mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/element-hq/dendrite.git synced 2025-09-13 21:02:25 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

mas: add AccountTypeOIDCService

Browse source
This commit is contained in:
Roman Isaev 2024-12-30 19:50:13 +00:00
parent be8d490e56
commit 524f65cb0c
No known key found for this signature in database
GPG key ID: 7BE2B6A6C89AEC7F
2 changed files with 4 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
setup/mscs/msc3861/msc3861_user_verifier.go
View file

@ -127,7 +127,7 @@ func (m *MSC3861UserVerifier) VerifyUserFromRequest(req *http.Request) (*api.Dev
// Do not record requests from MAS using the virtual `__oidc_admin` user. // Do not record requests from MAS using the virtual `__oidc_admin` user.
if token != m.cfg.AdminToken { if token != m.cfg.AdminToken {
// TODO: not sure which exact data we should record here. See the link for reference // XXX: not sure which exact data we should record here. See the link for reference
// https://github.com/element-hq/synapse/blob/develop/synapse/api/auth/base.py#L365 // https://github.com/element-hq/synapse/blob/develop/synapse/api/auth/base.py#L365
} }
@ -156,7 +156,6 @@ func (m *MSC3861UserVerifier) getUserByAccessToken(ctx context.Context, token st
// XXX: This is a temporary solution so that the admin API can be called by // XXX: This is a temporary solution so that the admin API can be called by
// the OIDC provider. This will be removed once we have OIDC client // the OIDC provider. This will be removed once we have OIDC client
// credentials grant support in matrix-authentication-service. // credentials grant support in matrix-authentication-service.
logger.Info("Admin token used")
// XXX: that user doesn't exist and won't be provisioned. // XXX: that user doesn't exist and won't be provisioned.
adminUser, err := createUserID("__oidc_admin", m.serverName) adminUser, err := createUserID("__oidc_admin", m.serverName)
if err != nil { if err != nil {
@ -165,7 +164,7 @@ func (m *MSC3861UserVerifier) getUserByAccessToken(ctx context.Context, token st
return &requester{ return &requester{
UserID: adminUser, UserID: adminUser,
Scope: []string{"urn:synapse:admin:*"}, Scope: []string{"urn:synapse:admin:*"},
Device: &api.Device{UserID: adminUser.Local(), AccountType: api.AccountTypeAdmin}, Device: &api.Device{UserID: adminUser.Local(), AccountType: api.AccountTypeOIDCService},
}, nil }, nil
} }

2
userapi/api/api.go
View file

@ -529,6 +529,8 @@ const (
AccountTypeAdmin AccountType = 3 AccountTypeAdmin AccountType = 3
// AccountTypeAppService indicates this is an appservice account // AccountTypeAppService indicates this is an appservice account
AccountTypeAppService AccountType = 4 AccountTypeAppService AccountType = 4
// AccountTypeOIDC indicates this is an account belonging to Matrix Authentication Service (MAS)
AccountTypeOIDCService AccountType = 5
) )
type QueryPushersRequest struct { type QueryPushersRequest struct {