Skip UIA device endpoints for ASes

This commit is contained in:
Quentin Gliech 2024-09-12 15:08:57 +02:00
parent 68cb2b90ea
commit 12a0b2d295
No known key found for this signature in database
GPG key ID: 22D62B84552719FC

View file

@ -114,6 +114,10 @@ class DeleteDevicesRestServlet(RestServlet):
else:
raise e
if requester.app_service and requester.app_service.msc4190_device_management:
# MSC4190 can skip UIA for this endpoint
pass
else:
await self.auth_handler.validate_user_via_ui_auth(
requester,
request,
@ -175,9 +179,6 @@ class DeviceRestServlet(RestServlet):
async def on_DELETE(
self, request: SynapseRequest, device_id: str
) -> Tuple[int, JsonDict]:
if self._msc3861_oauth_delegation_enabled:
raise UnrecognizedRequestError(code=404)
requester = await self.auth.get_user_by_req(request)
try:
@ -192,6 +193,15 @@ class DeviceRestServlet(RestServlet):
else:
raise
if requester.app_service and requester.app_service.msc4190_device_management:
# MSC4190 allows appservices to delete devices through this endpoint without UIA
# It's also allowed with MSC3861 enabled
pass
else:
if self._msc3861_oauth_delegation_enabled:
raise UnrecognizedRequestError(code=404)
await self.auth_handler.validate_user_via_ui_auth(
requester,
request,