Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Revert "Use the v2 lookup API for 3PID invites" #5937

Merged
merged 1 commit into from
Aug 30, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion changelog.d/5897.feature

This file was deleted.

13 changes: 0 additions & 13 deletions synapse/handlers/identity.py
Original file line number Diff line number Diff line change
Expand Up @@ -282,16 +282,3 @@ def requestMsisdnToken(
except HttpResponseException as e:
logger.info("Proxied requestToken failed: %r", e)
raise e.to_synapse_error()


class LookupAlgorithm:
"""
Supported hashing algorithms when performing a 3PID lookup.

SHA256 - Hashing an (address, medium, pepper) combo with sha256, then url-safe base64
encoding
NONE - Not performing any hashing. Simply sending an (address, medium) combo in plaintext
"""

SHA256 = "sha256"
NONE = "none"
128 changes: 9 additions & 119 deletions synapse/handlers/room_member.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,9 @@
from synapse import types
from synapse.api.constants import EventTypes, Membership
from synapse.api.errors import AuthError, Codes, HttpResponseException, SynapseError
from synapse.handlers.identity import LookupAlgorithm
from synapse.types import RoomID, UserID
from synapse.util.async_helpers import Linearizer
from synapse.util.distributor import user_joined_room, user_left_room
from synapse.util.hash import sha256_and_url_safe_base64

from ._base import BaseHandler

Expand Down Expand Up @@ -525,7 +523,7 @@ def send_membership_event(
event (SynapseEvent): The membership event.
context: The context of the event.
is_guest (bool): Whether the sender is a guest.
remote_room_hosts (list[str]|None): Homeservers which are likely to already be in
room_hosts ([str]): Homeservers which are likely to already be in
the room, and could be danced with in order to join this
homeserver for the first time.
ratelimit (bool): Whether to rate limit this request.
Expand Down Expand Up @@ -636,7 +634,7 @@ def lookup_room_alias(self, room_alias):
servers.remove(room_alias.domain)
servers.insert(0, room_alias.domain)

return RoomID.from_string(room_id), servers
return (RoomID.from_string(room_id), servers)

@defer.inlineCallbacks
def _get_inviter(self, user_id, room_id):
Expand Down Expand Up @@ -699,44 +697,6 @@ def _lookup_3pid(self, id_server, medium, address):
raise SynapseError(
403, "Looking up third-party identifiers is denied from this server"
)

# Check what hashing details are supported by this identity server
use_v1 = False
hash_details = None
try:
hash_details = yield self.simple_http_client.get_json(
"%s%s/_matrix/identity/v2/hash_details" % (id_server_scheme, id_server)
)
except (HttpResponseException, ValueError) as e:
# Catch HttpResponseExcept for a non-200 response code
# Catch ValueError for non-JSON response body

# Check if this identity server does not know about v2 lookups
if e.code == 404:
# This is an old identity server that does not yet support v2 lookups
use_v1 = True
else:
logger.warn("Error when looking up hashing details: %s" % (e,))
return None

if use_v1:
return (yield self._lookup_3pid_v1(id_server, medium, address))

return (yield self._lookup_3pid_v2(id_server, medium, address, hash_details))

@defer.inlineCallbacks
def _lookup_3pid_v1(self, id_server, medium, address):
"""Looks up a 3pid in the passed identity server using v1 lookup.

Args:
id_server (str): The server name (including port, if required)
of the identity server to use.
medium (str): The type of the third party identifier (e.g. "email").
address (str): The third party identifier (e.g. "[email protected]").

Returns:
str: the matrix ID of the 3pid, or None if it is not recognized.
"""
try:
data = yield self.simple_http_client.get_json(
"%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server),
Expand All @@ -751,83 +711,8 @@ def _lookup_3pid_v1(self, id_server, medium, address):

except IOError as e:
logger.warn("Error from identity server lookup: %s" % (e,))

return None

@defer.inlineCallbacks
def _lookup_3pid_v2(self, id_server, medium, address, hash_details):
"""Looks up a 3pid in the passed identity server using v2 lookup.

Args:
id_server (str): The server name (including port, if required)
of the identity server to use.
medium (str): The type of the third party identifier (e.g. "email").
address (str): The third party identifier (e.g. "[email protected]").
hash_details (dict[str, str|list]): A dictionary containing hashing information
provided by an identity server.

Returns:
Deferred[str|None]: the matrix ID of the 3pid, or None if it is not recognised.
"""
# Extract information from hash_details
supported_lookup_algorithms = hash_details["algorithms"]
lookup_pepper = hash_details["lookup_pepper"]

# Check if any of the supported lookup algorithms are present
if LookupAlgorithm.SHA256 in supported_lookup_algorithms:
# Perform a hashed lookup
lookup_algorithm = LookupAlgorithm.SHA256

# Hash address, medium and the pepper with sha256
to_hash = "%s %s %s" % (address, medium, lookup_pepper)
lookup_value = sha256_and_url_safe_base64(to_hash)

elif LookupAlgorithm.NONE in supported_lookup_algorithms:
# Perform a non-hashed lookup
lookup_algorithm = LookupAlgorithm.NONE

# Combine together plaintext address and medium
lookup_value = "%s %s" % (address, medium)

else:
logger.warn(
"None of the provided lookup algorithms of %s%s are supported: %s",
id_server_scheme,
id_server,
hash_details["algorithms"],
)
raise SynapseError(
400,
"Provided identity server does not support any v2 lookup "
"algorithms that this homeserver supports.",
)

try:
lookup_results = yield self.simple_http_client.post_json_get_json(
"%s%s/_matrix/identity/v2/lookup" % (id_server_scheme, id_server),
{
"addresses": [lookup_value],
"algorithm": lookup_algorithm,
"pepper": lookup_pepper,
},
)
except (HttpResponseException, ValueError) as e:
# Catch HttpResponseExcept for a non-200 response code
# Catch ValueError for non-JSON response body
logger.warn("Error when performing a 3pid lookup: %s" % (e,))
return None

# Check for a mapping from what we looked up to an MXID
if "mappings" not in lookup_results or not isinstance(
lookup_results["mappings"], dict
):
logger.debug("No results from 3pid lookup")
return None

# Return the MXID if it's available, or None otherwise
mxid = lookup_results["mappings"].get(lookup_value)
return mxid

@defer.inlineCallbacks
def _verify_any_signature(self, data, server_hostname):
if server_hostname not in data["signatures"]:
Expand Down Expand Up @@ -1077,7 +962,9 @@ def _is_remote_room_too_complex(self, room_id, remote_room_hosts):
)

if complexity:
return complexity["v1"] > max_complexity
if complexity["v1"] > max_complexity:
return True
return False
return None

@defer.inlineCallbacks
Expand All @@ -1093,7 +980,10 @@ def _is_local_room_too_complex(self, room_id):
max_complexity = self.hs.config.limit_remote_rooms.complexity
complexity = yield self.store.get_room_complexity(room_id)

return complexity["v1"] > max_complexity
if complexity["v1"] > max_complexity:
return True

return False

@defer.inlineCallbacks
def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
Expand Down
33 changes: 0 additions & 33 deletions synapse/util/hash.py

This file was deleted.