def render_POST(self, request):
"""
Mark a set of terms and conditions as having been agreed to
"""
send_cors(request)
account = authIfV2(self.sydent, request, False)
args = get_args(request, ("user_accepts",))
user_accepts = args["user_accepts"]
terms = get_terms(self.sydent)
unknown_urls = list(set(user_accepts) - terms.getUrlSet())
if len(unknown_urls) > 0:
return {
"errcode": "M_UNKNOWN",
"error": "Unrecognised URLs: %s" % (', '.join(unknown_urls),),
}
termsStore = TermsStore(self.sydent)
termsStore.addAgreedUrls(account.userId, user_accepts)
all_accepted_urls = termsStore.getAgreedUrls(account.userId)
if terms.urlListIsSufficient(all_accepted_urls):
accountStore = AccountStore(self.sydent)
accountStore.setConsentVersion(account.userId, terms.getMasterVersion())
return {}
def authV2(
sydent: "Sydent",
request: Request,
requireTermsAgreed: bool = True,
) -> "Account":
"""For v2 APIs check that the request has a valid access token associated with it
:param sydent: The Sydent instance to use.
:param request: The request to look for an access token in.
:param requireTermsAgreed: Whether to deny authentication if the user hasn't accepted
the terms of service.
:returns Account: The account object if there is correct auth
:raises MatrixRestError: If the request is v2 but could not be authed or the user has
not accepted terms.
"""
token = tokenFromRequest(request)
if token is None:
raise MatrixRestError(401, "M_UNAUTHORIZED", "Unauthorized")
accountStore = AccountStore(sydent)
account = accountStore.getAccountByToken(token)
if account is None:
raise MatrixRestError(401, "M_UNAUTHORIZED", "Unauthorized")
if requireTermsAgreed:
terms = get_terms(sydent)
if (terms.getMasterVersion() is not None
and account.consentVersion != terms.getMasterVersion()):
raise MatrixRestError(403, "M_TERMS_NOT_SIGNED",
"Terms not signed")
return account
def authIfV2(sydent, request, requireTermsAgreed=True):
"""For v2 APIs check that the request has a valid access token associated with it
:returns Account|None: The account object if there is correct auth, or None for v1 APIs
:raises MatrixRestError: If the request is v2 but could not be authed or the user has not accepted terms
"""
if request.path.startswith('/_matrix/identity/v2'):
token = tokenFromRequest(request)
if token is None:
raise MatrixRestError(401, "M_UNAUTHORIZED", "Unauthorized")
accountStore = AccountStore(sydent)
account = accountStore.getAccountByToken(token)
if account is None:
raise MatrixRestError(401, "M_UNAUTHORIZED", "Unauthorized")
if requireTermsAgreed:
terms = get_terms(sydent)
if (terms.getMasterVersion() is not None
and account.consentVersion != terms.getMasterVersion()):
raise MatrixRestError(403, "M_TERMS_NOT_SIGNED",
"Terms not signed")
return account
return None
def render_POST(self, request):
"""
Invalidate the given access token
"""
send_cors(request)
authIfV2(self.sydent, request, False)
token = tokenFromRequest(request)
accountStore = AccountStore(self.sydent)
accountStore.delToken(token)
return {}
def render_POST(self, request: Request) -> JsonDict:
"""
Invalidate the given access token
"""
send_cors(request)
authV2(self.sydent, request, False)
token = tokenFromRequest(request)
if token is None:
raise MatrixRestError(400, "M_MISSING_PARAMS", "Missing token")
accountStore = AccountStore(self.sydent)
accountStore.delToken(token)
return {}
def issueToken(sydent, user_id):
accountStore = AccountStore(sydent)
accountStore.storeAccount(user_id, int(time.time() * 1000), None)
new_token = generateAlphanumericTokenOfLength(64)
accountStore.addToken(user_id, new_token)
return new_token
def authIfV2(sydent, request, requireTermsAgreed=True):
"""For v2 APIs check that the request has a valid access token associated with it
:param sydent: The Sydent instance to use.
:type sydent: sydent.sydent.Sydent
:param request: The request to look for an access token in.
:type request: twisted.web.server.Request
:param requireTermsAgreed: Whether to deny authentication if the user hasn't accepted
the terms of service.
:returns Account|None: The account object if there is correct auth, or None for v1
APIs.
:raises MatrixRestError: If the request is v2 but could not be authed or the user has
not accepted terms.
"""
if request.path.startswith(b'/_matrix/identity/v2'):
token = tokenFromRequest(request)
if token is None:
raise MatrixRestError(401, "M_UNAUTHORIZED", "Unauthorized")
accountStore = AccountStore(sydent)
account = accountStore.getAccountByToken(token)
if account is None:
raise MatrixRestError(401, "M_UNAUTHORIZED", "Unauthorized")
if requireTermsAgreed:
terms = get_terms(sydent)
if (
terms.getMasterVersion() is not None and
account.consentVersion != terms.getMasterVersion()
):
raise MatrixRestError(403, "M_TERMS_NOT_SIGNED", "Terms not signed")
return account
return None
def issueToken(sydent: "Sydent", user_id: str) -> str:
"""
Creates an account for the given Matrix user ID, then generates, saves and returns
an access token for that account.
:param sydent: The Sydent instance to use for storing the token.
:param user_id: The Matrix user ID to issue a token for.
:return: The access token for that account.
"""
accountStore = AccountStore(sydent)
accountStore.storeAccount(user_id, int(time.time() * 1000), None)
new_token = generateAlphanumericTokenOfLength(64)
accountStore.addToken(user_id, new_token)
return new_token