From 3abf393f4aefc305ad50addc1cc02951ec800798 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Fri, 17 Jun 2022 12:17:27 +0200 Subject: [PATCH 1/3] Make the AS login method call `Auth.get_user_by_req` for checking the AS token. Signed-off-by: Quentin Gliech --- changelog.d/13094.misc | 1 + synapse/rest/client/login.py | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) create mode 100644 changelog.d/13094.misc diff --git a/changelog.d/13094.misc b/changelog.d/13094.misc new file mode 100644 index 000000000000..f1e55ae47647 --- /dev/null +++ b/changelog.d/13094.misc @@ -0,0 +1 @@ +Make the AS login method call `Auth.get_user_by_req` for checking the AS token. diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index dd75e40f347c..cc0cd5d9c04f 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -28,7 +28,7 @@ from typing_extensions import TypedDict -from synapse.api.errors import Codes, LoginError, SynapseError +from synapse.api.errors import Codes, InvalidClientTokenError, LoginError, SynapseError from synapse.api.ratelimiting import Ratelimiter from synapse.api.urls import CLIENT_API_PREFIX from synapse.appservice import ApplicationService @@ -172,7 +172,12 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]: try: if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE: - appservice = self.auth.get_appservice_by_req(request) + requester = await self.auth.get_user_by_req(request) + appservice = requester.app_service + + if appservice is None: + # This is not an application service + raise InvalidClientTokenError() if appservice.is_rate_limited(): await self._address_ratelimiter.ratelimit( From e1fad99989f514db1ff6e9c02c2f4c4277646677 Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Fri, 17 Jun 2022 13:24:13 +0200 Subject: [PATCH 2/3] Update synapse/rest/client/login.py Co-authored-by: reivilibre --- synapse/rest/client/login.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index cc0cd5d9c04f..31f5441ad0b7 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -176,8 +176,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]: appservice = requester.app_service if appservice is None: - # This is not an application service - raise InvalidClientTokenError() + raise InvalidClientTokenError("This login method is only valid for application services") if appservice.is_rate_limited(): await self._address_ratelimiter.ratelimit( From 72e39420d9c0e1fe8539e9ac6be373b2a5a10eba Mon Sep 17 00:00:00 2001 From: Quentin Gliech Date: Fri, 17 Jun 2022 13:42:22 +0200 Subject: [PATCH 3/3] Appease the linter Signed-off-by: Quentin Gliech --- synapse/rest/client/login.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index 31f5441ad0b7..0437c87d8d6d 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -176,7 +176,9 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]: appservice = requester.app_service if appservice is None: - raise InvalidClientTokenError("This login method is only valid for application services") + raise InvalidClientTokenError( + "This login method is only valid for application services" + ) if appservice.is_rate_limited(): await self._address_ratelimiter.ratelimit(