Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Revert "Use the v2 lookup API for 3PID invites (#5897)"
Browse files Browse the repository at this point in the history 
This reverts commit 71fc040.
  • Loading branch information
@anoadragon453
anoadragon453 committed Aug 30, 2019
1 parent 5625abe commit c63a319
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 166 deletions.
1 change: 0 additions & 1 deletion changelog.d/5897.feature
View file

This file was deleted.

13 changes: 0 additions & 13 deletions synapse/handlers/identity.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -282,16 +282,3 @@ def requestMsisdnToken(
except HttpResponseException as e:
logger.info("Proxied requestToken failed: %r", e)
raise e.to_synapse_error()


class LookupAlgorithm:
"""
Supported hashing algorithms when performing a 3PID lookup.
SHA256 - Hashing an (address, medium, pepper) combo with sha256, then url-safe base64
encoding
NONE - Not performing any hashing. Simply sending an (address, medium) combo in plaintext
"""

SHA256 = "sha256"
NONE = "none"
128 changes: 9 additions & 119 deletions synapse/handlers/room_member.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,9 @@
from synapse import types
from synapse.api.constants import EventTypes, Membership
from synapse.api.errors import AuthError, Codes, HttpResponseException, SynapseError
from synapse.handlers.identity import LookupAlgorithm
from synapse.types import RoomID, UserID
from synapse.util.async_helpers import Linearizer
from synapse.util.distributor import user_joined_room, user_left_room
from synapse.util.hash import sha256_and_url_safe_base64

from ._base import BaseHandler

Expand Down Expand Up @@ -525,7 +523,7 @@ def send_membership_event(
event (SynapseEvent): The membership event.
context: The context of the event.
is_guest (bool): Whether the sender is a guest.
remote_room_hosts (list[str]|None): Homeservers which are likely to already be in
room_hosts ([str]): Homeservers which are likely to already be in
the room, and could be danced with in order to join this
homeserver for the first time.
ratelimit (bool): Whether to rate limit this request.
Expand Down Expand Up @@ -636,7 +634,7 @@ def lookup_room_alias(self, room_alias):
servers.remove(room_alias.domain)
servers.insert(0, room_alias.domain)

return RoomID.from_string(room_id), servers
return (RoomID.from_string(room_id), servers)

@defer.inlineCallbacks
def _get_inviter(self, user_id, room_id):
Expand Down Expand Up @@ -699,44 +697,6 @@ def _lookup_3pid(self, id_server, medium, address):
raise SynapseError(
403, "Looking up third-party identifiers is denied from this server"
)

# Check what hashing details are supported by this identity server
use_v1 = False
hash_details = None
try:
hash_details = yield self.simple_http_client.get_json(
"%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server)
)
except (HttpResponseException, ValueError) as e:
# Catch HttpResponseExcept for a non-200 response code
# Catch ValueError for non-JSON response body

# Check if this identity server does not know about v2 lookups
if e.code == 404:
# This is an old identity server that does not yet support v2 lookups
use_v1 = True
else:
logger.warn("Error when looking up hashing details: %s" % (e,))
return None

if use_v1:
return (yield self._lookup_3pid_v1(id_server, medium, address))

return (yield self._lookup_3pid_v2(id_server, medium, address, hash_details))

@defer.inlineCallbacks
def _lookup_3pid_v1(self, id_server, medium, address):
"""Looks up a 3pid in the passed identity server using v1 lookup.
Args:
id_server (str): The server name (including port, if required)
of the identity server to use.
medium (str): The type of the third party identifier (e.g. "email").
address (str): The third party identifier (e.g. "foo@example.com").
Returns:
str: the matrix ID of the 3pid, or None if it is not recognized.
"""
try:
data = yield self.simple_http_client.get_json(
"%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server),
Expand All @@ -751,83 +711,8 @@ def _lookup_3pid_v1(self, id_server, medium, address):

except IOError as e:
logger.warn("Error from identity server lookup: %s" % (e,))

return None

@defer.inlineCallbacks
def _lookup_3pid_v2(self, id_server, medium, address, hash_details):
"""Looks up a 3pid in the passed identity server using v2 lookup.
Args:
id_server (str): The server name (including port, if required)
of the identity server to use.
medium (str): The type of the third party identifier (e.g. "email").
address (str): The third party identifier (e.g. "foo@example.com").
hash_details (dict[str, str|list]): A dictionary containing hashing information
provided by an identity server.
Returns:
Deferred[str|None]: the matrix ID of the 3pid, or None if it is not recognised.
"""
# Extract information from hash_details
supported_lookup_algorithms = hash_details["algorithms"]
lookup_pepper = hash_details["lookup_pepper"]

# Check if any of the supported lookup algorithms are present
if LookupAlgorithm.SHA256 in supported_lookup_algorithms:
# Perform a hashed lookup
lookup_algorithm = LookupAlgorithm.SHA256

# Hash address, medium and the pepper with sha256
to_hash = "%s %s %s" % (address, medium, lookup_pepper)
lookup_value = sha256_and_url_safe_base64(to_hash)

elif LookupAlgorithm.NONE in supported_lookup_algorithms:
# Perform a non-hashed lookup
lookup_algorithm = LookupAlgorithm.NONE

# Combine together plaintext address and medium
lookup_value = "%s %s" % (address, medium)

else:
logger.warn(
"None of the provided lookup algorithms of %s%s are supported: %s",
id_server_scheme,
id_server,
hash_details["algorithms"],
)
raise SynapseError(
400,
"Provided identity server does not support any v2 lookup "
"algorithms that this homeserver supports.",
)

try:
lookup_results = yield self.simple_http_client.post_json_get_json(
"%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server),
{
"addresses": [lookup_value],
"algorithm": lookup_algorithm,
"pepper": lookup_pepper,
},
)
except (HttpResponseException, ValueError) as e:
# Catch HttpResponseExcept for a non-200 response code
# Catch ValueError for non-JSON response body
logger.warn("Error when performing a 3pid lookup: %s" % (e,))
return None

# Check for a mapping from what we looked up to an MXID
if "mappings" not in lookup_results or not isinstance(
lookup_results["mappings"], dict
):
logger.debug("No results from 3pid lookup")
return None

# Return the MXID if it's available, or None otherwise
mxid = lookup_results["mappings"].get(lookup_value)
return mxid

@defer.inlineCallbacks
def _verify_any_signature(self, data, server_hostname):
if server_hostname not in data["signatures"]:
Expand Down Expand Up @@ -1077,7 +962,9 @@ def _is_remote_room_too_complex(self, room_id, remote_room_hosts):
)

if complexity:
return complexity["v1"] > max_complexity
if complexity["v1"] > max_complexity:
return True
return False
return None

@defer.inlineCallbacks
Expand All @@ -1093,7 +980,10 @@ def _is_local_room_too_complex(self, room_id):
max_complexity = self.hs.config.limit_remote_rooms.complexity
complexity = yield self.store.get_room_complexity(room_id)

return complexity["v1"] > max_complexity
if complexity["v1"] > max_complexity:
return True

return False

@defer.inlineCallbacks
def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
Expand Down
33 changes: 0 additions & 33 deletions synapse/util/hash.py
View file

This file was deleted.

0 comments on commit c63a319

Please sign in to comment.