From da757b7759ba885cc2fe6408db2da61c14836847 Mon Sep 17 00:00:00 2001 From: Michael Kaye <1917473+michaelkaye@users.noreply.github.com> Date: Mon, 21 Jan 2019 15:48:15 +0000 Subject: [PATCH] Rewrite identity server URLs as required. (#4393) This takes a mapping of -> and looks up and replaces as required. --- synapse/config/registration.py | 2 ++ synapse/handlers/identity.py | 26 ++++++++++++++++++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index f451eea715..efc4c35f1d 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -65,6 +65,8 @@ class RegistrationConfig(Config): self.replicate_user_profiles_to = [self.replicate_user_profiles_to, ] self.shadow_server = config.get("shadow_server", None) + self.rewrite_identity_server_urls = config.get("rewrite_identity_server_urls", {}) + def default_config(self, **kwargs): registration_shared_secret = random_string_with_symbols(50) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 5feb3f22a6..3ffdb45bef 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -47,6 +47,7 @@ class IdentityHandler(BaseHandler): self.trust_any_id_server_just_for_testing_do_not_use = ( hs.config.use_insecure_ssl_client_just_for_testing_do_not_use ) + self.rewrite_identity_server_urls = hs.config.rewrite_identity_server_urls def _should_trust_id_server(self, id_server): if id_server not in self.trusted_id_servers: @@ -84,7 +85,10 @@ class IdentityHandler(BaseHandler): 'credentials', id_server ) defer.returnValue(None) - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.get_json( "https://%s%s" % ( @@ -119,7 +123,10 @@ class IdentityHandler(BaseHandler): client_secret = creds['clientSecret'] else: raise SynapseError(400, "No client_secret in creds") - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.post_urlencoded_get_json( "https://%s%s" % ( @@ -162,6 +169,11 @@ class IdentityHandler(BaseHandler): # deletion request to. id_server = next(iter(self.trusted_id_servers)) + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] + url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,) content = { "mxid": mxid, @@ -210,7 +222,10 @@ class IdentityHandler(BaseHandler): 'send_attempt': send_attempt, } params.update(kwargs) - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.post_json_get_json( "https://%s%s" % ( @@ -242,7 +257,10 @@ class IdentityHandler(BaseHandler): 'send_attempt': send_attempt, } params.update(kwargs) - + # if we have a rewrite rule set for the identity server, + # apply it now. + if id_server in self.rewrite_identity_server_urls: + id_server = self.rewrite_identity_server_urls[id_server] try: data = yield self.http_client.post_json_get_json( "https://%s%s" % (