Disable incompatible Admin API endpoints
This commit is contained in:
parent
4d0231b364
commit
e343125b38
|
@ -257,8 +257,10 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
|
|||
DeleteRoomStatusByRoomIdRestServlet(hs).register(http_server)
|
||||
JoinRoomAliasServlet(hs).register(http_server)
|
||||
VersionServlet(hs).register(http_server)
|
||||
if not hs.config.experimental.msc3861.enabled:
|
||||
UserAdminServlet(hs).register(http_server)
|
||||
UserMembershipRestServlet(hs).register(http_server)
|
||||
if not hs.config.experimental.msc3861.enabled:
|
||||
UserTokenRestServlet(hs).register(http_server)
|
||||
UserRestServletV2(hs).register(http_server)
|
||||
UsersRestServletV2(hs).register(http_server)
|
||||
|
@ -274,6 +276,7 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
|
|||
RoomEventContextServlet(hs).register(http_server)
|
||||
RateLimitRestServlet(hs).register(http_server)
|
||||
UsernameAvailableRestServlet(hs).register(http_server)
|
||||
if not hs.config.experimental.msc3861.enabled:
|
||||
ListRegistrationTokensRestServlet(hs).register(http_server)
|
||||
NewRegistrationTokenRestServlet(hs).register(http_server)
|
||||
RegistrationTokenRestServlet(hs).register(http_server)
|
||||
|
@ -306,8 +309,10 @@ def register_servlets_for_client_rest_resource(
|
|||
# The following resources can only be run on the main process.
|
||||
if hs.config.worker.worker_app is None:
|
||||
DeactivateAccountRestServlet(hs).register(http_server)
|
||||
if not hs.config.experimental.msc3861.enabled:
|
||||
ResetPasswordRestServlet(hs).register(http_server)
|
||||
SearchUsersRestServlet(hs).register(http_server)
|
||||
if not hs.config.experimental.msc3861.enabled:
|
||||
UserRegisterServlet(hs).register(http_server)
|
||||
AccountValidityRenewServlet(hs).register(http_server)
|
||||
|
||||
|
|
|
@ -71,6 +71,7 @@ class UsersRestServletV2(RestServlet):
|
|||
self.auth = hs.get_auth()
|
||||
self.admin_handler = hs.get_admin_handler()
|
||||
self._msc3866_enabled = hs.config.experimental.msc3866.enabled
|
||||
self._msc3861_enabled = hs.config.experimental.msc3861.enabled
|
||||
|
||||
async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||
await assert_requester_is_admin(self.auth, request)
|
||||
|
@ -94,7 +95,14 @@ class UsersRestServletV2(RestServlet):
|
|||
|
||||
user_id = parse_string(request, "user_id")
|
||||
name = parse_string(request, "name")
|
||||
|
||||
guests = parse_boolean(request, "guests", default=True)
|
||||
if self._msc3861_enabled and guests:
|
||||
raise SynapseError(
|
||||
HTTPStatus.BAD_REQUEST,
|
||||
"The guests parameter is not supported when MSC3861 is enabled.",
|
||||
errcode=Codes.INVALID_PARAM,
|
||||
)
|
||||
deactivated = parse_boolean(request, "deactivated", default=False)
|
||||
|
||||
# If support for MSC3866 is not enabled, apply no filtering based on the
|
||||
|
|
|
@ -31,6 +31,7 @@ from synapse.api.errors import (
|
|||
InvalidClientTokenError,
|
||||
OAuthInsufficientScopeError,
|
||||
)
|
||||
from synapse.rest import admin
|
||||
from synapse.rest.client import account, devices, keys, login, logout, register
|
||||
from synapse.server import HomeServer
|
||||
from synapse.types import JsonDict
|
||||
|
@ -104,6 +105,7 @@ class MSC3861OAuthDelegation(HomeserverTestCase):
|
|||
register.register_servlets,
|
||||
login.register_servlets,
|
||||
logout.register_servlets,
|
||||
admin.register_servlets,
|
||||
]
|
||||
|
||||
def default_config(self) -> Dict[str, Any]:
|
||||
|
@ -557,3 +559,20 @@ class MSC3861OAuthDelegation(HomeserverTestCase):
|
|||
self.expect_unrecognized(
|
||||
"POST", "/_matrix/client/v3/user/{USERNAME}/openid/request_token"
|
||||
)
|
||||
|
||||
def test_admin_api_endpoints_removed(self) -> None:
|
||||
"""Test that admin API endpoints that were removed in MSC2964 are no longer available."""
|
||||
self.expect_unrecognized("GET", "/_synapse/admin/v1/registration_tokens")
|
||||
self.expect_unrecognized("POST", "/_synapse/admin/v1/registration_tokens/new")
|
||||
self.expect_unrecognized("GET", "/_synapse/admin/v1/registration_tokens/abcd")
|
||||
self.expect_unrecognized("PUT", "/_synapse/admin/v1/registration_tokens/abcd")
|
||||
self.expect_unrecognized(
|
||||
"DELETE", "/_synapse/admin/v1/registration_tokens/abcd"
|
||||
)
|
||||
self.expect_unrecognized("POST", "/_synapse/admin/v1/reset_password/foo")
|
||||
self.expect_unrecognized("POST", "/_synapse/admin/v1/users/foo/login")
|
||||
self.expect_unrecognized("GET", "/_synapse/admin/v1/register")
|
||||
self.expect_unrecognized("POST", "/_synapse/admin/v1/register")
|
||||
self.expect_unrecognized("GET", "/_synapse/admin/v1/users/foo/admin")
|
||||
self.expect_unrecognized("PUT", "/_synapse/admin/v1/users/foo/admin")
|
||||
self.expect_unrecognized("POST", "/_synapse/admin/v1/account_validity/validity")
|
||||
|
|
Loading…
Reference in New Issue