""" Get a registered user's ID.
Args:
request - An HTTP request with an access_token query parameter.
Returns:
UserID : User ID object of the user making the request
Raises:
AuthError if no user by that token exists or the token is invalid.
"""
# Can optionally look elsewhere in the request (e.g. headers)
try:
Track the IP users connect with. Add an admin column to users table.
2014-09-26 17:36:24 +02:00
access_token = request.args["access_token"][0]
SYN-48: Implement WHOIS rest servlet
2014-09-29 15:59:52 +02:00
user_info = yield self.get_user_by_token(access_token)
user = user_info["user"]
Track the IP users connect with. Add an admin column to users table.
2014-09-26 17:36:24 +02:00
ip_addr = self.hs.get_ip_from_request(request)
SYN-48: Track User-Agents as well as IPs for client devices.
2014-09-29 14:35:15 +02:00
user_agent = request.requestHeaders.getRawHeaders(
"User-Agent",
default=[""]
)[0]
Track the IP users connect with. Add an admin column to users table.
2014-09-26 17:36:24 +02:00
if user and access_token and ip_addr:
Add an EventValidator. Fix bugs in auth ++ storage
2014-11-10 19:24:43 +01:00
yield self.store.insert_client_ip(
SYN-48: Implement WHOIS rest servlet
2014-09-29 15:59:52 +02:00
user=user,
access_token=access_token,
device_id=user_info["device_id"],
ip=ip_addr,
user_agent=user_agent
SYN-48: Track User-Agents as well as IPs for client devices.
2014-09-29 14:35:15 +02:00
)
Track the IP users connect with. Add an admin column to users table.
2014-09-26 17:36:24 +02:00
defer.returnValue(user)
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
except KeyError:
raise AuthError(403, "Missing access token.")
@defer.inlineCallbacks
def get_user_by_token(self, token):
""" Get a registered user's ID.
Args:
Update docstring
2014-09-29 16:35:54 +02:00
token (str): The access token to get the user by.
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
Returns:
SYN-48: Implement WHOIS rest servlet
2014-09-29 15:59:52 +02:00
dict : dict that includes the user, device_id, and whether the
user is a server admin.
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
Raises:
AuthError if no user by that token exists or the token is invalid.
"""
try:
SYN-48: Implement WHOIS rest servlet
2014-09-29 15:59:52 +02:00
ret = yield self.store.get_user_by_token(token=token)
if not ret:
Modified /join/$identifier to support $identifier being a room ID in addition to a room alias.
2014-08-27 10:43:42 +02:00
raise StoreError()
SYN-48: Implement WHOIS rest servlet
2014-09-29 15:59:52 +02:00
user_info = {
"admin": bool(ret.get("admin", False)),
"device_id": ret.get("device_id"),
"user": self.hs.parse_userid(ret.get("name")),
}
defer.returnValue(user_info)
Reference Matrix Home Server
2014-08-12 16:10:52 +02:00
except StoreError:
Added M_UNKNOWN_TOKEN error code and send it when there is an unrecognised access_token
2014-08-14 14:47:39 +02:00
raise AuthError(403, "Unrecognised access token.",
errcode=Codes.UNKNOWN_TOKEN)
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
Add auth check to test if a user is an admin or not.
2014-09-29 14:35:38 +02:00
def is_server_admin(self, user):
return self.store.is_server_admin(user)
Fix joining over federation
2014-11-07 11:42:44 +01:00
@defer.inlineCallbacks
def add_auth_events(self, event):
if event.type == RoomCreateEvent.TYPE:
event.auth_events = []
return
auth_events = []
key = (RoomPowerLevelsEvent.TYPE, "", )
power_level_event = event.old_state_events.get(key)
if power_level_event:
auth_events.append(power_level_event.event_id)
key = (RoomJoinRulesEvent.TYPE, "", )
join_rule_event = event.old_state_events.get(key)
key = (RoomMemberEvent.TYPE, event.user_id, )
member_event = event.old_state_events.get(key)
if join_rule_event:
join_rule = join_rule_event.content.get("join_rule")
is_public = join_rule == JoinRules.PUBLIC if join_rule else False
Notify users about invites.
2014-11-10 12:15:02 +01:00
else:
is_public = False
Fix joining over federation
2014-11-07 11:42:44 +01:00
Notify users about invites.
2014-11-10 12:15:02 +01:00
if event.type == RoomMemberEvent.TYPE:
e_type = event.content["membership"]
if e_type in [Membership.JOIN, Membership.INVITE]:
Add an EventValidator. Fix bugs in auth ++ storage
2014-11-10 19:24:43 +01:00
if join_rule_event:
auth_events.append(join_rule_event.event_id)
Fix joining over federation
2014-11-07 11:42:44 +01:00
Notify users about invites.
2014-11-10 12:15:02 +01:00
if member_event and not is_public:
auth_events.append(member_event.event_id)
elif member_event:
Fix joining over federation
2014-11-07 11:42:44 +01:00
if member_event.content["membership"] == Membership.JOIN:
auth_events.append(member_event.event_id)
hashes = yield self.store.get_event_reference_hashes(
auth_events
)
hashes = [
{
k: encode_base64(v) for k, v in h.items()
if k == "sha256"
}
for h in hashes
]
event.auth_events = zip(auth_events, hashes)
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
@log_function
def _can_send_event(self, event):
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
key = (RoomPowerLevelsEvent.TYPE, "", )
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
send_level_event = event.old_state_events.get(key)
send_level = None
if send_level_event:
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
send_level = send_level_event.content.get("events", {}).get(
event.type
)
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
if not send_level:
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
if hasattr(event, "state_key"):
send_level = send_level_event.content.get(
"state_default", 50
)
else:
send_level = send_level_event.content.get(
"events_default", 0
)
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
if send_level:
send_level = int(send_level)
else:
send_level = 0
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
user_level = self._get_power_level_from_event_state(
event,
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
event.user_id,
)
if user_level:
user_level = int(user_level)
else:
user_level = 0
if user_level < send_level:
raise AuthError(
Add an EventValidator. Fix bugs in auth ++ storage
2014-11-10 19:24:43 +01:00
403,
"You don't have permission to post that to the room. " +
"user_level (%d) < send_level (%d)" % (user_level, send_level)
Implement power level lists, default power levels and send_evnet_level/add_state_level events.
2014-09-01 14:44:19 +02:00
)
Fix auth checks to all use the given old_event_state
2014-11-05 12:07:54 +01:00
return True
Add all the necessary checks to make banning work.
2014-09-01 19:24:56 +02:00
Rename deletions to redactions
2014-09-24 16:27:59 +02:00
def _check_redaction(self, event):
Begin making auth use event.old_state_events
2014-10-15 17:06:59 +02:00
user_level = self._get_power_level_from_event_state(
event,
event.user_id,
)
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event SYN-12 # comment Auth has been added.
2014-09-23 18:36:17 +02:00
Fix bug in redaction auth. This caused a 500 when sending a redaction due to a typo in a method invocation.
2014-10-31 10:48:59 +01:00
_, _, redact_level = self._get_ops_level_from_event_state(
event
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
)
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event SYN-12 # comment Auth has been added.
2014-09-23 18:36:17 +02:00
Rename deletions to redactions
2014-09-24 16:27:59 +02:00
if user_level < redact_level:
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event SYN-12 # comment Auth has been added.
2014-09-23 18:36:17 +02:00
raise AuthError(
403,
Rename deletions to redactions
2014-09-24 16:27:59 +02:00
"You don't have permission to redact events"
SYN-12: Implement auth for deletion by adding a 'delete_level' on the ops levels event SYN-12 # comment Auth has been added.
2014-09-23 18:36:17 +02:00
)
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
def _check_power_levels(self, event):
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
user_list = event.content.get("users", {})
# Validate users
for k, v in user_list.items():
Validate power levels event changes. Change error messages to be more helpful. Fix bug where we checked the wrong power levels
2014-09-05 22:54:16 +02:00
try:
self.hs.parse_userid(k)
except:
raise SynapseError(400, "Not a valid user_id: %s" % (k,))
try:
int(v)
except:
raise SynapseError(400, "Not a valid power level: %s" % (v,))
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
key = (event.type, event.state_key, )
current_state = event.old_state_events.get(key)
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Generate m.room.aliases event when the HS creates a room alias
2014-09-05 22:35:56 +02:00
if not current_state:
return
Fix bug where people could join private rooms
2014-10-17 20:37:41 +02:00
user_level = self._get_power_level_from_event_state(
event,
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
event.user_id,
)
PEP8
2014-11-10 14:46:44 +01:00
# Check other levels:
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
levels_to_check = [
("users_default", []),
("events_default", []),
("ban", []),
("redact", []),
("kick", []),
]
old_list = current_state.content.get("users")
for user in set(old_list.keys() + user_list.keys()):
levels_to_check.append(
(user, ["users"])
)
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
old_list = current_state.content.get("events")
new_list = event.content.get("events")
for ev_id in set(old_list.keys() + new_list.keys()):
levels_to_check.append(
(ev_id, ["events"])
)
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
old_state = current_state.content
new_state = event.content
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
for level_to_check, dir in levels_to_check:
old_loc = old_state
for d in dir:
old_loc = old_loc.get(d, {})
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
new_loc = new_state
for d in dir:
new_loc = new_loc.get(d, {})
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
if level_to_check in old_loc:
old_level = int(old_loc[level_to_check])
else:
old_level = None
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
if level_to_check in new_loc:
new_level = int(new_loc[level_to_check])
else:
new_level = None
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
if new_level is not None and old_level is not None:
if new_level == old_level:
continue
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
if old_level > user_level or new_level > user_level:
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
raise AuthError(
403,
Amalgamate all power levels. Remove concept of reqired power levels, something similiar can be done using the new power level event.
2014-11-06 17:59:13 +01:00
"You don't have permission to add ops level greater "
"than your own"
AUth the contents of power level events
2014-09-04 17:40:23 +02:00
)