def render_GET(self, request: Request) -> JsonDict: """ Look up an individual threepid. ** DEPRECATED ** Params: 'medium': the medium of the threepid 'address': the address of the threepid Returns: A signed association if the threepid has a corresponding mxid, otherwise the empty object. """ send_cors(request) args = get_args(request, ("medium", "address")) medium = args["medium"] address = args["address"] globalAssocStore = GlobalAssociationStore(self.sydent) sgassoc_raw = globalAssocStore.signedAssociationStringForThreepid( medium, address) if not sgassoc_raw: return {} # TODO validate this really is a dict sgassoc: JsonDict = json_decoder.decode(sgassoc_raw) if self.sydent.config.general.server_name not in sgassoc["signatures"]: # We have not yet worked out what the proper trust model should be. # # Maybe clients implicitly trust a server they talk to (and so we # should sign every assoc we return as ourselves, so they can # verify this). # # Maybe clients really want to know what server did the original # verification, and want to only know exactly who signed the assoc. # # Until we work out what we should do, sign all assocs we return as # ourself. This is vaguely ok because there actually is only one # identity server, but it happens to have two names (matrix.org and # vector.im), and so we're not really lying too much. # # We do this when we return assocs, not when we receive them over # replication, so that we can undo this decision in the future if # we wish, without having destroyed the raw underlying data. sgassoc = signedjson.sign.sign_json( sgassoc, self.sydent.config.general.server_name, self.sydent.keyring.ed25519, ) return sgassoc
def render_GET(self, request): """ Look up an individual threepid. Params: 'medium': the medium of the threepid 'address': the address of the threepid Returns: A signed association if the threepid has a corresponding mxid, otherwise the empty object. """ send_cors(request) err, args = get_args(request, ('medium', 'address')) if err: return json.dumps(err) medium = args['medium'] address = args['address'] globalAssocStore = GlobalAssociationStore(self.sydent) sgassoc = globalAssocStore.signedAssociationStringForThreepid(medium, address) if not sgassoc: return json.dumps({}) sgassoc = json.loads(sgassoc.encode('utf8')) if not self.sydent.server_name in sgassoc['signatures']: # We have not yet worked out what the proper trust model should be. # # Maybe clients implicitly trust a server they talk to (and so we # should sign every assoc we return as ourselves, so they can # verify this). # # Maybe clients really want to know what server did the original # verification, and want to only know exactly who signed the assoc. # # Until we work out what we should do, sign all assocs we return as # ourself. This is vaguely ok because there actually is only one # identity server, but it happens to have two names (matrix.org and # vector.im), and so we're not really lying too much. # # We do this when we return assocs, not when we receive them over # replication, so that we can undo this decision in the future if # we wish, without having destroyed the raw underlying data. sgassoc = signedjson.sign.sign_json( sgassoc, self.sydent.server_name, self.sydent.keyring.ed25519 ) return json.dumps(sgassoc)
def render_GET(self, request): """ Look up an individual threepid. Params: 'medium': the medium of the threepid 'address': the address of the threepid Returns: A signed association if the threepid has a corresponding mxid, otherwise the empty object. """ send_cors(request) err, args = get_args(request, ('medium', 'address')) if err: return json.dumps(err) medium = args['medium'] address = args['address'] globalAssocStore = GlobalAssociationStore(self.sydent) sgassoc = globalAssocStore.signedAssociationStringForThreepid( medium, address) if not sgassoc: return json.dumps({}) sgassoc = json.loads(sgassoc.encode('utf8')) if not self.sydent.server_name in sgassoc['signatures']: # We have not yet worked out what the proper trust model should be. # # Maybe clients implicitly trust a server they talk to (and so we # should sign every assoc we return as ourselves, so they can # verify this). # # Maybe clients really want to know what server did the original # verification, and want to only know exactly who signed the assoc. # # Until we work out what we should do, sign all assocs we return as # ourself. This is vaguely ok because there actually is only one # identity server, but it happens to have two names (matrix.org and # vector.im), and so we're not really lying too much. # # We do this when we return assocs, not when we receive them over # replication, so that we can undo this decision in the future if # we wish, without having destroyed the raw underlying data. sgassoc = signedjson.sign.sign_json(sgassoc, self.sydent.server_name, self.sydent.keyring.ed25519) return json.dumps(sgassoc)
def render_GET(self, request): send_cors(request) err = require_args(request, ('medium', 'address')) if err: return err medium = request.args['medium'][0] address = request.args['address'][0] globalAssocStore = GlobalAssociationStore(self.sydent) sgassoc = globalAssocStore.signedAssociationStringForThreepid(medium, address) if not sgassoc: return json.dumps({}) return sgassoc.encode('utf8')