From 1954438610691f7dcfd6f5478265f6f5d7df9daa Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 21 Aug 2019 16:25:00 +0200 Subject: [PATCH 01/12] Use the v2 lookup API --- synapse/handlers/identity.py | 12 ++++++ synapse/handlers/room_member.py | 68 +++++++++++++++++++++++++++------ synapse/util/hash.py | 33 ++++++++++++++++ 3 files changed, 102 insertions(+), 11 deletions(-) create mode 100644 synapse/util/hash.py diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index d199521b5878..beb7cadd4616 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -31,6 +31,7 @@ ) from ._base import BaseHandler +from enum import Enum logger = logging.getLogger(__name__) @@ -282,3 +283,14 @@ def requestMsisdnToken( except HttpResponseException as e: logger.info("Proxied requestToken failed: %r", e) raise e.to_synapse_error() + +class LookupAlgorithm(Enum): + """ + Supported hashing algorithms when performing a 3PID lookup. + + SHA256 - Hashing an (address, medium, pepper) combo with sha256, then url-safe base64 + encoding + NONE - Not performing any hashing. Simply sending an (address, medium) combo in plaintext + """ + SHA256 = "sha256" + NONE = "none" diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 249a6d9c5d18..68b280924d17 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -32,14 +32,16 @@ from synapse.types import RoomID, UserID from synapse.util.async_helpers import Linearizer from synapse.util.distributor import user_joined_room, user_left_room +from synapse.util.hash import sha256_and_url_safe_base64 from ._base import BaseHandler +from synapse.handlers.identity import LookupAlgorithm + logger = logging.getLogger(__name__) id_server_scheme = "https://" - class RoomMemberHandler(object): # TODO(paul): This handler currently contains a messy conflation of # low-level API that works on UserID objects and so on, and REST-level @@ -697,22 +699,66 @@ def _lookup_3pid(self, id_server, medium, address): raise SynapseError( 403, "Looking up third-party identifiers is denied from this server" ) + + # Check what hashing details are supported by this identity server try: - data = yield self.simple_http_client.get_json( - "%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server), - {"medium": medium, "address": address}, + hash_details = yield self.simple_http_client.get_json( + "%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server) ) + supported_lookup_algorithms = hash_details["algorithms"] + lookup_pepper = hash_details["lookup_pepper"] + except (HttpResponseException, ValueError) as e: + logger.warn("Error when looking up hashing details: %s" % (e,)) + return None - if "mxid" in data: - if "signatures" not in data: - raise AuthError(401, "No signatures on 3pid binding") - yield self._verify_any_signature(data, id_server) - return data["mxid"] + # Check if none of the supported lookup algorithms are present + if not any(i in supported_lookup_algorithms for i in [LookupAlgorithm.SHA256, + LookupAlgorithm.NONE]): + logger.warn("No supported lookup algorithms found for %s%s" % + (id_server_scheme, id_server)) - except IOError as e: - logger.warn("Error from identity server lookup: %s" % (e,)) return None + if LookupAlgorithm.SHA256 in supported_lookup_algorithms: + # Perform a hashed lookup + lookup_algorithm = LookupAlgorithm.SHA256 + + # Hash address, medium and the pepper with sha256 + to_hash = "%s %s %s" % (address, medium, lookup_pepper) + lookup_value = sha256_and_url_safe_base64(to_hash) + + elif LookupAlgorithm.NONE in supported_lookup_algorithms: + # Perform a non-hashed lookup + lookup_algorithm = LookupAlgorithm.NONE + + # Combine together plaintext address and medium + lookup_value = "%s %s" % (address, medium) + + try: + lookup_results = yield self.simple_http_client.post_json_get_json( + "%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server), + { + "addresses": [lookup_value], + "algorithm": lookup_algorithm, + "pepper": lookup_pepper, + }, + ) + except (HttpResponseException, ValueError) as e: + logger.warn("Error when performing a 3pid lookup: %s" % (e,)) + return None + + # Check for a mapping from what we looked up to an MXID + if ( + "mappings" not in lookup_results + or not isinstance(lookup_results["mappings"], dict) + ): + logger.debug("No results from 3pid lookup") + return None + + # Return the MXID if it's available, or None otherwise + return lookup_results["mappings"].get(lookup_value) + + @defer.inlineCallbacks def _verify_any_signature(self, data, server_hostname): if server_hostname not in data["signatures"]: diff --git a/synapse/util/hash.py b/synapse/util/hash.py new file mode 100644 index 000000000000..aa5d5ae31c81 --- /dev/null +++ b/synapse/util/hash.py @@ -0,0 +1,33 @@ +# -*- coding: utf-8 -*- + +# Copyright 2019 The Matrix.org Foundation C.I.C. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import hashlib +import unpaddedbase64 + + +def sha256_and_url_safe_base64(input_text): + """SHA256 hash an input string, encode the digest as url-safe base64, and + return + + :param input_text: string to hash + :type input_text: str + + :returns a sha256 hashed and url-safe base64 encoded digest + :rtype: str + """ + digest = hashlib.sha256(input_text.encode()).digest() + return unpaddedbase64.encode_base64(digest, urlsafe=True) + From 24ee3aecd5c67673d33f2ed300fddb2d23daf8c9 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 21 Aug 2019 16:27:42 +0200 Subject: [PATCH 02/12] lint --- synapse/handlers/identity.py | 4 +++- synapse/handlers/room_member.py | 22 ++++++++++++---------- synapse/server.pyi | 1 + synapse/util/hash.py | 2 +- 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index beb7cadd4616..bddbc03943e2 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -18,6 +18,7 @@ """Utilities for interacting with Identity Servers""" import logging +from enum import Enum from canonicaljson import json @@ -31,7 +32,6 @@ ) from ._base import BaseHandler -from enum import Enum logger = logging.getLogger(__name__) @@ -284,6 +284,7 @@ def requestMsisdnToken( logger.info("Proxied requestToken failed: %r", e) raise e.to_synapse_error() + class LookupAlgorithm(Enum): """ Supported hashing algorithms when performing a 3PID lookup. @@ -292,5 +293,6 @@ class LookupAlgorithm(Enum): encoding NONE - Not performing any hashing. Simply sending an (address, medium) combo in plaintext """ + SHA256 = "sha256" NONE = "none" diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 68b280924d17..c175b0297419 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -29,6 +29,7 @@ from synapse import types from synapse.api.constants import EventTypes, Membership from synapse.api.errors import AuthError, Codes, HttpResponseException, SynapseError +from synapse.handlers.identity import LookupAlgorithm from synapse.types import RoomID, UserID from synapse.util.async_helpers import Linearizer from synapse.util.distributor import user_joined_room, user_left_room @@ -36,12 +37,11 @@ from ._base import BaseHandler -from synapse.handlers.identity import LookupAlgorithm - logger = logging.getLogger(__name__) id_server_scheme = "https://" + class RoomMemberHandler(object): # TODO(paul): This handler currently contains a messy conflation of # low-level API that works on UserID objects and so on, and REST-level @@ -712,10 +712,14 @@ def _lookup_3pid(self, id_server, medium, address): return None # Check if none of the supported lookup algorithms are present - if not any(i in supported_lookup_algorithms for i in [LookupAlgorithm.SHA256, - LookupAlgorithm.NONE]): - logger.warn("No supported lookup algorithms found for %s%s" % - (id_server_scheme, id_server)) + if not any( + i in supported_lookup_algorithms + for i in [LookupAlgorithm.SHA256, LookupAlgorithm.NONE] + ): + logger.warn( + "No supported lookup algorithms found for %s%s" + % (id_server_scheme, id_server) + ) return None @@ -748,9 +752,8 @@ def _lookup_3pid(self, id_server, medium, address): return None # Check for a mapping from what we looked up to an MXID - if ( - "mappings" not in lookup_results - or not isinstance(lookup_results["mappings"], dict) + if "mappings" not in lookup_results or not isinstance( + lookup_results["mappings"], dict ): logger.debug("No results from 3pid lookup") return None @@ -758,7 +761,6 @@ def _lookup_3pid(self, id_server, medium, address): # Return the MXID if it's available, or None otherwise return lookup_results["mappings"].get(lookup_value) - @defer.inlineCallbacks def _verify_any_signature(self, data, server_hostname): if server_hostname not in data["signatures"]: diff --git a/synapse/server.pyi b/synapse/server.pyi index 16f8f6b573fe..b64ed09c04fc 100644 --- a/synapse/server.pyi +++ b/synapse/server.pyi @@ -18,6 +18,7 @@ import synapse.server_notices.server_notices_sender import synapse.state import synapse.storage + class HomeServer(object): @property def config(self) -> synapse.config.homeserver.HomeServerConfig: diff --git a/synapse/util/hash.py b/synapse/util/hash.py index aa5d5ae31c81..359168704e1f 100644 --- a/synapse/util/hash.py +++ b/synapse/util/hash.py @@ -15,6 +15,7 @@ # limitations under the License. import hashlib + import unpaddedbase64 @@ -30,4 +31,3 @@ def sha256_and_url_safe_base64(input_text): """ digest = hashlib.sha256(input_text.encode()).digest() return unpaddedbase64.encode_base64(digest, urlsafe=True) - From 902ef397afe3cb0db68b0a66eaee09478d289ee5 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 21 Aug 2019 16:29:06 +0200 Subject: [PATCH 03/12] add changelog --- changelog.d/5897.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5897.feature diff --git a/changelog.d/5897.feature b/changelog.d/5897.feature new file mode 100644 index 000000000000..7b10774c96c9 --- /dev/null +++ b/changelog.d/5897.feature @@ -0,0 +1 @@ +Switch to the v2 lookup API for 3PID invites. \ No newline at end of file From 3a114fe105a833f64c37f2a3f6a81862020710a1 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 21 Aug 2019 16:31:06 +0200 Subject: [PATCH 04/12] linter fight --- synapse/server.pyi | 1 - 1 file changed, 1 deletion(-) diff --git a/synapse/server.pyi b/synapse/server.pyi index b64ed09c04fc..16f8f6b573fe 100644 --- a/synapse/server.pyi +++ b/synapse/server.pyi @@ -18,7 +18,6 @@ import synapse.server_notices.server_notices_sender import synapse.state import synapse.storage - class HomeServer(object): @property def config(self) -> synapse.config.homeserver.HomeServerConfig: From 73fb6f3723a18cd7cb83baf4c696d0dd38fffcb4 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 21 Aug 2019 18:23:34 +0200 Subject: [PATCH 05/12] Continue to support v1 lookup --- synapse/handlers/room_member.py | 59 +++++++++++++++++++++++++++++++-- 1 file changed, 57 insertions(+), 2 deletions(-) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index c175b0297419..4bc7d6667701 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -705,12 +705,67 @@ def _lookup_3pid(self, id_server, medium, address): hash_details = yield self.simple_http_client.get_json( "%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server) ) - supported_lookup_algorithms = hash_details["algorithms"] - lookup_pepper = hash_details["lookup_pepper"] except (HttpResponseException, ValueError) as e: + # Check if this identity server does not know about v2 lookups + if HttpResponseException.code == 404: + # This is an old identity server that does not yet support v2 lookups + return self._lookup_3pid_v1(id_server, medium, address) + logger.warn("Error when looking up hashing details: %s" % (e,)) return None + res = yield self._lookup_3pid_v2(id_server, medium, address, hash_details) + return res + + @defer.inlineCallbacks + def _lookup_3pid_v1(self, id_server, medium, address): + """Looks up a 3pid in the passed identity server using v1 lookup. + + Args: + id_server (str): The server name (including port, if required) + of the identity server to use. + medium (str): The type of the third party identifier (e.g. "email"). + address (str): The third party identifier (e.g. "foo@example.com"). + + Returns: + str: the matrix ID of the 3pid, or None if it is not recognized. + """ + try: + data = yield self.simple_http_client.get_json( + "%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server), + {"medium": medium, "address": address}, + ) + + if "mxid" in data: + if "signatures" not in data: + raise AuthError(401, "No signatures on 3pid binding") + yield self._verify_any_signature(data, id_server) + return data["mxid"] + + except IOError as e: + logger.warn("Error from identity server lookup: %s" % (e,)) + + return None + + @defer.inlineCallbacks + def _lookup_3pid_v2(self, id_server, medium, address, hash_details): + """Looks up a 3pid in the passed identity server using v2 lookup. + + Args: + id_server (str): The server name (including port, if required) + of the identity server to use. + medium (str): The type of the third party identifier (e.g. "email"). + address (str): The third party identifier (e.g. "foo@example.com"). + hash_details (dict[str, str]): A dictionary containing hashing information + provided by an identity server. + + Returns: + str: the matrix ID of the 3pid, or None if it is not recognized. + """ + # Extract information from hash_details + supported_lookup_algorithms = hash_details["algorithms"] + lookup_pepper = hash_details["lookup_pepper"] + # Check if none of the supported lookup algorithms are present if not any( i in supported_lookup_algorithms From 2472e2e40d25f66035a22ffb362935774eef8084 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 21 Aug 2019 18:24:37 +0200 Subject: [PATCH 06/12] lint --- synapse/handlers/room_member.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 4bc7d6667701..4a2fb0b83fa5 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -734,7 +734,7 @@ def _lookup_3pid_v1(self, id_server, medium, address): data = yield self.simple_http_client.get_json( "%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server), {"medium": medium, "address": address}, - ) + ) if "mxid" in data: if "signatures" not in data: From 7bfccadf314e6cec2f8b617d9098be1c30b7aa1d Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 27 Aug 2019 13:06:29 +0100 Subject: [PATCH 07/12] Address review comments --- synapse/handlers/room_member.py | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 4a2fb0b83fa5..80445b8afdc4 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -701,19 +701,26 @@ def _lookup_3pid(self, id_server, medium, address): ) # Check what hashing details are supported by this identity server + use_v1 = False try: hash_details = yield self.simple_http_client.get_json( "%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server) ) except (HttpResponseException, ValueError) as e: + # Catch HttpResponseExcept for a non-200 response code + # Catch ValueError for non-JSON response body + # Check if this identity server does not know about v2 lookups - if HttpResponseException.code == 404: + if e.code == 404: # This is an old identity server that does not yet support v2 lookups - return self._lookup_3pid_v1(id_server, medium, address) + use_v1 = True logger.warn("Error when looking up hashing details: %s" % (e,)) return None + if use_v1: + return self._lookup_3pid_v1(id_server, medium, address) + res = yield self._lookup_3pid_v2(id_server, medium, address, hash_details) return res @@ -766,18 +773,7 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): supported_lookup_algorithms = hash_details["algorithms"] lookup_pepper = hash_details["lookup_pepper"] - # Check if none of the supported lookup algorithms are present - if not any( - i in supported_lookup_algorithms - for i in [LookupAlgorithm.SHA256, LookupAlgorithm.NONE] - ): - logger.warn( - "No supported lookup algorithms found for %s%s" - % (id_server_scheme, id_server) - ) - - return None - + # Check if any of the supported lookup algorithms are present if LookupAlgorithm.SHA256 in supported_lookup_algorithms: # Perform a hashed lookup lookup_algorithm = LookupAlgorithm.SHA256 @@ -793,6 +789,11 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): # Combine together plaintext address and medium lookup_value = "%s %s" % (address, medium) + else: + logger.warn("No supported lookup algorithms provided by %s%s: %s", + id_server_scheme, id_server, hash_details["algorithms"]) + return None + try: lookup_results = yield self.simple_http_client.post_json_get_json( "%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server), @@ -803,6 +804,8 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): }, ) except (HttpResponseException, ValueError) as e: + # Catch HttpResponseExcept for a non-200 response code + # Catch ValueError for non-JSON response body logger.warn("Error when performing a 3pid lookup: %s" % (e,)) return None From 75ef0f8b1da3d46262077a9a133113426c890262 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 27 Aug 2019 13:08:14 +0100 Subject: [PATCH 08/12] lint --- synapse/handlers/room_member.py | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 80445b8afdc4..ffc620926362 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -790,8 +790,12 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): lookup_value = "%s %s" % (address, medium) else: - logger.warn("No supported lookup algorithms provided by %s%s: %s", - id_server_scheme, id_server, hash_details["algorithms"]) + logger.warn( + "No supported lookup algorithms provided by %s%s: %s", + id_server_scheme, + id_server, + hash_details["algorithms"], + ) return None try: From e68d64859438375c680feec24881e626a692e5c7 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 28 Aug 2019 11:10:32 +0100 Subject: [PATCH 09/12] small fixes and remove unnecessary Enum --- synapse/handlers/identity.py | 3 +-- synapse/handlers/room_member.py | 38 +++++++++++++++------------------ 2 files changed, 18 insertions(+), 23 deletions(-) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index bddbc03943e2..97daca5fee4e 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -18,7 +18,6 @@ """Utilities for interacting with Identity Servers""" import logging -from enum import Enum from canonicaljson import json @@ -285,7 +284,7 @@ def requestMsisdnToken( raise e.to_synapse_error() -class LookupAlgorithm(Enum): +class LookupAlgorithm: """ Supported hashing algorithms when performing a 3PID lookup. diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index ffc620926362..d619ce60a328 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -525,7 +525,7 @@ def send_membership_event( event (SynapseEvent): The membership event. context: The context of the event. is_guest (bool): Whether the sender is a guest. - room_hosts ([str]): Homeservers which are likely to already be in + remote_room_hosts ([str]): Homeservers which are likely to already be in the room, and could be danced with in order to join this homeserver for the first time. ratelimit (bool): Whether to rate limit this request. @@ -636,7 +636,7 @@ def lookup_room_alias(self, room_alias): servers.remove(room_alias.domain) servers.insert(0, room_alias.domain) - return (RoomID.from_string(room_id), servers) + return RoomID.from_string(room_id), servers @defer.inlineCallbacks def _get_inviter(self, user_id, room_id): @@ -702,6 +702,7 @@ def _lookup_3pid(self, id_server, medium, address): # Check what hashing details are supported by this identity server use_v1 = False + hash_details = None try: hash_details = yield self.simple_http_client.get_json( "%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server) @@ -714,15 +715,14 @@ def _lookup_3pid(self, id_server, medium, address): if e.code == 404: # This is an old identity server that does not yet support v2 lookups use_v1 = True - - logger.warn("Error when looking up hashing details: %s" % (e,)) - return None + else: + logger.warn("Error when looking up hashing details: %s" % (e,)) + return None if use_v1: - return self._lookup_3pid_v1(id_server, medium, address) + return (yield self._lookup_3pid_v1(id_server, medium, address)) - res = yield self._lookup_3pid_v2(id_server, medium, address, hash_details) - return res + return (yield self._lookup_3pid_v2(id_server, medium, address, hash_details)) @defer.inlineCallbacks def _lookup_3pid_v1(self, id_server, medium, address): @@ -763,18 +763,18 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): of the identity server to use. medium (str): The type of the third party identifier (e.g. "email"). address (str): The third party identifier (e.g. "foo@example.com"). - hash_details (dict[str, str]): A dictionary containing hashing information + hash_details (dict[str, str|list]): A dictionary containing hashing information provided by an identity server. Returns: - str: the matrix ID of the 3pid, or None if it is not recognized. + str: the matrix ID of the 3pid, or None if it is not recognised. """ # Extract information from hash_details supported_lookup_algorithms = hash_details["algorithms"] lookup_pepper = hash_details["lookup_pepper"] # Check if any of the supported lookup algorithms are present - if LookupAlgorithm.SHA256 in supported_lookup_algorithms: + if str(LookupAlgorithm.SHA256) in supported_lookup_algorithms: # Perform a hashed lookup lookup_algorithm = LookupAlgorithm.SHA256 @@ -782,7 +782,7 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): to_hash = "%s %s %s" % (address, medium, lookup_pepper) lookup_value = sha256_and_url_safe_base64(to_hash) - elif LookupAlgorithm.NONE in supported_lookup_algorithms: + elif str(LookupAlgorithm.NONE) in supported_lookup_algorithms: # Perform a non-hashed lookup lookup_algorithm = LookupAlgorithm.NONE @@ -791,7 +791,7 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): else: logger.warn( - "No supported lookup algorithms provided by %s%s: %s", + "None of the provided lookup algorithms of %s%s are supported: %s", id_server_scheme, id_server, hash_details["algorithms"], @@ -821,7 +821,8 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): return None # Return the MXID if it's available, or None otherwise - return lookup_results["mappings"].get(lookup_value) + mxid = lookup_results["mappings"].get(lookup_value) + return mxid @defer.inlineCallbacks def _verify_any_signature(self, data, server_hostname): @@ -1072,9 +1073,7 @@ def _is_remote_room_too_complex(self, room_id, remote_room_hosts): ) if complexity: - if complexity["v1"] > max_complexity: - return True - return False + return complexity["v1"] > max_complexity return None @defer.inlineCallbacks @@ -1090,10 +1089,7 @@ def _is_local_room_too_complex(self, room_id): max_complexity = self.hs.config.limit_remote_rooms.complexity complexity = yield self.store.get_room_complexity(room_id) - if complexity["v1"] > max_complexity: - return True - - return False + return complexity["v1"] > max_complexity @defer.inlineCallbacks def _remote_join(self, requester, remote_room_hosts, room_id, user, content): From 38dac2774f14f1261a7c75456f1916f49eee3cb1 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 28 Aug 2019 13:41:29 +0100 Subject: [PATCH 10/12] Warn user when the id_server they chose does not support any of the hs' desired lookup algos --- synapse/handlers/room_member.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index d619ce60a328..98f7d86ec02e 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -774,7 +774,7 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): lookup_pepper = hash_details["lookup_pepper"] # Check if any of the supported lookup algorithms are present - if str(LookupAlgorithm.SHA256) in supported_lookup_algorithms: + if LookupAlgorithm.SHA256 in supported_lookup_algorithms: # Perform a hashed lookup lookup_algorithm = LookupAlgorithm.SHA256 @@ -782,7 +782,7 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): to_hash = "%s %s %s" % (address, medium, lookup_pepper) lookup_value = sha256_and_url_safe_base64(to_hash) - elif str(LookupAlgorithm.NONE) in supported_lookup_algorithms: + elif LookupAlgorithm.NONE in supported_lookup_algorithms: # Perform a non-hashed lookup lookup_algorithm = LookupAlgorithm.NONE @@ -796,7 +796,8 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): id_server, hash_details["algorithms"], ) - return None + raise SynapseError(400, "Provided identity server does not support any v2 lookup " + "algorithms that this homeserver supports.") try: lookup_results = yield self.simple_http_client.post_json_get_json( From 8f1346d82bb6ee3ebabe115a6329b9ae33467835 Mon Sep 17 00:00:00 2001 From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> Date: Wed, 28 Aug 2019 14:43:05 +0200 Subject: [PATCH 11/12] Apply suggestions from code review Co-Authored-By: Erik Johnston --- synapse/handlers/room_member.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 98f7d86ec02e..3414d34882bc 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -525,7 +525,7 @@ def send_membership_event( event (SynapseEvent): The membership event. context: The context of the event. is_guest (bool): Whether the sender is a guest. - remote_room_hosts ([str]): Homeservers which are likely to already be in + remote_room_hosts (list[str]|None): Homeservers which are likely to already be in the room, and could be danced with in order to join this homeserver for the first time. ratelimit (bool): Whether to rate limit this request. @@ -767,7 +767,7 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): provided by an identity server. Returns: - str: the matrix ID of the 3pid, or None if it is not recognised. + Deferred[str|None]: the matrix ID of the 3pid, or None if it is not recognised. """ # Extract information from hash_details supported_lookup_algorithms = hash_details["algorithms"] From 4dc08495b82ece4330bdfcd5dafe9d3fcfa64450 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Wed, 28 Aug 2019 13:43:52 +0100 Subject: [PATCH 12/12] lint --- synapse/handlers/room_member.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 98f7d86ec02e..3ab6fc55f82d 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -796,8 +796,11 @@ def _lookup_3pid_v2(self, id_server, medium, address, hash_details): id_server, hash_details["algorithms"], ) - raise SynapseError(400, "Provided identity server does not support any v2 lookup " - "algorithms that this homeserver supports.") + raise SynapseError( + 400, + "Provided identity server does not support any v2 lookup " + "algorithms that this homeserver supports.", + ) try: lookup_results = yield self.simple_http_client.post_json_get_json(