-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Use the v2 Identity Service API for lookups (MSC2134 + MSC2140) #5976
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR title says "Use the v2 Identity Service API for lookups ...". What do you mean by 'lookups' ?
synapse/handlers/identity.py
Outdated
) | ||
except (HttpResponseException, ValueError) as e: | ||
# Catch HttpResponseExcept for a non-200 response code | ||
# Catch ValueError for non-JSON response body |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if we're doing this, should we check for other exceptions like "failed to connect"?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm, I think ValueError
doesn't have a code
attribute either, which would cause this code to fail.
Should we drop ValueError
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mm, yeah I'm leaning towards dropping ValueError
since that's considered a different error from an old IS.
damn, wrong button |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so this generally looks good, modulo my constant refrain of "the world is simpler with smaller PRs". I'm not going to insist on breaking them up, but I honestly think that it would be easier to keep track of what's done and what's not if PRs are more granular, so if you can stomach the extra work without stabbing me in the eye I think it would be worthwhile.
Otherwise, just a few nitpicks really.
synapse/handlers/identity.py
Outdated
Args: | ||
id_server (str): The server name (including protocol and port, if required) | ||
of the identity server to use. | ||
id_access_token (str): The access token to authenticate to the identity server with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we allow this to be None, or not? currently we can pass in None sometimes...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Theoretically _lookup_3pid_v2
should never be called if id_access_token
is None, as hash_details
is an authenticated endpoint.
Co-Authored-By: Richard van der Hoff <[email protected]>
Yeah, I experienced this backporting some things, but didn't realize that it would be a review issue as well. Might be time for a new sticky note... |
synapse/handlers/room_member.py
Outdated
# Extract information from hash_details | ||
supported_lookup_algorithms = hash_details.get("algorithms") | ||
lookup_pepper = hash_details.get("lookup_pepper") | ||
if not supported_lookup_algorithms or not lookup_pepper: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
isn't pepper optional if the algorithm is NONE ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nope, it's always required. It's to make implementation easier.
Co-Authored-By: Richard van der Hoff <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tests are failing?
Yeah, tests will fail until matrix-org/sytest#697 is merged, which in turn relies on #6013 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚢
Co-Authored-By: Richard van der Hoff <[email protected]>
3PID invites require making a request to an identity server to check that the invited 3PID has an Matrix ID linked, and if so, what it is. These requests are being made on behalf of a user. The user will supply an identity server and an access token for that identity server. The homeserver will then forward this request with the access token (using an `Authorization` header) and, if the given identity server doesn't support v2 endpoints, will fall back to v1 (which doesn't require any access tokens). Requires: ~~#5976~~
This is a redo of #5897 but with
id_access_token
accepted.Implements MSC2134 plus Identity Service v2 authentication ala MSC2140.
Identity lookup-related functions were also moved from
RoomMemberHandler
toIdentityHandler
.