mirror of
https://github.com/element-hq/synapse.git
synced 2024-12-19 17:56:19 +03:00
Allow clients to supply access_tokens as headers
Clients can continue to supply access tokens as query parameters or can supply the token as a header: Authorization: Bearer <access_token_goes_here> This matches the ouath2 format of https://tools.ietf.org/html/rfc6750#section-2.1
This commit is contained in:
parent
8aee5aa068
commit
8e01263587
1 changed files with 38 additions and 10 deletions
|
@ -1158,7 +1158,8 @@ def has_access_token(request):
|
||||||
bool: False if no access_token was given, True otherwise.
|
bool: False if no access_token was given, True otherwise.
|
||||||
"""
|
"""
|
||||||
query_params = request.args.get("access_token")
|
query_params = request.args.get("access_token")
|
||||||
return bool(query_params)
|
auth_headers = request.requestHeaders.getRawHeaders("Authorization")
|
||||||
|
return bool(query_params) or bool(auth_headers)
|
||||||
|
|
||||||
|
|
||||||
def get_access_token_from_request(request, token_not_found_http_status=401):
|
def get_access_token_from_request(request, token_not_found_http_status=401):
|
||||||
|
@ -1176,13 +1177,40 @@ def get_access_token_from_request(request, token_not_found_http_status=401):
|
||||||
Raises:
|
Raises:
|
||||||
AuthError: If there isn't an access_token in the request.
|
AuthError: If there isn't an access_token in the request.
|
||||||
"""
|
"""
|
||||||
query_params = request.args.get("access_token")
|
|
||||||
# Try to get the access_token from the query params.
|
|
||||||
if not query_params:
|
|
||||||
raise AuthError(
|
|
||||||
token_not_found_http_status,
|
|
||||||
"Missing access token.",
|
|
||||||
errcode=Codes.MISSING_TOKEN
|
|
||||||
)
|
|
||||||
|
|
||||||
return query_params[0]
|
auth_headers = request.requestHeaders.getRawHeaders("Authorization")
|
||||||
|
query_params = request.args.get("access_token")
|
||||||
|
if auth_headers is not None:
|
||||||
|
# Try the get the access_token from a "Authorization: Bearer"
|
||||||
|
# header
|
||||||
|
if query_params is not None:
|
||||||
|
raise AuthError(
|
||||||
|
token_not_found_http_status,
|
||||||
|
"Mixing Authorization headers and access_token query parameters.",
|
||||||
|
errcode=Codes.MISSING_TOKEN,
|
||||||
|
)
|
||||||
|
if len(auth_headers) > 1:
|
||||||
|
raise AuthError(
|
||||||
|
token_not_found_http_status,
|
||||||
|
"Too many Authorization headers.",
|
||||||
|
errcode=Codes.MISSING_TOKEN,
|
||||||
|
)
|
||||||
|
parts = auth_headers[0].split(" ")
|
||||||
|
if parts[0] == "Bearer" and len(parts) == 2:
|
||||||
|
return parts[1]
|
||||||
|
else:
|
||||||
|
raise AuthError(
|
||||||
|
token_not_found_http_status,
|
||||||
|
"Invalid Authorization header.",
|
||||||
|
errcode=Codes.MISSING_TOKEN,
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
# Try to get the access_token from the query params.
|
||||||
|
if not query_params:
|
||||||
|
raise AuthError(
|
||||||
|
token_not_found_http_status,
|
||||||
|
"Missing access token.",
|
||||||
|
errcode=Codes.MISSING_TOKEN
|
||||||
|
)
|
||||||
|
|
||||||
|
return query_params[0]
|
||||||
|
|
Loading…
Reference in a new issue