Make the AS login method call `Auth.get_user_by_req` for checking the AS token. (#13094)
This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly. Signed-off-by: Quentin Gliech <quenting@element.io>pull/13261/head
parent
2d82cdafd2
commit
b19060a29b
|
@ -0,0 +1 @@
|
||||||
|
Make the AS login method call `Auth.get_user_by_req` for checking the AS token.
|
|
@ -28,7 +28,7 @@ from typing import (
|
||||||
|
|
||||||
from typing_extensions import TypedDict
|
from typing_extensions import TypedDict
|
||||||
|
|
||||||
from synapse.api.errors import Codes, LoginError, SynapseError
|
from synapse.api.errors import Codes, InvalidClientTokenError, LoginError, SynapseError
|
||||||
from synapse.api.ratelimiting import Ratelimiter
|
from synapse.api.ratelimiting import Ratelimiter
|
||||||
from synapse.api.urls import CLIENT_API_PREFIX
|
from synapse.api.urls import CLIENT_API_PREFIX
|
||||||
from synapse.appservice import ApplicationService
|
from synapse.appservice import ApplicationService
|
||||||
|
@ -172,7 +172,13 @@ class LoginRestServlet(RestServlet):
|
||||||
|
|
||||||
try:
|
try:
|
||||||
if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
|
if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
|
||||||
appservice = self.auth.get_appservice_by_req(request)
|
requester = await self.auth.get_user_by_req(request)
|
||||||
|
appservice = requester.app_service
|
||||||
|
|
||||||
|
if appservice is None:
|
||||||
|
raise InvalidClientTokenError(
|
||||||
|
"This login method is only valid for application services"
|
||||||
|
)
|
||||||
|
|
||||||
if appservice.is_rate_limited():
|
if appservice.is_rate_limited():
|
||||||
await self._address_ratelimiter.ratelimit(
|
await self._address_ratelimiter.ratelimit(
|
||||||
|
|
Loading…
Reference in New Issue