mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-25 19:15:51 +03:00
Merge pull request #3161 from NotAFile/remove-v1auth
Make Client-Server API return 403 for invalid token
This commit is contained in:
commit
902673e356
7 changed files with 24 additions and 25 deletions
|
@ -52,6 +52,10 @@ class ClientV1RestServlet(RestServlet):
|
|||
"""A base Synapse REST Servlet for the client version 1 API.
|
||||
"""
|
||||
|
||||
# This subclass was presumably created to allow the auth for the v1
|
||||
# protocol version to be different, however this behaviour was removed.
|
||||
# it may no longer be necessary
|
||||
|
||||
def __init__(self, hs):
|
||||
"""
|
||||
Args:
|
||||
|
@ -59,5 +63,5 @@ class ClientV1RestServlet(RestServlet):
|
|||
"""
|
||||
self.hs = hs
|
||||
self.builder_factory = hs.get_event_builder_factory()
|
||||
self.auth = hs.get_v1auth()
|
||||
self.auth = hs.get_auth()
|
||||
self.txns = HttpTransactionCache(hs.get_clock())
|
||||
|
|
|
@ -150,7 +150,7 @@ class PushersRemoveRestServlet(RestServlet):
|
|||
super(RestServlet, self).__init__()
|
||||
self.hs = hs
|
||||
self.notifier = hs.get_notifier()
|
||||
self.auth = hs.get_v1auth()
|
||||
self.auth = hs.get_auth()
|
||||
self.pusher_pool = self.hs.get_pusherpool()
|
||||
|
||||
@defer.inlineCallbacks
|
||||
|
|
|
@ -105,7 +105,6 @@ class HomeServer(object):
|
|||
'federation_client',
|
||||
'federation_server',
|
||||
'handlers',
|
||||
'v1auth',
|
||||
'auth',
|
||||
'state_handler',
|
||||
'state_resolution_handler',
|
||||
|
@ -225,15 +224,6 @@ class HomeServer(object):
|
|||
def build_simple_http_client(self):
|
||||
return SimpleHttpClient(self)
|
||||
|
||||
def build_v1auth(self):
|
||||
orf = Auth(self)
|
||||
# Matrix spec makes no reference to what HTTP status code is returned,
|
||||
# but the V1 API uses 403 where it means 401, and the webclient
|
||||
# relies on this behaviour, so V1 gets its own copy of the auth
|
||||
# with backwards compat behaviour.
|
||||
orf.TOKEN_NOT_FOUND_HTTP_STATUS = 403
|
||||
return orf
|
||||
|
||||
def build_state_handler(self):
|
||||
return StateHandler(self)
|
||||
|
||||
|
|
|
@ -148,11 +148,16 @@ class EventStreamPermissionsTestCase(RestTestCase):
|
|||
|
||||
@defer.inlineCallbacks
|
||||
def test_stream_basic_permissions(self):
|
||||
# invalid token, expect 403
|
||||
# invalid token, expect 401
|
||||
# note: this is in violation of the original v1 spec, which expected
|
||||
# 403. However, since the v1 spec no longer exists and the v1
|
||||
# implementation is now part of the r0 implementation, the newer
|
||||
# behaviour is used instead to be consistent with the r0 spec.
|
||||
# see issue #2602
|
||||
(code, response) = yield self.mock_resource.trigger_get(
|
||||
"/events?access_token=%s" % ("invalid" + self.token, )
|
||||
)
|
||||
self.assertEquals(403, code, msg=str(response))
|
||||
self.assertEquals(401, code, msg=str(response))
|
||||
|
||||
# valid token, expect content
|
||||
(code, response) = yield self.mock_resource.trigger_get(
|
||||
|
|
|
@ -52,7 +52,7 @@ class ProfileTestCase(unittest.TestCase):
|
|||
def _get_user_by_req(request=None, allow_guest=False):
|
||||
return synapse.types.create_requester(myid)
|
||||
|
||||
hs.get_v1auth().get_user_by_req = _get_user_by_req
|
||||
hs.get_auth().get_user_by_req = _get_user_by_req
|
||||
|
||||
profile.register_servlets(hs, self.mock_resource)
|
||||
|
||||
|
|
|
@ -60,7 +60,7 @@ class RoomPermissionsTestCase(RestTestCase):
|
|||
"token_id": 1,
|
||||
"is_guest": False,
|
||||
}
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
@ -70,7 +70,7 @@ class RoomPermissionsTestCase(RestTestCase):
|
|||
|
||||
synapse.rest.client.v1.room.register_servlets(hs, self.mock_resource)
|
||||
|
||||
self.auth = hs.get_v1auth()
|
||||
self.auth = hs.get_auth()
|
||||
|
||||
# create some rooms under the name rmcreator_id
|
||||
self.uncreated_rmid = "!aa:test"
|
||||
|
@ -425,7 +425,7 @@ class RoomsMemberListTestCase(RestTestCase):
|
|||
"token_id": 1,
|
||||
"is_guest": False,
|
||||
}
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
@ -507,7 +507,7 @@ class RoomsCreateTestCase(RestTestCase):
|
|||
"token_id": 1,
|
||||
"is_guest": False,
|
||||
}
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
@ -597,7 +597,7 @@ class RoomTopicTestCase(RestTestCase):
|
|||
"is_guest": False,
|
||||
}
|
||||
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
@ -711,7 +711,7 @@ class RoomMemberStateTestCase(RestTestCase):
|
|||
"token_id": 1,
|
||||
"is_guest": False,
|
||||
}
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
@ -843,7 +843,7 @@ class RoomMessagesTestCase(RestTestCase):
|
|||
"token_id": 1,
|
||||
"is_guest": False,
|
||||
}
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
@ -945,7 +945,7 @@ class RoomInitialSyncTestCase(RestTestCase):
|
|||
"token_id": 1,
|
||||
"is_guest": False,
|
||||
}
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
@ -1017,7 +1017,7 @@ class RoomMessageListTestCase(RestTestCase):
|
|||
"token_id": 1,
|
||||
"is_guest": False,
|
||||
}
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
|
|
@ -68,7 +68,7 @@ class RoomTypingTestCase(RestTestCase):
|
|||
"is_guest": False,
|
||||
}
|
||||
|
||||
hs.get_v1auth().get_user_by_access_token = get_user_by_access_token
|
||||
hs.get_auth().get_user_by_access_token = get_user_by_access_token
|
||||
|
||||
def _insert_client_ip(*args, **kwargs):
|
||||
return defer.succeed(None)
|
||||
|
|
Loading…
Reference in a new issue