From 56cec70b109917cacc18c5297903e457375db95c Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 20 Sep 2019 19:02:36 +0100 Subject: [PATCH 1/6] Add POST submit_token endpoint for MSISDN --- synapse/handlers/identity.py | 28 ++++++++++++++ synapse/rest/client/v2_alpha/account.py | 51 ++++++++++++++++++++++++- 2 files changed, 77 insertions(+), 2 deletions(-) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 156719e3087d..efeb4f29384b 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -447,6 +447,34 @@ def requestMsisdnToken( logger.info("Proxied requestToken failed: %r", e) raise e.to_synapse_error() + @defer.inlineCallbacks + def proxy_msisdn_submit_token(self, id_server, client_secret, sid, token): + """Proxy a POST submitToken request to an identity server for verification purposes + + Args: + id_server (str): The identity server URL to contact + + client_secret (str): Secret provided by the client + + sid (str): The ID of the session + + token (str): The verification token + + Raises: + SynapseError: If we failed to contact the identity server + + Returns: + The response dict from the identity server + """ + body = {"client_secret": client_secret, "sid": sid, "token": token} + + return ( + yield self.http_client.post_json_get_json( + id_server + "/_matrix/identity/api/v1/validate/msisdn/requestToken", + body, + ) + ) + def create_id_access_token_header(id_access_token): """Create an Authorization header for passing to SimpleHttpClient as the header value diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index 1139bb156c1c..59f77e0e8f90 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -516,7 +516,7 @@ def on_POST(self, request): return 200, ret -class AddThreepidSubmitTokenServlet(RestServlet): +class AddThreepidEmailSubmitTokenServlet(RestServlet): """Handles 3PID validation token submission for adding an email to a user's account""" PATTERNS = client_patterns( @@ -592,6 +592,52 @@ def on_GET(self, request): finish_request(request) +class AddThreepidMsisdnSubmitTokenServlet(RestServlet): + """Handles 3PID validation token submission for adding a phone number to a user's + account + """ + + PATTERNS = client_patterns( + "/add_threepid/msisdn/submit_token$", releases=(), unstable=True + ) + + def __init__(self, hs): + """ + Args: + hs (synapse.server.HomeServer): server + """ + super().__init__() + self.config = hs.config + self.clock = hs.get_clock() + self.store = hs.get_datastore() + self.identity_handler = hs.get_handlers().identity_handler + + @defer.inlineCallbacks + def on_POST(self, request): + if not self.config.account_threepid_delegate_msisdn: + raise SynapseError( + 400, + "This homeserver is not validating phone numbers. Use an identity server " + "instead.", + ) + + body = parse_json_object_from_request(request) + assert_params_in_dict(body, ["client_secret", "sid", "token"]) + + try: + # Proxy submit_token request to msisdn threepid delegate + response = self.identity_handler.proxy_msisdn_submit_token( + self.config.account_threepid_delegate_msisdn, + body["client_secret"], + body["sid"], + body["token"], + ) + return 200, response + except HttpResponseException as e: + logger.warn("Error contacting msisdn account_threepid_delegate: %s", e) + raise SynapseError(400, "Error contacting the identity server") + + class ThreepidRestServlet(RestServlet): PATTERNS = client_patterns("/account/3pid$") @@ -792,7 +838,8 @@ def register_servlets(hs, http_server): DeactivateAccountRestServlet(hs).register(http_server) EmailThreepidRequestTokenRestServlet(hs).register(http_server) MsisdnThreepidRequestTokenRestServlet(hs).register(http_server) - AddThreepidSubmitTokenServlet(hs).register(http_server) + AddThreepidEmailSubmitTokenServlet(hs).register(http_server) + AddThreepidMsisdnSubmitTokenServlet(hs).register(http_server) ThreepidRestServlet(hs).register(http_server) ThreepidUnbindRestServlet(hs).register(http_server) ThreepidDeleteRestServlet(hs).register(http_server) From f6b265562132f489b6294120d58258262b4d7025 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 20 Sep 2019 19:04:30 +0100 Subject: [PATCH 2/6] Add changelog --- changelog.d/6078.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/6078.feature diff --git a/changelog.d/6078.feature b/changelog.d/6078.feature new file mode 100644 index 000000000000..fae1e523221a --- /dev/null +++ b/changelog.d/6078.feature @@ -0,0 +1 @@ +Add `POST /add_threepid/msisdn/submit_token` endpoint for proxying submitToken on an account_threepid_handler. \ No newline at end of file From 8186deaba3ababc532b91a51e8e3d40c05871aa1 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Fri, 20 Sep 2019 19:35:23 +0100 Subject: [PATCH 3/6] Update synapse/handlers/identity.py --- synapse/handlers/identity.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index efeb4f29384b..ba9c9aed85fd 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -470,7 +470,7 @@ def proxy_msisdn_submit_token(self, id_server, client_secret, sid, token): return ( yield self.http_client.post_json_get_json( - id_server + "/_matrix/identity/api/v1/validate/msisdn/requestToken", + id_server + "/_matrix/identity/api/v1/validate/msisdn/submitToken", body, ) ) From a3817580799b8c1db0a9b4f91c4f4a4541ecbdd4 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 20 Sep 2019 22:50:06 +0100 Subject: [PATCH 4/6] lint --- synapse/handlers/identity.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index ba9c9aed85fd..656bf92c3187 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -470,8 +470,7 @@ def proxy_msisdn_submit_token(self, id_server, client_secret, sid, token): return ( yield self.http_client.post_json_get_json( - id_server + "/_matrix/identity/api/v1/validate/msisdn/submitToken", - body, + id_server + "/_matrix/identity/api/v1/validate/msisdn/submitToken", body ) ) From d03d583e5814bfc2bd02def7fc008ea3c8b30ad6 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Fri, 20 Sep 2019 23:07:00 +0100 Subject: [PATCH 5/6] Make sure to yield --- synapse/rest/client/v2_alpha/account.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index 59f77e0e8f90..905d75b975f0 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -626,7 +626,7 @@ def on_POST(self, request): try: # Proxy submit_token request to msisdn threepid delegate - response = self.identity_handler.proxy_msisdn_submit_token( + response = yield self.identity_handler.proxy_msisdn_submit_token( self.config.account_threepid_delegate_msisdn, body["client_secret"], body["sid"], From 32288ede0ec7a59801b5f93e00e6bdfe4f875a11 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Mon, 23 Sep 2019 15:35:59 +0100 Subject: [PATCH 6/6] Move exception handling into Handler layer --- synapse/handlers/identity.py | 17 ++++++++++++----- synapse/rest/client/v2_alpha/account.py | 20 ++++++++------------ 2 files changed, 20 insertions(+), 17 deletions(-) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 656bf92c3187..42cb4903c074 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -464,15 +464,22 @@ def proxy_msisdn_submit_token(self, id_server, client_secret, sid, token): SynapseError: If we failed to contact the identity server Returns: - The response dict from the identity server + Deferred[dict]: The response dict from the identity server """ body = {"client_secret": client_secret, "sid": sid, "token": token} - return ( - yield self.http_client.post_json_get_json( - id_server + "/_matrix/identity/api/v1/validate/msisdn/submitToken", body + try: + return ( + yield self.http_client.post_json_get_json( + id_server + "/_matrix/identity/api/v1/validate/msisdn/submitToken", + body, + ) ) - ) + except TimeoutError: + raise SynapseError(500, "Timed out contacting identity server") + except HttpResponseException as e: + logger.warning("Error contacting msisdn account_threepid_delegate: %s", e) + raise SynapseError(400, "Error contacting the identity server") def create_id_access_token_header(id_access_token): diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index 905d75b975f0..b4c7f23bb8eb 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -624,18 +624,14 @@ def on_POST(self, request): body = parse_json_object_from_request(request) assert_params_in_dict(body, ["client_secret", "sid", "token"]) - try: - # Proxy submit_token request to msisdn threepid delegate - response = yield self.identity_handler.proxy_msisdn_submit_token( - self.config.account_threepid_delegate_msisdn, - body["client_secret"], - body["sid"], - body["token"], - ) - return 200, response - except HttpResponseException as e: - logger.warn("Error contacting msisdn account_threepid_delegate: %s", e) - raise SynapseError(400, "Error contacting the identity server") + # Proxy submit_token request to msisdn threepid delegate + response = yield self.identity_handler.proxy_msisdn_submit_token( + self.config.account_threepid_delegate_msisdn, + body["client_secret"], + body["sid"], + body["token"], + ) + return 200, response class ThreepidRestServlet(RestServlet):