This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Update the auth providers to be async. #7935
Merged
Merged
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -68,15 +68,15 @@ methods. | |
> will be called for each login attempt where the login type matches one | ||
> of the keys returned by `get_supported_login_types`. | ||
> | ||
> It is passed the (possibly UNqualified) `user` provided by the client, | ||
> It is passed the (possibly unqualified) `user` provided by the client, | ||
> the login type, and a dictionary of login secrets passed by the | ||
> client. | ||
> | ||
> The method should return a Twisted `Deferred` object, which resolves | ||
> The method should return an `Awaitable` object, which resolves | ||
> to the canonical `@localpart:domain` user id if authentication is | ||
> successful, and `None` if not. | ||
> | ||
> Alternatively, the `Deferred` can resolve to a `(str, func)` tuple, in | ||
> Alternatively, the `Awaitable` can resolve to a `(str, func)` tuple, in | ||
> which case the second field is a callback which will be called with | ||
> the result from the `/login` call (including `access_token`, | ||
> `device_id`, etc.) | ||
|
@@ -88,11 +88,11 @@ methods. | |
> passed the medium (ex. "email"), an address (ex. | ||
> "<[email protected]>") and the user's password. | ||
> | ||
> The method should return a Twisted `Deferred` object, which resolves | ||
> The method should return an `Awaitable` object, which resolves | ||
> to a `str` containing the user's (canonical) User ID if | ||
> authentication was successful, and `None` if not. | ||
> | ||
> As with `check_auth`, the `Deferred` may alternatively resolve to a | ||
> As with `check_auth`, the `Awaitable` may alternatively resolve to a | ||
> `(user_id, callback)` tuple. | ||
|
||
`someprovider.check_password`(*user_id*, *password*) | ||
|
@@ -102,11 +102,11 @@ methods. | |
> providers that just want to provide a mechanism for validating | ||
> `m.login.password` logins. | ||
> | ||
> Iif implemented, it will be called to check logins with an | ||
> If implemented, it will be called to check logins with an | ||
> `m.login.password` login type. It is passed a qualified | ||
> `@localpart:domain` user id, and the password provided by the user. | ||
> | ||
> The method should return a Twisted `Deferred` object, which resolves | ||
> The method should return an `Awaitable` object, which resolves | ||
> to `True` if authentication is successful, and `False` if not. | ||
|
||
`someprovider.on_logged_out`(*user_id*, *device_id*, *access_token*) | ||
|
@@ -116,5 +116,5 @@ methods. | |
> any: access tokens are occasionally created without an associated | ||
> device ID), and the (now deactivated) access token. | ||
> | ||
> It may return a Twisted `Deferred` object; the logout request will | ||
> It may return an `Awaitable` object; the logout request will | ||
> wait for the deferred to complete but the result is ignored. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Were you holding off specifying the possibilities here so that you wouldn't need to specify
Deferred
? If so, it's worth noting thatisinstance(a_deferred, Awaitable)
resolves toTrue
, so I think something not too cumbersome likeOptional[Union[str, Tuple]]
should work here.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't specify the possibilities because I did the typing before reading the separate documentation and the docstring didn't specify what was returned. 😄 I can double check the return types to the documentation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh wait, I know why I did this. (I should have ☕ before replying to things...)
Although this method is also named
check_auth
, it is NOT the same as above. It gets called twice:synapse/synapse/handlers/auth.py
Lines 426 to 430 in 4e5ec32
synapse/synapse/handlers/auth.py
Lines 510 to 513 in 4e5ec32
While the one from a password provider gets called:
synapse/synapse/handlers/auth.py
Lines 754 to 758 in 4e5ec32
Anyway, the result of
UserInteractiveAuthChecker.check_auth
gets saved into the database and sometimes inspected in other places.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, fair enough then! Thanks for the clear explanation :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're welcome! I'm now realizing that putting these changes in the same PR was confusing...since they're not really related. 😢 Sorry about that!