OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #5115 from matrix-org/babolivier/lookup_path 

[DINSIC] Move 3PID lookup endpoint to CS API and proxy bulk lookups
pull/5178/head dinsic_2019-05-09
Brendan Abolivier 2019-05-09 15:02:21 +01:00 committed by GitHub
parent 09ea63ae7a aa5c42f5bc
commit 38e3d9ed67
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 288 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
synapse/api/urls.py
View File

@ -33,7 +33,6 @@ CONTENT_REPO_PREFIX = "/_matrix/content"
SERVER_KEY_V2_PREFIX = "/_matrix/key/v2"
MEDIA_PREFIX = "/_matrix/media/r0"
LEGACY_MEDIA_PREFIX = "/_matrix/media/v1"
IDENTITY_PREFIX = "/_matrix/identity/api/v1"
class ConsentURIBuilder(object):

5
synapse/app/homeserver.py
View File

@ -40,7 +40,6 @@ from synapse import events
from synapse.api.urls import (
CONTENT_REPO_PREFIX,
FEDERATION_PREFIX,
IDENTITY_PREFIX,
LEGACY_MEDIA_PREFIX,
MEDIA_PREFIX,
SERVER_KEY_V2_PREFIX,
@ -63,7 +62,6 @@ from synapse.python_dependencies import check_requirements
from synapse.replication.http import REPLICATION_PREFIX, ReplicationRestResource
from synapse.replication.tcp.resource import ReplicationStreamProtocolFactory
from synapse.rest import ClientRestResource
from synapse.rest.identity.v1 import IdentityApiV1Resource
from synapse.rest.key.v2 import KeyApiV2Resource
from synapse.rest.media.v0.content_repository import ContentRepoResource
from synapse.rest.well_known import WellKnownResource
@ -229,9 +227,6 @@ class SynapseHomeServer(HomeServer):
"'media' resource conflicts with enable_media_repo=False",
)
if name in ["identity"]:
resources[IDENTITY_PREFIX] = IdentityApiV1Resource(self)
if name in ["keys", "federation"]:
resources[SERVER_KEY_V2_PREFIX] = KeyApiV2Resource(self)

1
synapse/config/server.py
View File

@ -573,7 +573,6 @@ KNOWN_RESOURCES = (
'replication',
'static',
'webclient',
'identity',
)

55
synapse/handlers/identity.py
View File

@ -347,9 +347,15 @@ class IdentityHandler(BaseHandler):
Returns:
Deferred[dict]: The result of the lookup. See
https://matrix.org/docs/spec/identity_service/r0.1.0.html#id15
https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
for details
"""
if not self._should_trust_id_server(id_server):
raise SynapseError(
400, "Untrusted ID server '%s'" % id_server,
Codes.SERVER_NOT_TRUSTED
)
if not self._enable_lookup:
raise AuthError(
403, "Looking up third-party identifiers is denied from this server",
@ -376,7 +382,52 @@ class IdentityHandler(BaseHandler):
raise e.to_synapse_error()
except IOError as e:
logger.info("Failed to contact %r: %s", id_server, e)
raise ProxiedRequestError(503, "Failed to contact homeserver")
raise ProxiedRequestError(503, "Failed to contact identity server")
defer.returnValue(data)
@defer.inlineCallbacks
def bulk_lookup_3pid(self, id_server, threepids):
"""Looks up given 3pids in the passed identity server.
Args:
id_server (str): The server name (including port, if required)
of the identity server to use.
threepids ([[str, str]]): The third party identifiers to lookup, as
a list of 2-string sized lists ([medium, address]).
Returns:
Deferred[dict]: The result of the lookup. See
https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
for details
"""
if not self._should_trust_id_server(id_server):
raise SynapseError(
400, "Untrusted ID server '%s'" % id_server,
Codes.SERVER_NOT_TRUSTED
)
if not self._enable_lookup:
raise AuthError(
403, "Looking up third-party identifiers is denied from this server",
)
target = self.rewrite_identity_server_urls.get(id_server, id_server)
try:
data = yield self.http_client.post_json_get_json(
"https://%s/_matrix/identity/api/v1/bulk_lookup" % (target,),
{
"threepids": threepids,
}
)
except HttpResponseException as e:
logger.info("Proxied lookup failed: %r", e)
raise e.to_synapse_error()
except IOError as e:
logger.info("Failed to contact %r: %s", id_server, e)
raise ProxiedRequestError(503, "Failed to contact identity server")
defer.returnValue(data)

65
synapse/rest/client/v2_alpha/account.py
View File

@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
# Copyright 2015, 2016 OpenMarket Ltd
# Copyright 2017 Vector Creations Ltd
# Copyright 2018 New Vector Ltd
# Copyright 2018, 2019 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@ -15,6 +15,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
import re
from six.moves import http_client
@ -26,6 +27,7 @@ from synapse.http.servlet import (
RestServlet,
assert_params_in_dict,
parse_json_object_from_request,
parse_string,
)
from synapse.types import UserID
from synapse.util.msisdn import phone_number_to_msisdn
@ -480,6 +482,65 @@ class ThreepidDeleteRestServlet(RestServlet):
)
class ThreepidLookupRestServlet(RestServlet):
PATTERNS = [re.compile("^/_matrix/client/unstable/account/3pid/lookup$")]
def __init__(self, hs):
super(ThreepidLookupRestServlet, self).__init__()
self.auth = hs.get_auth()
self.identity_handler = hs.get_handlers().identity_handler
@defer.inlineCallbacks
def on_GET(self, request):
"""Proxy a /_matrix/identity/api/v1/lookup request to an identity
server
"""
yield self.auth.get_user_by_req(request)
# Verify query parameters
query_params = request.args
assert_params_in_dict(query_params, [b"medium", b"address", b"id_server"])
# Retrieve needed information from query parameters
medium = parse_string(request, "medium")
address = parse_string(request, "address")
id_server = parse_string(request, "id_server")
# Proxy the request to the identity server. lookup_3pid handles checking
# if the lookup is allowed so we don't need to do it here.
ret = yield self.identity_handler.lookup_3pid(id_server, medium, address)
defer.returnValue((200, ret))
class ThreepidBulkLookupRestServlet(RestServlet):
PATTERNS = [re.compile("^/_matrix/client/unstable/account/3pid/bulk_lookup$")]
def __init__(self, hs):
super(ThreepidBulkLookupRestServlet, self).__init__()
self.auth = hs.get_auth()
self.identity_handler = hs.get_handlers().identity_handler
@defer.inlineCallbacks
def on_POST(self, request):
"""Proxy a /_matrix/identity/api/v1/bulk_lookup request to an identity
server
"""
yield self.auth.get_user_by_req(request)
body = parse_json_object_from_request(request)
assert_params_in_dict(body, ["threepids", "id_server"])
# Proxy the request to the identity server. lookup_3pid handles checking
# if the lookup is allowed so we don't need to do it here.
ret = yield self.identity_handler.bulk_lookup_3pid(
body["id_server"], body["threepids"],
)
defer.returnValue((200, ret))
class WhoamiRestServlet(RestServlet):
PATTERNS = client_v2_patterns("/account/whoami$")
@ -503,4 +564,6 @@ def register_servlets(hs, http_server):
MsisdnThreepidRequestTokenRestServlet(hs).register(http_server)
ThreepidRestServlet(hs).register(http_server)
ThreepidDeleteRestServlet(hs).register(http_server)
ThreepidLookupRestServlet(hs).register(http_server)
ThreepidBulkLookupRestServlet(hs).register(http_server)
WhoamiRestServlet(hs).register(http_server)

14
synapse/rest/identity/__init__.py
View File

@ -1,14 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright 2019 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

24
synapse/rest/identity/v1/__init__.py
View File

@ -1,24 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright 2019 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from twisted.web.resource import Resource
from .lookup import IdentityLookup
class IdentityApiV1Resource(Resource):
def __init__(self, hs):
Resource.__init__(self)
self.putChild(b"lookup", IdentityLookup(hs))

70
synapse/rest/identity/v1/lookup.py
View File

@ -1,70 +0,0 @@
# -*- coding: utf-8 -*-
# Copyright 2019 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
from twisted.internet import defer
from twisted.web.resource import Resource
from twisted.web.server import NOT_DONE_YET
from synapse.api.errors import SynapseError
from synapse.handlers.identity import IdentityHandler
from synapse.http.server import respond_with_json, wrap_json_request_handler
from synapse.http.servlet import assert_params_in_dict, parse_string
logger = logging.getLogger(__name__)
class IdentityLookup(Resource):
isLeaf = True
def __init__(self, hs):
self.config = hs.config
self.auth = hs.get_auth()
self.identity_handler = IdentityHandler(hs)
Resource.__init__(self)
def render_GET(self, request):
self.async_render_GET(request)
return NOT_DONE_YET
@wrap_json_request_handler
@defer.inlineCallbacks
def async_render_GET(self, request):
"""Proxy a /_matrix/identity/api/v1/lookup request to an identity
server
"""
yield self.auth.get_user_by_req(request, allow_guest=True)
if not self.config.enable_3pid_lookup:
raise SynapseError(
403,
"Looking up third-party identifiers is denied from this server"
)
# Extract query parameters
query_params = request.args
assert_params_in_dict(query_params, [b"medium", b"address", b"is_server"])
# Retrieve address and medium from the request parameters
medium = parse_string(request, "medium")
address = parse_string(request, "address")
is_server = parse_string(request, "is_server")
# Proxy the request to the identity server
ret = yield self.identity_handler.lookup_3pid(is_server, medium, address)
respond_with_json(request, 200, ret, send_cors=True)

174
tests/rest/client/test_identity.py
View File

@ -15,14 +15,21 @@
import json
from mock import Mock
from twisted.internet import defer
from synapse.rest.client.v1 import admin, login, room
from synapse.rest.client.v2_alpha import account
from tests import unittest
class IdentityTestCase(unittest.HomeserverTestCase):
class IdentityDisabledTestCase(unittest.HomeserverTestCase):
"""Tests that 3PID lookup attempts fail when the HS's config disallows them."""
servlets = [
account.register_servlets,
admin.register_servlets,
room.register_servlets,
login.register_servlets,
@ -32,16 +39,21 @@ class IdentityTestCase(unittest.HomeserverTestCase):
config = self.default_config()
config.enable_3pid_lookup = False
config.trusted_third_party_id_servers = [
"testis",
]
self.hs = self.setup_test_homeserver(config=config)
return self.hs
def test_3pid_lookup_disabled(self):
self.register_user("kermit", "monkey")
tok = self.login("kermit", "monkey")
def prepare(self, reactor, clock, hs):
self.user_id = self.register_user("kermit", "monkey")
self.tok = self.login("kermit", "monkey")
def test_3pid_invite_disabled(self):
request, channel = self.make_request(
b"POST", "/createRoom", b"{}", access_token=tok,
b"POST", "/createRoom", b"{}", access_token=self.tok,
)
self.render(request)
self.assertEquals(channel.result["code"], b"200", channel.result)
@ -57,7 +69,157 @@ class IdentityTestCase(unittest.HomeserverTestCase):
"/rooms/%s/invite" % (room_id)
).encode('ascii')
request, channel = self.make_request(
b"POST", request_url, request_data, access_token=tok,
b"POST", request_url, request_data, access_token=self.tok,
)
self.render(request)
self.assertEquals(channel.result["code"], b"403", channel.result)
def test_3pid_lookup_disabled(self):
url = ("/_matrix/client/unstable/account/3pid/lookup"
"?id_server=testis&medium=email&address=foo@bar.baz")
request, channel = self.make_request("GET", url, access_token=self.tok)
self.render(request)
self.assertEqual(channel.result["code"], b"403", channel.result)
def test_3pid_bulk_lookup_disabled(self):
url = "/_matrix/client/unstable/account/3pid/bulk_lookup"
data = {
"id_server": "testis",
"threepids": [
[
"email",
"foo@bar.baz"
],
[
"email",
"john.doe@matrix.org"
]
]
}
request_data = json.dumps(data)
request, channel = self.make_request(
"POST", url, request_data, access_token=self.tok,
)
self.render(request)
self.assertEqual(channel.result["code"], b"403", channel.result)
class IdentityEnabledTestCase(unittest.HomeserverTestCase):
"""Tests that 3PID lookup attempts succeed when the HS's config allows them."""
servlets = [
account.register_servlets,
admin.register_servlets,
room.register_servlets,
login.register_servlets,
]
def make_homeserver(self, reactor, clock):
config = self.default_config()
config.enable_3pid_lookup = True
config.trusted_third_party_id_servers = [
"testis",
]
mock_http_client = Mock(spec=[
"get_json",
"post_json_get_json",
])
mock_http_client.get_json.return_value = defer.succeed((200, "{}"))
mock_http_client.post_json_get_json.return_value = defer.succeed((200, "{}"))
self.hs = self.setup_test_homeserver(
config=config,
simple_http_client=mock_http_client,
)
return self.hs
def prepare(self, reactor, clock, hs):
self.user_id = self.register_user("kermit", "monkey")
self.tok = self.login("kermit", "monkey")
def test_3pid_invite_enabled(self):
request, channel = self.make_request(
b"POST", "/createRoom", b"{}", access_token=self.tok,
)
self.render(request)
self.assertEquals(channel.result["code"], b"200", channel.result)
room_id = channel.json_body["room_id"]
params = {
"id_server": "testis",
"medium": "email",
"address": "test@example.com",
}
request_data = json.dumps(params)
request_url = (
"/rooms/%s/invite" % (room_id)
).encode('ascii')
request, channel = self.make_request(
b"POST", request_url, request_data, access_token=self.tok,
)
self.render(request)
get_json = self.hs.get_simple_http_client().get_json
get_json.assert_called_once_with(
"https://testis/_matrix/identity/api/v1/lookup",
{
"address": "test@example.com",
"medium": "email",
},
)
def test_3pid_lookup_enabled(self):
url = ("/_matrix/client/unstable/account/3pid/lookup"
"?id_server=testis&medium=email&address=foo@bar.baz")
request, channel = self.make_request("GET", url, access_token=self.tok)
self.render(request)
get_json = self.hs.get_simple_http_client().get_json
get_json.assert_called_once_with(
"https://testis/_matrix/identity/api/v1/lookup",
{
"address": "foo@bar.baz",
"medium": "email",
},
)
def test_3pid_bulk_lookup_enabled(self):
url = "/_matrix/client/unstable/account/3pid/bulk_lookup"
data = {
"id_server": "testis",
"threepids": [
[
"email",
"foo@bar.baz"
],
[
"email",
"john.doe@matrix.org"
]
]
}
request_data = json.dumps(data)
request, channel = self.make_request(
"POST", url, request_data, access_token=self.tok,
)
self.render(request)
post_json = self.hs.get_simple_http_client().post_json_get_json
post_json.assert_called_once_with(
"https://testis/_matrix/identity/api/v1/bulk_lookup",
{
"threepids": [
[
"email",
"foo@bar.baz"
],
[
"email",
"john.doe@matrix.org"
]
],
},
)

3
tests/rulecheck/test_domainrulecheck.py
View File

@ -164,6 +164,9 @@ class DomainRuleCheckerRoomTestCase(unittest.HomeserverTestCase):
def make_homeserver(self, reactor, clock):
config = self.default_config()
config.trusted_third_party_id_servers = [
"localhost",
]
config.spam_checker = (
DomainRuleChecker,