Make the AS login method call Auth.get_user_by_req for checking the AS token. (#13094)

This gets rid of another usage of get_appservice_by_req, with all the benefits, including correctly tracking the appservice IP and setting the tracing attributes correctly. Signed-off-by: Quentin Gliech <quenting@element.io>
2024-06-01 18:28:56 +02:00 · 2022-07-12 12:06:29 -05:00 · 2022-07-12 12:06:29 -05:00 · b19060a29b
parent 2d82cdafd2
commit b19060a29b
2 changed files with 9 additions and 2 deletions
--- a/changelog.d/13094.misc
+++ b/changelog.d/13094.misc
@ -0,0 +1 @@
+Make the AS login method call `Auth.get_user_by_req` for checking the AS token.
--- a/synapse/rest/client/login.py
+++ b/synapse/rest/client/login.py
@ -28,7 +28,7 @@ from typing import (

 from typing_extensions import TypedDict

-from synapse.api.errors import Codes, LoginError, SynapseError
+from synapse.api.errors import Codes, InvalidClientTokenError, LoginError, SynapseError
 from synapse.api.ratelimiting import Ratelimiter
 from synapse.api.urls import CLIENT_API_PREFIX
 from synapse.appservice import ApplicationService
@ -172,7 +172,13 @@ class LoginRestServlet(RestServlet):

        try:
            if login_submission["type"] == LoginRestServlet.APPSERVICE_TYPE:
-                appservice = self.auth.get_appservice_by_req(request)
+                requester = await self.auth.get_user_by_req(request)
+                appservice = requester.app_service
+
+                if appservice is None:
+                    raise InvalidClientTokenError(
+                        "This login method is only valid for application services"
+                    )

                if appservice.is_rate_limited():
                    await self._address_ratelimiter.ratelimit(
				`@ -0,0 +1 @@`
				Make the AS login method call `Auth.get_user_by_req` for checking the AS token.