matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-11-21 23:00:50 +03:00
Code Activity

Add a admin flag to the compatibility session

Browse Source 
Also adds a CLI tool to issue a compatibility token.
This commit is contained in:
Quentin Gliech
2023-06-16 14:30:40 +02:00
parent 08d9b0b886
commit 2a514cf452
13 changed files with 185 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
crates/handlers/src/oauth2/introspection.rs
View File

@@ -120,6 +120,7 @@ const INACTIVE: IntrospectionResponse = IntrospectionResponse {
};
const API_SCOPE: ScopeToken = ScopeToken::from_static("urn:matrix:org.matrix.msc2967.client:api:*");
const SYNAPSE_ADMIN_SCOPE: ScopeToken = ScopeToken::from_static("urn:synapse:admin:*");
#[tracing::instrument(
name = "handlers.oauth2.introspection.post",
@@ -267,8 +268,13 @@ pub(crate) async fn post(
// XXX: is that the right error to bubble up?
.ok_or(RouteError::UnknownToken)?;
// Grant the synapse admin scope if the session has the admin flag set.
let synapse_admin = session.is_synapse_admin.then_some(SYNAPSE_ADMIN_SCOPE);
let device_scope = session.device.to_scope_token();
let scope = [API_SCOPE, device_scope].into_iter().collect();
let scope = [API_SCOPE, device_scope]
.into_iter()
.chain(synapse_admin)
.collect();
IntrospectionResponse {
active: true,
@@ -308,8 +314,13 @@ pub(crate) async fn post(
// XXX: is that the right error to bubble up?
.ok_or(RouteError::UnknownToken)?;
// Grant the synapse admin scope if the session has the admin flag set.
let synapse_admin = session.is_synapse_admin.then_some(SYNAPSE_ADMIN_SCOPE);
let device_scope = session.device.to_scope_token();
let scope = [API_SCOPE, device_scope].into_iter().collect();
let scope = [API_SCOPE, device_scope]
.into_iter()
.chain(synapse_admin)
.collect();
IntrospectionResponse {
active: true,