Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) #5976

Merged
merged 40 commits into from
Sep 11, 2019

Conversation

anoadragon453
Copy link
Member

@anoadragon453 anoadragon453 commented Sep 3, 2019

This is a redo of #5897 but with id_access_token accepted.

Implements MSC2134 plus Identity Service v2 authentication ala MSC2140.

Identity lookup-related functions were also moved from RoomMemberHandler to IdentityHandler.

@anoadragon453 anoadragon453 requested a review from a team September 3, 2019 20:52
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title says "Use the v2 Identity Service API for lookups ...". What do you mean by 'lookups' ?

synapse/util/hash.py Show resolved Hide resolved
synapse/handlers/identity.py Outdated Show resolved Hide resolved
)
except (HttpResponseException, ValueError) as e:
# Catch HttpResponseExcept for a non-200 response code
# Catch ValueError for non-JSON response body
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we're doing this, should we check for other exceptions like "failed to connect"?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm, I think ValueError doesn't have a code attribute either, which would cause this code to fail.

Should we drop ValueError?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mm, yeah I'm leaning towards dropping ValueError since that's considered a different error from an old IS.

synapse/handlers/identity.py Outdated Show resolved Hide resolved
synapse/handlers/identity.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
changelog.d/5897.feature Outdated Show resolved Hide resolved
@richvdh
Copy link
Member

richvdh commented Sep 4, 2019

damn, wrong button

richvdh
richvdh previously requested changes Sep 4, 2019
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so this generally looks good, modulo my constant refrain of "the world is simpler with smaller PRs". I'm not going to insist on breaking them up, but I honestly think that it would be easier to keep track of what's done and what's not if PRs are more granular, so if you can stomach the extra work without stabbing me in the eye I think it would be worthwhile.

Otherwise, just a few nitpicks really.

synapse/handlers/identity.py Outdated Show resolved Hide resolved
Args:
id_server (str): The server name (including protocol and port, if required)
of the identity server to use.
id_access_token (str): The access token to authenticate to the identity server with
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we allow this to be None, or not? currently we can pass in None sometimes...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Theoretically _lookup_3pid_v2 should never be called if id_access_token is None, as hash_details is an authenticated endpoint.

synapse/handlers/identity.py Outdated Show resolved Hide resolved
synapse/handlers/identity.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
@anoadragon453 anoadragon453 changed the title Use the v2 Identity Service API for lookups and 3PID invites Use the v2 Identity Service API for lookups and 3PID invites (MSC2134 + MSC2140) Sep 4, 2019
anoadragon453 and others added 2 commits September 4, 2019 11:52
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
@anoadragon453
Copy link
Member Author

This way round, there's a bit of a backwards step in adding new code to a temporary location.

Yeah, I experienced this backporting some things, but didn't realize that it would be a review issue as well.

Might be time for a new sticky note...

richvdh
richvdh previously requested changes Sep 4, 2019
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Show resolved Hide resolved
# Extract information from hash_details
supported_lookup_algorithms = hash_details.get("algorithms")
lookup_pepper = hash_details.get("lookup_pepper")
if not supported_lookup_algorithms or not lookup_pepper:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't pepper optional if the algorithm is NONE ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nope, it's always required. It's to make implementation easier.

synapse/handlers/room_member.py Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
@anoadragon453 anoadragon453 self-assigned this Sep 5, 2019
anoadragon453 and others added 3 commits September 5, 2019 12:16
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Show resolved Hide resolved
synapse/handlers/room_member.py Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tests are failing?

synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
synapse/handlers/room_member.py Outdated Show resolved Hide resolved
@anoadragon453
Copy link
Member Author

anoadragon453 commented Sep 11, 2019

tests are failing?

Yeah, tests will fail until matrix-org/sytest#697 is merged, which in turn relies on #6013

Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚢

changelog.d/5897.feature Outdated Show resolved Hide resolved
Co-Authored-By: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
@anoadragon453 anoadragon453 merged commit 9fc71dc into develop Sep 11, 2019
anoadragon453 added a commit that referenced this pull request Sep 17, 2019
3PID invites require making a request to an identity server to check that the invited 3PID has an Matrix ID linked, and if so, what it is.

These requests are being made on behalf of a user. The user will supply an identity server and an access token for that identity server. The homeserver will then forward this request with the access token (using an `Authorization` header) and, if the given identity server doesn't support v2 endpoints, will fall back to v1 (which doesn't require any access tokens).

Requires: ~~#5976~~
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
z-privacy-sprint (Deprecated Label)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants