Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) #5976

Merged
merged 40 commits into from
Sep 11, 2019
Merged
Changes from 1 commit
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
1954438
Use the v2 lookup API
anoadragon453 Aug 21, 2019
24ee3ae
lint
anoadragon453 Aug 21, 2019
902ef39
add changelog
anoadragon453 Aug 21, 2019
3a114fe
linter fight
anoadragon453 Aug 21, 2019
5426e13
Merge branch 'develop' into anoa/v2_lookup
anoadragon453 Aug 21, 2019
73fb6f3
Continue to support v1 lookup
anoadragon453 Aug 21, 2019
2472e2e
lint
anoadragon453 Aug 21, 2019
7bfccad
Address review comments
anoadragon453 Aug 27, 2019
75ef0f8
lint
anoadragon453 Aug 27, 2019
e68d648
small fixes and remove unnecessary Enum
anoadragon453 Aug 28, 2019
38dac27
Warn user when the id_server they chose does not support any of the h…
anoadragon453 Aug 28, 2019
8f1346d
Apply suggestions from code review
anoadragon453 Aug 28, 2019
4dc0849
lint
anoadragon453 Aug 28, 2019
849d8dc
Merge branch 'anoa/v2_lookup' of github.com:matrix-org/synapse into a…
anoadragon453 Aug 28, 2019
d9d156b
Merge branch 'develop' into anoa/v2_lookup
anoadragon453 Sep 3, 2019
42b11bd
use v2 identity service api endpoints for 3pid invites and lookup
anoadragon453 Sep 3, 2019
83021d9
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/v2_…
anoadragon453 Sep 3, 2019
07154ea
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/v2_…
anoadragon453 Sep 3, 2019
f4b7f7f
id_access_token support
anoadragon453 Sep 3, 2019
29c3489
Apply suggestions from code review
anoadragon453 Sep 4, 2019
ff5f6a0
Address review comments
anoadragon453 Sep 4, 2019
a5153af
Merge branch 'anoa/v2_lookup' of github.com:matrix-org/synapse into a…
anoadragon453 Sep 4, 2019
7f647bc
Revert moving lookup stuff to IdentityHandler
anoadragon453 Sep 4, 2019
f8bb859
Fix issues with moving stuff back to RoomMemberHandler
anoadragon453 Sep 4, 2019
1c59243
Factor our v2 invite things
anoadragon453 Sep 4, 2019
1b20928
lint
anoadragon453 Sep 4, 2019
db1d161
whoops
anoadragon453 Sep 4, 2019
9f92c3e
Change lookup_3pid back to a private method
anoadragon453 Sep 4, 2019
07169b1
Apply suggestions from code review
anoadragon453 Sep 5, 2019
5b852c2
Address review comments
anoadragon453 Sep 5, 2019
0d968c0
liiiiiiiiiiiint
anoadragon453 Sep 5, 2019
f18f3f1
address review comments
anoadragon453 Sep 9, 2019
18671b0
lint
anoadragon453 Sep 9, 2019
649dcbe
id_access_token -> access_token in query params
anoadragon453 Sep 10, 2019
b4520ea
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/v2_…
anoadragon453 Sep 11, 2019
79f5c4f
Address review comments.
anoadragon453 Sep 11, 2019
cf8dbea
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/v2_…
anoadragon453 Sep 11, 2019
7008c79
Send id access_token via Authorization headers, not JSON body
anoadragon453 Sep 11, 2019
ffb284e
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/v2_…
anoadragon453 Sep 11, 2019
317dff6
Update changelog.d/5897.feature
anoadragon453 Sep 11, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
Use the v2 lookup API
  • Loading branch information
anoadragon453 committed Aug 21, 2019
commit 1954438610691f7dcfd6f5478265f6f5d7df9daa
12 changes: 12 additions & 0 deletions synapse/handlers/identity.py
Original file line number Diff line number Diff line change
@@ -31,6 +31,7 @@
)

from ._base import BaseHandler
from enum import Enum

logger = logging.getLogger(__name__)

@@ -282,3 +283,14 @@ def requestMsisdnToken(
except HttpResponseException as e:
logger.info("Proxied requestToken failed: %r", e)
raise e.to_synapse_error()

class LookupAlgorithm(Enum):
"""
Supported hashing algorithms when performing a 3PID lookup.

SHA256 - Hashing an (address, medium, pepper) combo with sha256, then url-safe base64
encoding
NONE - Not performing any hashing. Simply sending an (address, medium) combo in plaintext
"""
SHA256 = "sha256"
NONE = "none"
68 changes: 57 additions & 11 deletions synapse/handlers/room_member.py
Original file line number Diff line number Diff line change
@@ -32,14 +32,16 @@
from synapse.types import RoomID, UserID
from synapse.util.async_helpers import Linearizer
from synapse.util.distributor import user_joined_room, user_left_room
from synapse.util.hash import sha256_and_url_safe_base64

from ._base import BaseHandler

from synapse.handlers.identity import LookupAlgorithm

logger = logging.getLogger(__name__)

id_server_scheme = "https://"


class RoomMemberHandler(object):
# TODO(paul): This handler currently contains a messy conflation of
# low-level API that works on UserID objects and so on, and REST-level
@@ -697,22 +699,66 @@ def _lookup_3pid(self, id_server, medium, address):
raise SynapseError(
403, "Looking up third-party identifiers is denied from this server"
)

# Check what hashing details are supported by this identity server
try:
data = yield self.simple_http_client.get_json(
"%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server),
{"medium": medium, "address": address},
hash_details = yield self.simple_http_client.get_json(
"%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server)
)
supported_lookup_algorithms = hash_details["algorithms"]
lookup_pepper = hash_details["lookup_pepper"]
except (HttpResponseException, ValueError) as e:
logger.warn("Error when looking up hashing details: %s" % (e,))
return None

if "mxid" in data:
if "signatures" not in data:
raise AuthError(401, "No signatures on 3pid binding")
yield self._verify_any_signature(data, id_server)
return data["mxid"]
# Check if none of the supported lookup algorithms are present
if not any(i in supported_lookup_algorithms for i in [LookupAlgorithm.SHA256,
LookupAlgorithm.NONE]):
logger.warn("No supported lookup algorithms found for %s%s" %
(id_server_scheme, id_server))

except IOError as e:
logger.warn("Error from identity server lookup: %s" % (e,))
return None

if LookupAlgorithm.SHA256 in supported_lookup_algorithms:
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
# Perform a hashed lookup
lookup_algorithm = LookupAlgorithm.SHA256

# Hash address, medium and the pepper with sha256
to_hash = "%s %s %s" % (address, medium, lookup_pepper)
lookup_value = sha256_and_url_safe_base64(to_hash)

elif LookupAlgorithm.NONE in supported_lookup_algorithms:
# Perform a non-hashed lookup
lookup_algorithm = LookupAlgorithm.NONE

# Combine together plaintext address and medium
lookup_value = "%s %s" % (address, medium)

try:
lookup_results = yield self.simple_http_client.post_json_get_json(
"%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server),
{
"addresses": [lookup_value],
"algorithm": lookup_algorithm,
"pepper": lookup_pepper,
},
)
except (HttpResponseException, ValueError) as e:
logger.warn("Error when performing a 3pid lookup: %s" % (e,))
return None

# Check for a mapping from what we looked up to an MXID
if (
"mappings" not in lookup_results
or not isinstance(lookup_results["mappings"], dict)
):
logger.debug("No results from 3pid lookup")
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
return None

# Return the MXID if it's available, or None otherwise
return lookup_results["mappings"].get(lookup_value)


@defer.inlineCallbacks
def _verify_any_signature(self, data, server_hostname):
if server_hostname not in data["signatures"]:
33 changes: 33 additions & 0 deletions synapse/util/hash.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# -*- coding: utf-8 -*-

# Copyright 2019 The Matrix.org Foundation C.I.C.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import hashlib
import unpaddedbase64


def sha256_and_url_safe_base64(input_text):
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
"""SHA256 hash an input string, encode the digest as url-safe base64, and
return

:param input_text: string to hash
:type input_text: str

:returns a sha256 hashed and url-safe base64 encoded digest
:rtype: str
"""
digest = hashlib.sha256(input_text.encode()).digest()
return unpaddedbase64.encode_base64(digest, urlsafe=True)