forked from MirrorHub/synapse
Merge branch 'erikj/attestation_local_fix' of github.com:matrix-org/synapse into develop
This commit is contained in:
commit
4ab8abbc2b
3 changed files with 36 additions and 9 deletions
|
@ -35,6 +35,8 @@ An attestsation is a signed blob of json that looks like:
|
||||||
}
|
}
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import logging
|
||||||
|
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
from synapse.api.errors import SynapseError
|
from synapse.api.errors import SynapseError
|
||||||
|
@ -44,6 +46,9 @@ from synapse.util.logcontext import preserve_fn
|
||||||
from signedjson.sign import sign_json
|
from signedjson.sign import sign_json
|
||||||
|
|
||||||
|
|
||||||
|
logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
# Default validity duration for new attestations we create
|
# Default validity duration for new attestations we create
|
||||||
DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000
|
DEFAULT_ATTESTATION_LENGTH_MS = 3 * 24 * 60 * 60 * 1000
|
||||||
|
|
||||||
|
@ -150,12 +155,19 @@ class GroupAttestionRenewer(object):
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def _renew_attestation(group_id, user_id):
|
def _renew_attestation(group_id, user_id):
|
||||||
attestation = self.attestations.create_attestation(group_id, user_id)
|
if not self.is_mine_id(group_id):
|
||||||
|
destination = get_domain_from_id(group_id)
|
||||||
if self.is_mine_id(group_id):
|
elif not self.is_mine_id(user_id):
|
||||||
destination = get_domain_from_id(user_id)
|
destination = get_domain_from_id(user_id)
|
||||||
else:
|
else:
|
||||||
destination = get_domain_from_id(group_id)
|
logger.warn(
|
||||||
|
"Incorrectly trying to do attestations for user: %r in %r",
|
||||||
|
user_id, group_id,
|
||||||
|
)
|
||||||
|
yield self.store.remove_attestation_renewal(group_id, user_id)
|
||||||
|
return
|
||||||
|
|
||||||
|
attestation = self.attestations.create_attestation(group_id, user_id)
|
||||||
|
|
||||||
yield self.transport_client.renew_group_attestation(
|
yield self.transport_client.renew_group_attestation(
|
||||||
destination, group_id, user_id,
|
destination, group_id, user_id,
|
||||||
|
|
|
@ -646,6 +646,7 @@ class GroupsServerHandler(object):
|
||||||
raise SynapseError(403, "User not invited to group")
|
raise SynapseError(403, "User not invited to group")
|
||||||
|
|
||||||
if not self.hs.is_mine_id(requester_user_id):
|
if not self.hs.is_mine_id(requester_user_id):
|
||||||
|
local_attestation = self.attestations.create_attestation(group_id, user_id)
|
||||||
remote_attestation = content["attestation"]
|
remote_attestation = content["attestation"]
|
||||||
|
|
||||||
yield self.attestations.verify_attestation(
|
yield self.attestations.verify_attestation(
|
||||||
|
@ -654,13 +655,9 @@ class GroupsServerHandler(object):
|
||||||
group_id=group_id,
|
group_id=group_id,
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
|
local_attestation = None
|
||||||
remote_attestation = None
|
remote_attestation = None
|
||||||
|
|
||||||
local_attestation = self.attestations.create_attestation(
|
|
||||||
group_id,
|
|
||||||
requester_user_id,
|
|
||||||
)
|
|
||||||
|
|
||||||
is_public = _parse_visibility_from_contents(content)
|
is_public = _parse_visibility_from_contents(content)
|
||||||
|
|
||||||
yield self.store.add_user_to_group(
|
yield self.store.add_user_to_group(
|
||||||
|
|
|
@ -1089,6 +1089,24 @@ class GroupServerStore(SQLBaseStore):
|
||||||
desc="update_remote_attestion",
|
desc="update_remote_attestion",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def remove_attestation_renewal(self, group_id, user_id):
|
||||||
|
"""Remove an attestation that we thought we should renew, but actually
|
||||||
|
shouldn't. Ideally this would never get called as we would never
|
||||||
|
incorrectly try and do attestations for local users on local groups.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
group_id (str)
|
||||||
|
user_id (str)
|
||||||
|
"""
|
||||||
|
return self._simple_delete(
|
||||||
|
table="group_attestations_renewals",
|
||||||
|
keyvalues={
|
||||||
|
"group_id": group_id,
|
||||||
|
"user_id": user_id,
|
||||||
|
},
|
||||||
|
desc="remove_attestation_renewal",
|
||||||
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def get_remote_attestation(self, group_id, user_id):
|
def get_remote_attestation(self, group_id, user_id):
|
||||||
"""Get the attestation that proves the remote agrees that the user is
|
"""Get the attestation that proves the remote agrees that the user is
|
||||||
|
|
Loading…
Reference in a new issue