mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-20 21:33:19 -06:00
Code Issues Packages Projects Releases Wiki Activity

Review comments and test fix

Browse source
This commit is contained in:
Kegan Dougal 2020-06-16 13:51:34 +01:00
parent 61e34d0184
commit 88aadedc59
3 changed files with 24 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
clientapi/auth/auth.go
View file

@ -71,6 +71,14 @@ func VerifyUserFromRequest(
jsonErr := jsonerror.InternalServerError() jsonErr := jsonerror.InternalServerError()
return nil, &jsonErr return nil, &jsonErr
} }
if res.Err != nil {
if forbidden, ok := res.Err.(*api.ErrorForbidden); ok {
return nil, &util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden(forbidden.Message),
}
}
}
if res.Device == nil { if res.Device == nil {
return nil, &util.JSONResponse{ return nil, &util.JSONResponse{
Code: http.StatusUnauthorized, Code: http.StatusUnauthorized,

13
userapi/api/api.go
View file

@ -25,13 +25,15 @@ type UserInternalAPI interface {
// QueryAccessTokenRequest is the request for QueryAccessToken // QueryAccessTokenRequest is the request for QueryAccessToken
type QueryAccessTokenRequest struct { type QueryAccessTokenRequest struct {
AccessToken string AccessToken string
// optional user ID, valid only if the token is an appservice // optional user ID, valid only if the token is an appservice.
// https://matrix.org/docs/spec/application_service/r0.1.2#using-sync-and-events
AppServiceUserID string AppServiceUserID string
} }
// QueryAccessTokenResponse is the response for QueryAccessToken // QueryAccessTokenResponse is the response for QueryAccessToken
type QueryAccessTokenResponse struct { type QueryAccessTokenResponse struct {
Device *Device Device *Device
Err error // e.g ErrorForbidden
} }
// QueryProfileRequest is the request for QueryProfile // QueryProfileRequest is the request for QueryProfile
@ -64,3 +66,12 @@ type Device struct {
// TODO: display name, last used timestamp, keys, etc // TODO: display name, last used timestamp, keys, etc
DisplayName string DisplayName string
} }
// ErrorForbidden is an error indicating that the supplied access token is forbidden
type ErrorForbidden struct {
Message string
}
func (e *ErrorForbidden) Error() string {
return "Forbidden: " + e.Message
}

10
userapi/internal/api.go
View file

@ -58,12 +58,10 @@ func (a *UserInternalAPI) QueryProfile(ctx context.Context, req *api.QueryProfil
} }
func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error { func (a *UserInternalAPI) QueryAccessToken(ctx context.Context, req *api.QueryAccessTokenRequest, res *api.QueryAccessTokenResponse) error {
appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID) if req.AppServiceUserID != "" {
if err != nil { appServiceDevice, err := a.queryAppServiceToken(ctx, req.AccessToken, req.AppServiceUserID)
return err
}
if appServiceDevice != nil {
res.Device = appServiceDevice res.Device = appServiceDevice
res.Err = err
return nil return nil
} }
device, err := a.DeviceDB.GetDeviceByAccessToken(ctx, req.AccessToken) device, err := a.DeviceDB.GetDeviceByAccessToken(ctx, req.AccessToken)
@ -114,7 +112,7 @@ func (a *UserInternalAPI) queryAppServiceToken(ctx context.Context, token, appSe
dev.UserID = appServiceUserID dev.UserID = appServiceUserID
return &dev, nil return &dev, nil
} }
return nil, fmt.Errorf("appservice has not registered this user") return nil, &api.ErrorForbidden{Message: "appservice has not registered this user"}
} }
// AS is not masquerading as any user, so use AS's sender_localpart // AS is not masquerading as any user, so use AS's sender_localpart