Working unsubscribe links going straight to the HS

and authed by macaroons that let you delete pushers and nothing else
This commit is contained in:
David Baker 2016-06-02 17:21:31 +01:00
parent c71177f285
commit 1f31cc37f8
4 changed files with 36 additions and 6 deletions

View File

@ -660,6 +660,13 @@ class Auth(object):
"is_guest": True, "is_guest": True,
"token_id": None, "token_id": None,
} }
elif rights == "delete_pusher":
# We don't store these tokens in the database
ret = {
"user": user,
"is_guest": False,
"token_id": None,
}
else: else:
# This codepath exists so that we can actually return a # This codepath exists so that we can actually return a
# token ID, because we use token IDs in place of device # token ID, because we use token IDs in place of device

View File

@ -21,6 +21,7 @@ from synapse.config._base import ConfigError
from synapse.config.database import DatabaseConfig from synapse.config.database import DatabaseConfig
from synapse.config.logger import LoggingConfig from synapse.config.logger import LoggingConfig
from synapse.config.emailconfig import EmailConfig from synapse.config.emailconfig import EmailConfig
from synapse.config.key import KeyConfig
from synapse.http.site import SynapseSite from synapse.http.site import SynapseSite
from synapse.metrics.resource import MetricsResource, METRICS_PREFIX from synapse.metrics.resource import MetricsResource, METRICS_PREFIX
from synapse.storage.roommember import RoomMemberStore from synapse.storage.roommember import RoomMemberStore
@ -63,6 +64,26 @@ class SlaveConfig(DatabaseConfig):
self.pid_file = self.abspath(config.get("pid_file")) self.pid_file = self.abspath(config.get("pid_file"))
self.public_baseurl = config["public_baseurl"] self.public_baseurl = config["public_baseurl"]
# some things used by the auth handler but not actually used in the
# pusher codebase
self.bcrypt_rounds = None
self.ldap_enabled = None
self.ldap_server = None
self.ldap_port = None
self.ldap_tls = None
self.ldap_search_base = None
self.ldap_search_property = None
self.ldap_email_property = None
self.ldap_full_name_property = None
# We would otherwise try to use the registration shared secret as the
# macaroon shared secret if there was no macaroon_shared_secret, but
# that means pulling in RegistrationConfig too. We don't need to be
# backwards compaitible in the pusher codebase so just make people set
# macaroon_shared_secret. We set this to None to prevent it referencing
# an undefined key.
self.registration_shared_secret = None
def default_config(self, server_name, **kwargs): def default_config(self, server_name, **kwargs):
pid_file = self.abspath("pusher.pid") pid_file = self.abspath("pusher.pid")
return """\ return """\
@ -95,7 +116,7 @@ class SlaveConfig(DatabaseConfig):
""" % locals() """ % locals()
class PusherSlaveConfig(SlaveConfig, LoggingConfig, EmailConfig): class PusherSlaveConfig(SlaveConfig, LoggingConfig, EmailConfig, KeyConfig):
pass pass

View File

@ -81,7 +81,7 @@ class Mailer(object):
def __init__(self, hs, app_name): def __init__(self, hs, app_name):
self.hs = hs self.hs = hs
self.store = self.hs.get_datastore() self.store = self.hs.get_datastore()
self.handlers = self.hs.get_handlers() self.auth_handler = self.hs.get_auth_handler()
self.state_handler = self.hs.get_state_handler() self.state_handler = self.hs.get_state_handler()
loader = jinja2.FileSystemLoader(self.hs.config.email_template_dir) loader = jinja2.FileSystemLoader(self.hs.config.email_template_dir)
self.app_name = app_name self.app_name = app_name
@ -161,7 +161,7 @@ class Mailer(object):
template_vars = { template_vars = {
"user_display_name": user_display_name, "user_display_name": user_display_name,
"unsubscribe_link": self.make_unsubscribe_link(app_id, email_address), "unsubscribe_link": self.make_unsubscribe_link(user_id, app_id, email_address),
"summary_text": summary_text, "summary_text": summary_text,
"app_name": self.app_name, "app_name": self.app_name,
"rooms": rooms, "rooms": rooms,
@ -427,9 +427,9 @@ class Mailer(object):
notif['room_id'], notif['event_id'] notif['room_id'], notif['event_id']
) )
def make_unsubscribe_link(self, app_id, email_address): def make_unsubscribe_link(self, user_id, app_id, email_address):
params = { params = {
"access_token": self.handlers.auth.generate_delete_pusher_token(), "access_token": self.auth_handler.generate_delete_pusher_token(user_id),
"app_id": app_id, "app_id": app_id,
"pushkey": email_address, "pushkey": email_address,
} }

View File

@ -149,11 +149,13 @@ class PushersRemoveRestServlet(RestServlet):
def __init__(self, hs): def __init__(self, hs):
super(RestServlet, self).__init__() super(RestServlet, self).__init__()
self.hs = hs
self.notifier = hs.get_notifier() self.notifier = hs.get_notifier()
self.auth = hs.get_v1auth()
@defer.inlineCallbacks @defer.inlineCallbacks
def on_GET(self, request): def on_GET(self, request):
requester = yield self.auth.get_user_by_req(request, "delete_pusher") requester = yield self.auth.get_user_by_req(request, rights="delete_pusher")
user = requester.user user = requester.user
app_id = parse_string(request, "app_id", required=True) app_id = parse_string(request, "app_id", required=True)