mirrors/synapse
1
0
Fork 0
mirror of https://github.com/matrix-org/synapse.git synced 2025-11-04 02:01:03 +01:00
Code Issues Projects Releases Wiki Activity

Use real AS object by passing it through the requester

Browse Source 
This means synapse does not have to check if the AS is interested, but instead it effectively re-uses what it already knew about the requesting user
This commit is contained in:
Luke Barnard 2016-10-20 11:43:05 +01:00
parent 5b54d51d1e
commit 1b17d1a106
3 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
synapse/api/auth.py
View File

@ -603,10 +603,10 @@ class Auth(object):
""" """
# Can optionally look elsewhere in the request (e.g. headers) # Can optionally look elsewhere in the request (e.g. headers)
try: try:
user_id = yield self._get_appservice_user_id(request) user_id, as_user = yield self._get_appservice_user_id(request)
if user_id: if user_id:
request.authenticated_entity = user_id request.authenticated_entity = user_id
defer.returnValue(synapse.types.create_requester(user_id)) defer.returnValue(synapse.types.create_requester(user_id, as_user=as_user))
access_token = get_access_token_from_request( access_token = get_access_token_from_request(
request, self.TOKEN_NOT_FOUND_HTTP_STATUS request, self.TOKEN_NOT_FOUND_HTTP_STATUS
@ -644,7 +644,7 @@ class Auth(object):
request.authenticated_entity = user.to_string() request.authenticated_entity = user.to_string()
defer.returnValue(synapse.types.create_requester( defer.returnValue(synapse.types.create_requester(
user, token_id, is_guest, device_id)) user, token_id, is_guest, device_id, as_user=as_user))
except KeyError: except KeyError:
raise AuthError( raise AuthError(
self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.", self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.",
@ -659,14 +659,14 @@ class Auth(object):
) )
) )
if app_service is None: if app_service is None:
defer.returnValue(None) defer.returnValue((None, None))
if "user_id" not in request.args: if "user_id" not in request.args:
defer.returnValue(app_service.sender) defer.returnValue((app_service.sender, app_service))
user_id = request.args["user_id"][0] user_id = request.args["user_id"][0]
if app_service.sender == user_id: if app_service.sender == user_id:
defer.returnValue(app_service.sender) defer.returnValue((app_service.sender, app_service))
if not app_service.is_interested_in_user(user_id): if not app_service.is_interested_in_user(user_id):
raise AuthError( raise AuthError(
@ -678,7 +678,7 @@ class Auth(object):
403, 403,
"Application service has not registered this user" "Application service has not registered this user"
) )
defer.returnValue(user_id) defer.returnValue((user_id, app_service))
@defer.inlineCallbacks @defer.inlineCallbacks
def get_user_by_access_token(self, token, rights="access"): def get_user_by_access_token(self, token, rights="access"):

11
synapse/handlers/_base.py
View File

@ -65,14 +65,9 @@ class BaseHandler(object):
if app_service is not None: if app_service is not None:
return # do not ratelimit app service senders return # do not ratelimit app service senders
should_rate_limit = True if requester.as_user and not requester.as_user.is_rate_limited():
# do not ratelimit users of which a non-rate-limited AS is
for service in self.store.get_app_services(): # acting on behalf
if service.is_interested_in_user(user_id):
should_rate_limit = service.is_rate_limited()
break
if not should_rate_limit:
return return
allowed, time_allowed = self.ratelimiter.send_message( allowed, time_allowed = self.ratelimiter.send_message(

8
synapse/types.py
View File

@ -19,7 +19,7 @@ from collections import namedtuple
Requester = namedtuple("Requester", Requester = namedtuple("Requester",
["user", "access_token_id", "is_guest", "device_id"]) ["user", "access_token_id", "is_guest", "device_id", "as_user"])
""" """
Represents the user making a request Represents the user making a request
@ -29,11 +29,12 @@ Attributes:
request, or None if it came via the appservice API or similar request, or None if it came via the appservice API or similar
is_guest (bool): True if the user making this request is a guest user is_guest (bool): True if the user making this request is a guest user
device_id (str|None): device_id which was set at authentication time device_id (str|None): device_id which was set at authentication time
as_user (ApplicationService|None): the AS requesting on behalf of the user
""" """
def create_requester(user_id, access_token_id=None, is_guest=False, def create_requester(user_id, access_token_id=None, is_guest=False,
device_id=None): device_id=None, as_user=None):
""" """
Create a new ``Requester`` object Create a new ``Requester`` object
@ -43,13 +44,14 @@ def create_requester(user_id, access_token_id=None, is_guest=False,
request, or None if it came via the appservice API or similar request, or None if it came via the appservice API or similar
is_guest (bool): True if the user making this request is a guest user is_guest (bool): True if the user making this request is a guest user
device_id (str|None): device_id which was set at authentication time device_id (str|None): device_id which was set at authentication time
as_user (ApplicationService|None): the AS requesting on behalf of the user
Returns: Returns:
Requester Requester
""" """
if not isinstance(user_id, UserID): if not isinstance(user_id, UserID):
user_id = UserID.from_string(user_id) user_id = UserID.from_string(user_id)
return Requester(user_id, access_token_id, is_guest, device_id) return Requester(user_id, access_token_id, is_guest, device_id, as_user)
def get_domain_from_id(string): def get_domain_from_id(string):