Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/fix…
Browse files Browse the repository at this point in the history
…_password_reset_submit_token
  • Loading branch information
anoadragon453 committed Sep 18, 2019
2 parents f4e60a5 + 7100b5c commit 42f58ae
Show file tree
Hide file tree
Showing 3 changed files with 83 additions and 24 deletions.
1 change: 1 addition & 0 deletions changelog.d/5979.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Use the v2 Identity Service API for 3PID invites.
2 changes: 1 addition & 1 deletion docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1520,7 +1520,7 @@ opentracing:
#enabled: true

# The list of homeservers we wish to send and receive span contexts and span baggage.
# See docs/opentracing.md
# See docs/opentracing.rst
# This is a list of regexes which are matched against the server_name of the
# homeserver.
#
Expand Down
104 changes: 81 additions & 23 deletions synapse/handlers/room_member.py
Original file line number Diff line number Diff line change
Expand Up @@ -684,7 +684,14 @@ def do_3pid_invite(
)
else:
yield self._make_and_store_3pid_invite(
requester, id_server, medium, address, room_id, inviter, txn_id=txn_id
requester,
id_server,
medium,
address,
room_id,
inviter,
txn_id=txn_id,
id_access_token=id_access_token,
)

@defer.inlineCallbacks
Expand Down Expand Up @@ -885,7 +892,15 @@ def _verify_any_signature(self, data, server_hostname):

@defer.inlineCallbacks
def _make_and_store_3pid_invite(
self, requester, id_server, medium, address, room_id, user, txn_id
self,
requester,
id_server,
medium,
address,
room_id,
user,
txn_id,
id_access_token=None,
):
room_state = yield self.state_handler.get_current_state(room_id)

Expand Down Expand Up @@ -934,6 +949,7 @@ def _make_and_store_3pid_invite(
room_name=room_name,
inviter_display_name=inviter_display_name,
inviter_avatar_url=inviter_avatar_url,
id_access_token=id_access_token,
)
)

Expand Down Expand Up @@ -971,6 +987,7 @@ def _ask_id_server_for_third_party_invite(
room_name,
inviter_display_name,
inviter_avatar_url,
id_access_token=None,
):
"""
Asks an identity server for a third party invite.
Expand All @@ -990,6 +1007,8 @@ def _ask_id_server_for_third_party_invite(
inviter_display_name (str): The current display name of the
inviter.
inviter_avatar_url (str): The URL of the inviter's avatar.
id_access_token (str|None): The access token to authenticate to the identity
server with
Returns:
A deferred tuple containing:
Expand All @@ -1000,11 +1019,6 @@ def _ask_id_server_for_third_party_invite(
display_name (str): A user-friendly name to represent the invited
user.
"""
is_url = "%s%s/_matrix/identity/api/v1/store-invite" % (
id_server_scheme,
id_server,
)

invite_config = {
"medium": medium,
"address": address,
Expand All @@ -1017,31 +1031,75 @@ def _ask_id_server_for_third_party_invite(
"sender_display_name": inviter_display_name,
"sender_avatar_url": inviter_avatar_url,
}
try:
data = yield self.simple_http_client.post_json_get_json(
is_url, invite_config
)
except HttpResponseException as e:
# Some identity servers may only support application/x-www-form-urlencoded
# types. This is especially true with old instances of Sydent, see
# https://github.com/matrix-org/sydent/pull/170
logger.info(
"Failed to POST %s with JSON, falling back to urlencoded form: %s",
is_url,
e,

# Add the identity service access token to the JSON body and use the v2
# Identity Service endpoints if id_access_token is present
data = None
base_url = "%s%s/_matrix/identity" % (id_server_scheme, id_server)

if id_access_token:
key_validity_url = "%s%s/_matrix/identity/v2/pubkey/isvalid" % (
id_server_scheme,
id_server,
)
data = yield self.simple_http_client.post_urlencoded_get_json(
is_url, invite_config

# Attempt a v2 lookup
url = base_url + "/v2/store-invite"
try:
data = yield self.simple_http_client.post_json_get_json(
url,
invite_config,
{"Authorization": create_id_access_token_header(id_access_token)},
)
except HttpResponseException as e:
if e.code != 404:
logger.info("Failed to POST %s with JSON: %s", url, e)
raise e

if data is None:
key_validity_url = "%s%s/_matrix/identity/api/v1/pubkey/isvalid" % (
id_server_scheme,
id_server,
)
url = base_url + "/api/v1/store-invite"

try:
data = yield self.simple_http_client.post_json_get_json(
url, invite_config
)
except HttpResponseException as e:
logger.warning(
"Error trying to call /store-invite on %s%s: %s",
id_server_scheme,
id_server,
e,
)

if data is None:
# Some identity servers may only support application/x-www-form-urlencoded
# types. This is especially true with old instances of Sydent, see
# https://github.com/matrix-org/sydent/pull/170
try:
data = yield self.simple_http_client.post_urlencoded_get_json(
url, invite_config
)
except HttpResponseException as e:
logger.warning(
"Error calling /store-invite on %s%s with fallback "
"encoding: %s",
id_server_scheme,
id_server,
e,
)
raise e

# TODO: Check for success
token = data["token"]
public_keys = data.get("public_keys", [])
if "public_key" in data:
fallback_public_key = {
"public_key": data["public_key"],
"key_validity_url": "%s%s/_matrix/identity/api/v1/pubkey/isvalid"
% (id_server_scheme, id_server),
"key_validity_url": key_validity_url,
}
else:
fallback_public_key = public_keys[0]
Expand Down

0 comments on commit 42f58ae

Please sign in to comment.