mirror of
https://mau.dev/maunium/synapse.git
synced 2024-11-11 12:31:58 +01:00
Working unsubscribe links going straight to the HS
and authed by macaroons that let you delete pushers and nothing else
This commit is contained in:
parent
c71177f285
commit
1f31cc37f8
4 changed files with 36 additions and 6 deletions
|
@ -660,6 +660,13 @@ class Auth(object):
|
||||||
"is_guest": True,
|
"is_guest": True,
|
||||||
"token_id": None,
|
"token_id": None,
|
||||||
}
|
}
|
||||||
|
elif rights == "delete_pusher":
|
||||||
|
# We don't store these tokens in the database
|
||||||
|
ret = {
|
||||||
|
"user": user,
|
||||||
|
"is_guest": False,
|
||||||
|
"token_id": None,
|
||||||
|
}
|
||||||
else:
|
else:
|
||||||
# This codepath exists so that we can actually return a
|
# This codepath exists so that we can actually return a
|
||||||
# token ID, because we use token IDs in place of device
|
# token ID, because we use token IDs in place of device
|
||||||
|
|
|
@ -21,6 +21,7 @@ from synapse.config._base import ConfigError
|
||||||
from synapse.config.database import DatabaseConfig
|
from synapse.config.database import DatabaseConfig
|
||||||
from synapse.config.logger import LoggingConfig
|
from synapse.config.logger import LoggingConfig
|
||||||
from synapse.config.emailconfig import EmailConfig
|
from synapse.config.emailconfig import EmailConfig
|
||||||
|
from synapse.config.key import KeyConfig
|
||||||
from synapse.http.site import SynapseSite
|
from synapse.http.site import SynapseSite
|
||||||
from synapse.metrics.resource import MetricsResource, METRICS_PREFIX
|
from synapse.metrics.resource import MetricsResource, METRICS_PREFIX
|
||||||
from synapse.storage.roommember import RoomMemberStore
|
from synapse.storage.roommember import RoomMemberStore
|
||||||
|
@ -63,6 +64,26 @@ class SlaveConfig(DatabaseConfig):
|
||||||
self.pid_file = self.abspath(config.get("pid_file"))
|
self.pid_file = self.abspath(config.get("pid_file"))
|
||||||
self.public_baseurl = config["public_baseurl"]
|
self.public_baseurl = config["public_baseurl"]
|
||||||
|
|
||||||
|
# some things used by the auth handler but not actually used in the
|
||||||
|
# pusher codebase
|
||||||
|
self.bcrypt_rounds = None
|
||||||
|
self.ldap_enabled = None
|
||||||
|
self.ldap_server = None
|
||||||
|
self.ldap_port = None
|
||||||
|
self.ldap_tls = None
|
||||||
|
self.ldap_search_base = None
|
||||||
|
self.ldap_search_property = None
|
||||||
|
self.ldap_email_property = None
|
||||||
|
self.ldap_full_name_property = None
|
||||||
|
|
||||||
|
# We would otherwise try to use the registration shared secret as the
|
||||||
|
# macaroon shared secret if there was no macaroon_shared_secret, but
|
||||||
|
# that means pulling in RegistrationConfig too. We don't need to be
|
||||||
|
# backwards compaitible in the pusher codebase so just make people set
|
||||||
|
# macaroon_shared_secret. We set this to None to prevent it referencing
|
||||||
|
# an undefined key.
|
||||||
|
self.registration_shared_secret = None
|
||||||
|
|
||||||
def default_config(self, server_name, **kwargs):
|
def default_config(self, server_name, **kwargs):
|
||||||
pid_file = self.abspath("pusher.pid")
|
pid_file = self.abspath("pusher.pid")
|
||||||
return """\
|
return """\
|
||||||
|
@ -95,7 +116,7 @@ class SlaveConfig(DatabaseConfig):
|
||||||
""" % locals()
|
""" % locals()
|
||||||
|
|
||||||
|
|
||||||
class PusherSlaveConfig(SlaveConfig, LoggingConfig, EmailConfig):
|
class PusherSlaveConfig(SlaveConfig, LoggingConfig, EmailConfig, KeyConfig):
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -81,7 +81,7 @@ class Mailer(object):
|
||||||
def __init__(self, hs, app_name):
|
def __init__(self, hs, app_name):
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
self.store = self.hs.get_datastore()
|
self.store = self.hs.get_datastore()
|
||||||
self.handlers = self.hs.get_handlers()
|
self.auth_handler = self.hs.get_auth_handler()
|
||||||
self.state_handler = self.hs.get_state_handler()
|
self.state_handler = self.hs.get_state_handler()
|
||||||
loader = jinja2.FileSystemLoader(self.hs.config.email_template_dir)
|
loader = jinja2.FileSystemLoader(self.hs.config.email_template_dir)
|
||||||
self.app_name = app_name
|
self.app_name = app_name
|
||||||
|
@ -161,7 +161,7 @@ class Mailer(object):
|
||||||
|
|
||||||
template_vars = {
|
template_vars = {
|
||||||
"user_display_name": user_display_name,
|
"user_display_name": user_display_name,
|
||||||
"unsubscribe_link": self.make_unsubscribe_link(app_id, email_address),
|
"unsubscribe_link": self.make_unsubscribe_link(user_id, app_id, email_address),
|
||||||
"summary_text": summary_text,
|
"summary_text": summary_text,
|
||||||
"app_name": self.app_name,
|
"app_name": self.app_name,
|
||||||
"rooms": rooms,
|
"rooms": rooms,
|
||||||
|
@ -427,9 +427,9 @@ class Mailer(object):
|
||||||
notif['room_id'], notif['event_id']
|
notif['room_id'], notif['event_id']
|
||||||
)
|
)
|
||||||
|
|
||||||
def make_unsubscribe_link(self, app_id, email_address):
|
def make_unsubscribe_link(self, user_id, app_id, email_address):
|
||||||
params = {
|
params = {
|
||||||
"access_token": self.handlers.auth.generate_delete_pusher_token(),
|
"access_token": self.auth_handler.generate_delete_pusher_token(user_id),
|
||||||
"app_id": app_id,
|
"app_id": app_id,
|
||||||
"pushkey": email_address,
|
"pushkey": email_address,
|
||||||
}
|
}
|
||||||
|
|
|
@ -149,11 +149,13 @@ class PushersRemoveRestServlet(RestServlet):
|
||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
super(RestServlet, self).__init__()
|
super(RestServlet, self).__init__()
|
||||||
|
self.hs = hs
|
||||||
self.notifier = hs.get_notifier()
|
self.notifier = hs.get_notifier()
|
||||||
|
self.auth = hs.get_v1auth()
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_GET(self, request):
|
def on_GET(self, request):
|
||||||
requester = yield self.auth.get_user_by_req(request, "delete_pusher")
|
requester = yield self.auth.get_user_by_req(request, rights="delete_pusher")
|
||||||
user = requester.user
|
user = requester.user
|
||||||
|
|
||||||
app_id = parse_string(request, "app_id", required=True)
|
app_id = parse_string(request, "app_id", required=True)
|
||||||
|
|
Loading…
Reference in a new issue