gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23156 Commits
842 Branches
303 MiB
 
 
 
 
 
 
Tree: 12611bfcdd
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '12611bfcdd'
${ noResults }
synapse/synapse/rest/client/devices.py

576 lines
18 KiB
Raw Blame History 

  1. # Copyright 2015, 2016 OpenMarket Ltd

  2. # Copyright 2020 The Matrix.org Foundation C.I.C.

  3. #

  4. # Licensed under the Apache License, Version 2.0 (the "License");

  5. # you may not use this file except in compliance with the License.

  6. # You may obtain a copy of the License at

  7. #

  8. #     http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. # Unless required by applicable law or agreed to in writing, software

  11. # distributed under the License is distributed on an "AS IS" BASIS,

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. # See the License for the specific language governing permissions and

  14. # limitations under the License.

  15. 

  16. import logging

  17. from http import HTTPStatus

  18. from typing import TYPE_CHECKING, List, Optional, Tuple

  19. 

  20. from synapse._pydantic_compat import HAS_PYDANTIC_V2

  21. 

  22. if TYPE_CHECKING or HAS_PYDANTIC_V2:

  23.     from pydantic.v1 import Extra, StrictStr

  24. else:

  25.     from pydantic import Extra, StrictStr

  26. 

  27. from synapse.api import errors

  28. from synapse.api.errors import NotFoundError, SynapseError, UnrecognizedRequestError

  29. from synapse.handlers.device import DeviceHandler

  30. from synapse.http.server import HttpServer

  31. from synapse.http.servlet import (

  32.     RestServlet,

  33.     parse_and_validate_json_object_from_request,

  34.     parse_integer,

  35. )

  36. from synapse.http.site import SynapseRequest

  37. from synapse.rest.client._base import client_patterns, interactive_auth_handler

  38. from synapse.rest.client.models import AuthenticationData

  39. from synapse.rest.models import RequestBodyModel

  40. from synapse.types import JsonDict

  41. 

  42. if TYPE_CHECKING:

  43.     from synapse.server import HomeServer

  44. 

  45. logger = logging.getLogger(__name__)

  46. 

  47. 

  48. class DevicesRestServlet(RestServlet):

  49.     PATTERNS = client_patterns("/devices$")

  50.     CATEGORY = "Client API requests"

  51. 

  52.     def __init__(self, hs: "HomeServer"):

  53.         super().__init__()

  54.         self.hs = hs

  55.         self.auth = hs.get_auth()

  56.         self.device_handler = hs.get_device_handler()

  57.         self._msc3852_enabled = hs.config.experimental.msc3852_enabled

  58. 

  59.     async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  60.         requester = await self.auth.get_user_by_req(request, allow_guest=True)

  61.         devices = await self.device_handler.get_devices_by_user(

  62.             requester.user.to_string()

  63.         )

  64. 

  65.         # If MSC3852 is disabled, then the "last_seen_user_agent" field will be

  66.         # removed from each device. If it is enabled, then the field name will

  67.         # be replaced by the unstable identifier.

  68.         #

  69.         # When MSC3852 is accepted, this block of code can just be removed to

  70.         # expose "last_seen_user_agent" to clients.

  71.         for device in devices:

  72.             last_seen_user_agent = device["last_seen_user_agent"]

  73.             del device["last_seen_user_agent"]

  74.             if self._msc3852_enabled:

  75.                 device["org.matrix.msc3852.last_seen_user_agent"] = last_seen_user_agent

  76. 

  77.         return 200, {"devices": devices}

  78. 

  79. 

  80. class DeleteDevicesRestServlet(RestServlet):

  81.     """

  82.     API for bulk deletion of devices. Accepts a JSON object with a devices

  83.     key which lists the device_ids to delete. Requires user interactive auth.

  84.     """

  85. 

  86.     PATTERNS = client_patterns("/delete_devices")

  87. 

  88.     def __init__(self, hs: "HomeServer"):

  89.         super().__init__()

  90.         self.hs = hs

  91.         self.auth = hs.get_auth()

  92.         handler = hs.get_device_handler()

  93.         assert isinstance(handler, DeviceHandler)

  94.         self.device_handler = handler

  95.         self.auth_handler = hs.get_auth_handler()

  96. 

  97.     class PostBody(RequestBodyModel):

  98.         auth: Optional[AuthenticationData]

  99.         devices: List[StrictStr]

  100. 

  101.     @interactive_auth_handler

  102.     async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  103.         requester = await self.auth.get_user_by_req(request)

  104. 

  105.         try:

  106.             body = parse_and_validate_json_object_from_request(request, self.PostBody)

  107.         except errors.SynapseError as e:

  108.             if e.errcode == errors.Codes.NOT_JSON:

  109.                 # TODO: Can/should we remove this fallback now?

  110.                 # deal with older clients which didn't pass a JSON dict

  111.                 # the same as those that pass an empty dict

  112.                 body = self.PostBody.parse_obj({})

  113.             else:

  114.                 raise e

  115. 

  116.         await self.auth_handler.validate_user_via_ui_auth(

  117.             requester,

  118.             request,

  119.             body.dict(exclude_unset=True),

  120.             "remove device(s) from your account",

  121.             # Users might call this multiple times in a row while cleaning up

  122.             # devices, allow a single UI auth session to be re-used.

  123.             can_skip_ui_auth=True,

  124.         )

  125. 

  126.         await self.device_handler.delete_devices(

  127.             requester.user.to_string(), body.devices

  128.         )

  129.         return 200, {}

  130. 

  131. 

  132. class DeviceRestServlet(RestServlet):

  133.     PATTERNS = client_patterns("/devices/(?P<device_id>[^/]*)$")

  134.     CATEGORY = "Client API requests"

  135. 

  136.     def __init__(self, hs: "HomeServer"):

  137.         super().__init__()

  138.         self.hs = hs

  139.         self.auth = hs.get_auth()

  140.         handler = hs.get_device_handler()

  141.         assert isinstance(handler, DeviceHandler)

  142.         self.device_handler = handler

  143.         self.auth_handler = hs.get_auth_handler()

  144.         self._msc3852_enabled = hs.config.experimental.msc3852_enabled

  145.         self._msc3861_oauth_delegation_enabled = hs.config.experimental.msc3861.enabled

  146. 

  147.     async def on_GET(

  148.         self, request: SynapseRequest, device_id: str

  149.     ) -> Tuple[int, JsonDict]:

  150.         requester = await self.auth.get_user_by_req(request, allow_guest=True)

  151.         device = await self.device_handler.get_device(

  152.             requester.user.to_string(), device_id

  153.         )

  154.         if device is None:

  155.             raise NotFoundError("No device found")

  156. 

  157.         # If MSC3852 is disabled, then the "last_seen_user_agent" field will be

  158.         # removed from each device. If it is enabled, then the field name will

  159.         # be replaced by the unstable identifier.

  160.         #

  161.         # When MSC3852 is accepted, this block of code can just be removed to

  162.         # expose "last_seen_user_agent" to clients.

  163.         last_seen_user_agent = device["last_seen_user_agent"]

  164.         del device["last_seen_user_agent"]

  165.         if self._msc3852_enabled:

  166.             device["org.matrix.msc3852.last_seen_user_agent"] = last_seen_user_agent

  167. 

  168.         return 200, device

  169. 

  170.     class DeleteBody(RequestBodyModel):

  171.         auth: Optional[AuthenticationData]

  172. 

  173.     @interactive_auth_handler

  174.     async def on_DELETE(

  175.         self, request: SynapseRequest, device_id: str

  176.     ) -> Tuple[int, JsonDict]:

  177.         if self._msc3861_oauth_delegation_enabled:

  178.             raise UnrecognizedRequestError(code=404)

  179. 

  180.         requester = await self.auth.get_user_by_req(request)

  181. 

  182.         try:

  183.             body = parse_and_validate_json_object_from_request(request, self.DeleteBody)

  184. 

  185.         except errors.SynapseError as e:

  186.             if e.errcode == errors.Codes.NOT_JSON:

  187.                 # TODO: can/should we remove this fallback now?

  188.                 # deal with older clients which didn't pass a JSON dict

  189.                 # the same as those that pass an empty dict

  190.                 body = self.DeleteBody.parse_obj({})

  191.             else:

  192.                 raise

  193. 

  194.         await self.auth_handler.validate_user_via_ui_auth(

  195.             requester,

  196.             request,

  197.             body.dict(exclude_unset=True),

  198.             "remove a device from your account",

  199.             # Users might call this multiple times in a row while cleaning up

  200.             # devices, allow a single UI auth session to be re-used.

  201.             can_skip_ui_auth=True,

  202.         )

  203. 

  204.         await self.device_handler.delete_devices(

  205.             requester.user.to_string(), [device_id]

  206.         )

  207.         return 200, {}

  208. 

  209.     class PutBody(RequestBodyModel):

  210.         display_name: Optional[StrictStr]

  211. 

  212.     async def on_PUT(

  213.         self, request: SynapseRequest, device_id: str

  214.     ) -> Tuple[int, JsonDict]:

  215.         requester = await self.auth.get_user_by_req(request, allow_guest=True)

  216. 

  217.         body = parse_and_validate_json_object_from_request(request, self.PutBody)

  218.         await self.device_handler.update_device(

  219.             requester.user.to_string(), device_id, body.dict()

  220.         )

  221.         return 200, {}

  222. 

  223. 

  224. class DehydratedDeviceDataModel(RequestBodyModel):

  225.     """JSON blob describing a dehydrated device to be stored.

  226. 

  227.     Expects other freeform fields. Use .dict() to access them.

  228.     """

  229. 

  230.     class Config:

  231.         extra = Extra.allow

  232. 

  233.     algorithm: StrictStr

  234. 

  235. 

  236. class DehydratedDeviceServlet(RestServlet):

  237.     """Retrieve or store a dehydrated device.

  238. 

  239.     Implements MSC2697.

  240. 

  241.     GET /org.matrix.msc2697.v2/dehydrated_device

  242. 

  243.     HTTP/1.1 200 OK

  244.     Content-Type: application/json

  245. 

  246.     {

  247.       "device_id": "dehydrated_device_id",

  248.       "device_data": {

  249.         "algorithm": "org.matrix.msc2697.v1.dehydration.v1.olm",

  250.         "account": "dehydrated_device"

  251.       }

  252.     }

  253. 

  254.     PUT /org.matrix.msc2697.v2/dehydrated_device

  255.     Content-Type: application/json

  256. 

  257.     {

  258.       "device_data": {

  259.         "algorithm": "org.matrix.msc2697.v1.dehydration.v1.olm",

  260.         "account": "dehydrated_device"

  261.       }

  262.     }

  263. 

  264.     HTTP/1.1 200 OK

  265.     Content-Type: application/json

  266. 

  267.     {

  268.       "device_id": "dehydrated_device_id"

  269.     }

  270. 

  271.     """

  272. 

  273.     PATTERNS = client_patterns(

  274.         "/org.matrix.msc2697.v2/dehydrated_device$",

  275.         releases=(),

  276.     )

  277. 

  278.     def __init__(self, hs: "HomeServer"):

  279.         super().__init__()

  280.         self.hs = hs

  281.         self.auth = hs.get_auth()

  282.         handler = hs.get_device_handler()

  283.         assert isinstance(handler, DeviceHandler)

  284.         self.device_handler = handler

  285. 

  286.     async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  287.         requester = await self.auth.get_user_by_req(request)

  288.         dehydrated_device = await self.device_handler.get_dehydrated_device(

  289.             requester.user.to_string()

  290.         )

  291.         if dehydrated_device is not None:

  292.             (device_id, device_data) = dehydrated_device

  293.             result = {"device_id": device_id, "device_data": device_data}

  294.             return 200, result

  295.         else:

  296.             raise errors.NotFoundError("No dehydrated device available")

  297. 

  298.     class PutBody(RequestBodyModel):

  299.         device_data: DehydratedDeviceDataModel

  300.         initial_device_display_name: Optional[StrictStr]

  301. 

  302.     async def on_PUT(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  303.         submission = parse_and_validate_json_object_from_request(request, self.PutBody)

  304.         requester = await self.auth.get_user_by_req(request)

  305. 

  306.         device_id = await self.device_handler.store_dehydrated_device(

  307.             requester.user.to_string(),

  308.             None,

  309.             submission.device_data.dict(),

  310.             submission.initial_device_display_name,

  311.         )

  312.         return 200, {"device_id": device_id}

  313. 

  314. 

  315. class ClaimDehydratedDeviceServlet(RestServlet):

  316.     """Claim a dehydrated device.

  317. 

  318.     POST /org.matrix.msc2697.v2/dehydrated_device/claim

  319.     Content-Type: application/json

  320. 

  321.     {

  322.       "device_id": "dehydrated_device_id"

  323.     }

  324. 

  325.     HTTP/1.1 200 OK

  326.     Content-Type: application/json

  327. 

  328.     {

  329.       "success": true,

  330.     }

  331. 

  332.     """

  333. 

  334.     PATTERNS = client_patterns(

  335.         "/org.matrix.msc2697.v2/dehydrated_device/claim", releases=()

  336.     )

  337. 

  338.     def __init__(self, hs: "HomeServer"):

  339.         super().__init__()

  340.         self.hs = hs

  341.         self.auth = hs.get_auth()

  342.         handler = hs.get_device_handler()

  343.         assert isinstance(handler, DeviceHandler)

  344.         self.device_handler = handler

  345. 

  346.     class PostBody(RequestBodyModel):

  347.         device_id: StrictStr

  348. 

  349.     async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  350.         requester = await self.auth.get_user_by_req(request)

  351. 

  352.         submission = parse_and_validate_json_object_from_request(request, self.PostBody)

  353. 

  354.         result = await self.device_handler.rehydrate_device(

  355.             requester.user.to_string(),

  356.             self.auth.get_access_token_from_request(request),

  357.             submission.device_id,

  358.         )

  359. 

  360.         return 200, result

  361. 

  362. 

  363. class DehydratedDeviceEventsServlet(RestServlet):

  364.     PATTERNS = client_patterns(

  365.         "/org.matrix.msc3814.v1/dehydrated_device/(?P<device_id>[^/]*)/events$",

  366.         releases=(),

  367.     )

  368. 

  369.     def __init__(self, hs: "HomeServer"):

  370.         super().__init__()

  371.         self.message_handler = hs.get_device_message_handler()

  372.         self.auth = hs.get_auth()

  373.         self.store = hs.get_datastores().main

  374. 

  375.     class PostBody(RequestBodyModel):

  376.         next_batch: Optional[StrictStr]

  377. 

  378.     async def on_POST(

  379.         self, request: SynapseRequest, device_id: str

  380.     ) -> Tuple[int, JsonDict]:

  381.         requester = await self.auth.get_user_by_req(request)

  382. 

  383.         next_batch = parse_and_validate_json_object_from_request(

  384.             request, self.PostBody

  385.         ).next_batch

  386.         limit = parse_integer(request, "limit", 100)

  387. 

  388.         msgs = await self.message_handler.get_events_for_dehydrated_device(

  389.             requester=requester,

  390.             device_id=device_id,

  391.             since_token=next_batch,

  392.             limit=limit,

  393.         )

  394. 

  395.         return 200, msgs

  396. 

  397. 

  398. class DehydratedDeviceV2Servlet(RestServlet):

  399.     """Upload, retrieve, or delete a dehydrated device.

  400. 

  401.     GET /org.matrix.msc3814.v1/dehydrated_device

  402. 

  403.     HTTP/1.1 200 OK

  404.     Content-Type: application/json

  405. 

  406.     {

  407.       "device_id": "dehydrated_device_id",

  408.       "device_data": {

  409.         "algorithm": "org.matrix.msc2697.v1.dehydration.v1.olm",

  410.         "account": "dehydrated_device"

  411.       }

  412.     }

  413. 

  414.     PUT /org.matrix.msc3814.v1/dehydrated_device

  415.     Content-Type: application/json

  416. 

  417.     {

  418.         "device_id": "dehydrated_device_id",

  419.         "device_data": {

  420.             "algorithm": "org.matrix.msc2697.v1.dehydration.v1.olm",

  421.             "account": "dehydrated_device"

  422.         },

  423.         "device_keys": {

  424.             "user_id": "<user_id>",

  425.             "device_id": "<device_id>",

  426.             "valid_until_ts": <millisecond_timestamp>,

  427.             "algorithms": [

  428.                 "m.olm.curve25519-aes-sha2",

  429.             ]

  430.             "keys": {

  431.                 "<algorithm>:<device_id>": "<key_base64>",

  432.             },

  433.             "signatures:" {

  434.                 "<user_id>" {

  435.                     "<algorithm>:<device_id>": "<signature_base64>"

  436.                 }

  437.             }

  438.         },

  439.         "fallback_keys": {

  440.             "<algorithm>:<device_id>": "<key_base64>",

  441.             "signed_<algorithm>:<device_id>": {

  442.                 "fallback": true,

  443.                 "key": "<key_base64>",

  444.                 "signatures": {

  445.                     "<user_id>": {

  446.                         "<algorithm>:<device_id>": "<key_base64>"

  447.                     }

  448.                 }

  449.             }

  450.         }

  451.         "one_time_keys": {

  452.             "<algorithm>:<key_id>": "<key_base64>"

  453.         },

  454. 

  455.     }

  456. 

  457.     HTTP/1.1 200 OK

  458.     Content-Type: application/json

  459. 

  460.     {

  461.       "device_id": "dehydrated_device_id"

  462.     }

  463. 

  464.     DELETE /org.matrix.msc3814.v1/dehydrated_device

  465. 

  466.     HTTP/1.1 200 OK

  467.     Content-Type: application/json

  468. 

  469.     {

  470.       "device_id": "dehydrated_device_id",

  471.     }

  472.     """

  473. 

  474.     PATTERNS = [

  475.         *client_patterns("/org.matrix.msc3814.v1/dehydrated_device$", releases=()),

  476.     ]

  477. 

  478.     def __init__(self, hs: "HomeServer"):

  479.         super().__init__()

  480.         self.hs = hs

  481.         self.auth = hs.get_auth()

  482.         handler = hs.get_device_handler()

  483.         assert isinstance(handler, DeviceHandler)

  484.         self.e2e_keys_handler = hs.get_e2e_keys_handler()

  485.         self.device_handler = handler

  486. 

  487.     async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  488.         requester = await self.auth.get_user_by_req(request)

  489. 

  490.         dehydrated_device = await self.device_handler.get_dehydrated_device(

  491.             requester.user.to_string()

  492.         )

  493. 

  494.         if dehydrated_device is not None:

  495.             (device_id, device_data) = dehydrated_device

  496.             result = {"device_id": device_id, "device_data": device_data}

  497.             return 200, result

  498.         else:

  499.             raise errors.NotFoundError("No dehydrated device available")

  500. 

  501.     async def on_DELETE(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  502.         requester = await self.auth.get_user_by_req(request)

  503. 

  504.         dehydrated_device = await self.device_handler.get_dehydrated_device(

  505.             requester.user.to_string()

  506.         )

  507. 

  508.         if dehydrated_device is not None:

  509.             (device_id, device_data) = dehydrated_device

  510. 

  511.             await self.device_handler.delete_dehydrated_device(

  512.                 requester.user.to_string(), device_id

  513.             )

  514. 

  515.             result = {"device_id": device_id}

  516. 

  517.             return 200, result

  518.         else:

  519.             raise errors.NotFoundError("No dehydrated device available")

  520. 

  521.     class PutBody(RequestBodyModel):

  522.         device_data: DehydratedDeviceDataModel

  523.         device_id: StrictStr

  524.         initial_device_display_name: Optional[StrictStr]

  525. 

  526.         class Config:

  527.             extra = Extra.allow

  528. 

  529.     async def on_PUT(self, request: SynapseRequest) -> Tuple[int, JsonDict]:

  530.         submission = parse_and_validate_json_object_from_request(request, self.PutBody)

  531.         requester = await self.auth.get_user_by_req(request)

  532.         user_id = requester.user.to_string()

  533. 

  534.         old_dehydrated_device = await self.device_handler.get_dehydrated_device(user_id)

  535. 

  536.         # if an old device exists, delete it before creating a new one

  537.         if old_dehydrated_device:

  538.             await self.device_handler.delete_dehydrated_device(

  539.                 user_id, old_dehydrated_device[0]

  540.             )

  541. 

  542.         device_info = submission.dict()

  543.         if "device_keys" not in device_info.keys():

  544.             raise SynapseError(

  545.                 HTTPStatus.BAD_REQUEST,

  546.                 "Device key(s) not found, these must be provided.",

  547.             )

  548. 

  549.         device_id = await self.device_handler.store_dehydrated_device(

  550.             requester.user.to_string(),

  551.             submission.device_id,

  552.             submission.device_data.dict(),

  553.             submission.initial_device_display_name,

  554.             device_info,

  555.         )

  556. 

  557.         return 200, {"device_id": device_id}

  558. 

  559. 

  560. def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:

  561.     if (

  562.         hs.config.worker.worker_app is None

  563.         and not hs.config.experimental.msc3861.enabled

  564.     ):

  565.         DeleteDevicesRestServlet(hs).register(http_server)

  566.     DevicesRestServlet(hs).register(http_server)

  567. 

  568.     if hs.config.worker.worker_app is None:

  569.         DeviceRestServlet(hs).register(http_server)

  570.         if hs.config.experimental.msc2697_enabled:

  571.             DehydratedDeviceServlet(hs).register(http_server)

  572.             ClaimDehydratedDeviceServlet(hs).register(http_server)

  573.         if hs.config.experimental.msc3814_enabled:

  574.             DehydratedDeviceV2Servlet(hs).register(http_server)

  575.             DehydratedDeviceEventsServlet(hs).register(http_server)