Make the device id on e2e key upload optional

We should now be able to get our device_id from the access_token, so the device_id on the upload request is optional. Where it is supplied, we should check that it matches. For active access_tokens without an associated device_id, we ought to register the device in the devices table. Also update the table on upgrade so that all of the existing e2e keys are associated with real devices.
2024-07-15 07:04:06 +00:00 · 2016-07-26 23:38:12 +01:00 · 2016-07-26 23:38:12 +01:00 · 2e3d90d67c
parent 2452611d0f
commit 2e3d90d67c
2 changed files with 54 additions and 12 deletions
--- a/synapse/rest/client/v2_alpha/keys.py
+++ b/synapse/rest/client/v2_alpha/keys.py
@ -19,6 +19,9 @@ import simplejson as json
 from canonicaljson import encode_canonical_json
 from twisted.internet import defer

+import synapse.api.errors
+import synapse.server
+import synapse.types
 from synapse.http.servlet import RestServlet, parse_json_object_from_request
 from synapse.types import UserID
 from ._base import client_v2_patterns
@ -28,7 +31,7 @@ logger = logging.getLogger(__name__)

 class KeyUploadServlet(RestServlet):
    """
-    POST /keys/upload/<device_id> HTTP/1.1
+    POST /keys/upload HTTP/1.1
    Content-Type: application/json

    {
@ -51,23 +54,51 @@ class KeyUploadServlet(RestServlet):
      },
    }
    """
-    PATTERNS = client_v2_patterns("/keys/upload/(?P<device_id>[^/]*)", releases=())
+    PATTERNS = client_v2_patterns("/keys/upload(/(?P<device_id>[^/]+))?$",
+                                  releases=(), v2_alpha=False)

    def __init__(self, hs):
+        """
+        Args:
+            hs (synapse.server.HomeServer): server
+        """
        super(KeyUploadServlet, self).__init__()
        self.store = hs.get_datastore()
        self.clock = hs.get_clock()
        self.auth = hs.get_auth()
+        self.device_handler = hs.get_device_handler()

    @defer.inlineCallbacks
    def on_POST(self, request, device_id):
        requester = yield self.auth.get_user_by_req(request)
+
        user_id = requester.user.to_string()
-        # TODO: Check that the device_id matches that in the authentication
-        # or derive the device_id from the authentication instead.

        body = parse_json_object_from_request(request)

+        if device_id is not None:
+            # passing the device_id here is deprecated; however, we allow it
+            # for now for compatibility with older clients. But if a device_id
+            # was given here and in the auth, they must match.
+
+            if (requester.device_id is not None and
+                    device_id != requester.device_id):
+                raise synapse.api.errors.SynapseError(
+                    400, "Can only upload keys for current device"
+                )
+
+            self.device_handler.check_device_registered(
+                user_id, device_id, "unknown device"
+            )
+        else:
+            device_id = requester.device_id
+
+        if device_id is None:
+            raise synapse.api.errors.SynapseError(
+                400,
+                "To upload keys, you must pass device_id when authenticating"
+            )
+
        time_now = self.clock.time_msec()

        # TODO: Validate the JSON to make sure it has the right keys.
@ -103,14 +134,6 @@ class KeyUploadServlet(RestServlet):
        result = yield self.store.count_e2e_one_time_keys(user_id, device_id)
        defer.returnValue((200, {"one_time_key_counts": result}))

-    @defer.inlineCallbacks
-    def on_GET(self, request, device_id):
-        requester = yield self.auth.get_user_by_req(request)
-        user_id = requester.user.to_string()
-
-        result = yield self.store.count_e2e_one_time_keys(user_id, device_id)
-        defer.returnValue((200, {"one_time_key_counts": result}))
-

 class KeyQueryServlet(RestServlet):
    """
--- a/synapse/storage/schema/delta/33/devices_for_e2e_keys.sql
+++ b/synapse/storage/schema/delta/33/devices_for_e2e_keys.sql
@ -0,0 +1,19 @@
+/* Copyright 2016 OpenMarket Ltd
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+-- make sure that we have a device record for each set of E2E keys, so that the
+-- user can delete them if they like.
+INSERT INTO devices
+    SELECT user_id, device_id, "unknown device" FROM e2e_device_keys_json;