Implement the rest of the MAS APIs

Author: sandhose

synapse/rest/synapse/mas/__init__.py

@@ -19,11 +19,20 @@
 
 from twisted.web.resource import Resource
 
+from synapse.rest.synapse.mas.devices import (
+    MasCreateDeviceResource,
+    MasSyncDevicesResource,
+    MasUpdateDeviceDisplayNameResource,
+)
 from synapse.rest.synapse.mas.users import (
+    MasAllowCrossSigningResetResource,
     MasDeleteUserResource,
     MasIsLocalpartAvailableResource,
     MasProvisionUserResource,
     MasQueryUserResource,
+    MasReactivateUserResource,
+    MasSetDisplayNameResource,
+    MasUnsetDisplayNameResource,
 )
 
 if TYPE_CHECKING:
@@ -40,14 +49,14 @@ def __init__(self, hs: "HomeServer"):
         self.putChild(b"provision_user", MasProvisionUserResource(hs))
         self.putChild(b"is_localpart_available", MasIsLocalpartAvailableResource(hs))
         self.putChild(b"delete_user", MasDeleteUserResource(hs))
-        # self.putChild(b"create_device", MasCreateDeviceResource(hs))
-        # self.putChild(
-        # b"update_device_display_name", MasUpdateDeviceDisplayNameResource(hs)
-        # )
-        # self.putChild(b"sync_devices", MasSyncDevicesResource(hs))
-        # self.putChild(b"reactivate_user", MasReactivateUserResource(hs))
-        # self.putChild(b"set_displayname", MasSetDisplayNameResource(hs))
-        # self.putChild(b"unset_displayname", MasUnsetDisplayNameResource(hs))
-        # self.putChild(
-        # b"allow_cross_signing_reset", MasAllowCrossSigningResetResource(hs)
-        # )
+        self.putChild(b"create_device", MasCreateDeviceResource(hs))
+        self.putChild(
+            b"update_device_display_name", MasUpdateDeviceDisplayNameResource(hs)
+        )
+        self.putChild(b"sync_devices", MasSyncDevicesResource(hs))
+        self.putChild(b"reactivate_user", MasReactivateUserResource(hs))
+        self.putChild(b"set_displayname", MasSetDisplayNameResource(hs))
+        self.putChild(b"unset_displayname", MasUnsetDisplayNameResource(hs))
+        self.putChild(
+            b"allow_cross_signing_reset", MasAllowCrossSigningResetResource(hs)
+        )

synapse/rest/synapse/mas/devices.py

@@ -0,0 +1,150 @@
+#
+# This file is licensed under the Affero General Public License (AGPL) version 3.
+#
+# Copyright (C) 2025 New Vector, Ltd
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# See the GNU Affero General Public License for more details:
+# <https://www.gnu.org/licenses/agpl_3.0.html>.
+#
+#
+
+import logging
+from http import HTTPStatus
+from typing import TYPE_CHECKING, Optional, Tuple
+
+from synapse._pydantic_compat import BaseModel, StrictStr
+from synapse.http.servlet import parse_and_validate_json_object_from_request
+from synapse.types import JsonDict, UserID
+
+if TYPE_CHECKING:
+    from synapse.http.site import SynapseRequest
+    from synapse.server import HomeServer
+
+
+from ._base import MasBaseResource
+
+logger = logging.getLogger(__name__)
+
+
+class MasCreateDeviceResource(MasBaseResource):
+    def __init__(self, hs: "HomeServer"):
+        MasBaseResource.__init__(self, hs)
+
+        self.device_handler = hs.get_device_handler()
+
+    class PostBody(BaseModel):
+        localpart: StrictStr
+        device_id: StrictStr
+        display_name: Optional[StrictStr]
+
+    async def _async_render_POST(
+        self, request: "SynapseRequest"
+    ) -> Tuple[int, JsonDict]:
+        self.assert_mas_request(request)
+
+        body = parse_and_validate_json_object_from_request(request, self.PostBody)
+        user_id = UserID(body.localpart, self.hostname)
+
+        inserted = await self.device_handler.upsert_device(
+            user_id=str(user_id),
+            device_id=body.device_id,
+            display_name=body.display_name,
+        )
+
+        return HTTPStatus.CREATED if inserted else HTTPStatus.OK, {}
+
+
+class MasUpdateDeviceDisplayNameResource(MasBaseResource):
+    def __init__(self, hs: "HomeServer"):
+        MasBaseResource.__init__(self, hs)
+
+        self.device_handler = hs.get_device_handler()
+
+    class PostBody(BaseModel):
+        localpart: StrictStr
+        device_id: StrictStr
+        display_name: StrictStr
+
+    async def _async_render_POST(
+        self, request: "SynapseRequest"
+    ) -> Tuple[int, JsonDict]:
+        self.assert_mas_request(request)
+
+        body = parse_and_validate_json_object_from_request(request, self.PostBody)
+        user_id = UserID(body.localpart, self.hostname)
+
+        await self.device_handler.update_device(
+            user_id=str(user_id),
+            device_id=body.device_id,
+            content={"display_name": body.display_name},
+        )
+
+        return HTTPStatus.OK, {}
+
+
+class MasSyncDevicesResource(MasBaseResource):
+    def __init__(self, hs: "HomeServer"):
+        MasBaseResource.__init__(self, hs)
+
+        self.device_handler = hs.get_device_handler()
+
+    class PostBody(BaseModel):
+        localpart: StrictStr
+        devices: set[StrictStr]
+
+    async def _async_render_GET(
+        self, request: "SynapseRequest"
+    ) -> Tuple[int, JsonDict]:
+        self.assert_mas_request(request)
+
+        body = parse_and_validate_json_object_from_request(request, self.PostBody)
+        user_id = UserID(body.localpart, self.hostname)
+
+        current_devices = await self.store.get_devices_by_user(user_id=str(user_id))
+        current_devices_list = set(current_devices.keys())
+        target_device_list = set(body.devices)
+
+        to_add = target_device_list - current_devices_list
+        to_delete = current_devices_list - target_device_list
+
+        # Log what we're about to do, as this can be an expensive operation
+        if to_add and to_delete:
+            logger.info(
+                "Syncing %d devices for user %s will add %d devices and delete %d devices",
+                len(target_device_list),
+                user_id,
+                len(to_add),
+                len(to_delete),
+            )
+        elif to_add:
+            logger.info(
+                "Syncing %d devices for user %s will add %d devices",
+                len(target_device_list),
+                user_id,
+                len(to_add),
+            )
+        elif to_delete:
+            logger.info(
+                "Syncing %d devices for user %s will delete %d devices",
+                len(target_device_list),
+                user_id,
+                len(to_delete),
+            )
+
+        if to_delete:
+            await self.device_handler.delete_devices(
+                user_id=str(user_id), device_ids=to_delete
+            )
+
+        for device_id in to_add:
+            await self.device_handler.upsert_device(
+                user_id=str(user_id),
+                device_id=device_id,
+            )
+
+        return 200, {}

synapse/rest/synapse/mas/users.py

@@ -18,7 +18,7 @@
 from typing import TYPE_CHECKING, Any, Optional, Tuple
 
 from synapse._pydantic_compat import BaseModel, StrictBool, StrictStr, root_validator
-from synapse.api.errors import SynapseError
+from synapse.api.errors import NotFoundError, SynapseError
 from synapse.http.servlet import (
     parse_and_validate_json_object_from_request,
     parse_string,
@@ -78,6 +78,7 @@ def __init__(self, hs: "HomeServer"):
         self.registration_handler = hs.get_registration_handler()
         self.identity_handler = hs.get_identity_handler()
         self.auth_handler = hs.get_auth_handler()
+        self.profile_handler = hs.get_profile_handler()
         self.clock = hs.get_clock()
         self.auth = hs.get_auth()
 
@@ -128,10 +129,21 @@ async def _async_render_POST(
             )
         else:
             created = False
+            requester = create_requester(user_id=user_id)
             if body.unset_displayname:
-                await self.store.set_profile_displayname(user_id, None)
+                await self.profile_handler.set_displayname(
+                    target_user=user_id,
+                    requester=requester,
+                    new_displayname="",
+                    by_admin=True,
+                )
             elif body.set_displayname is not None:
-                await self.store.set_profile_displayname(user_id, body.set_displayname)
+                await self.profile_handler.set_displayname(
+                    target_user=user_id,
+                    requester=requester,
+                    new_displayname=body.set_displayname,
+                    by_admin=True,
+                )
 
             new_email_list: Optional[set[str]] = None
             if body.unset_emails:
@@ -225,3 +237,113 @@ async def _async_render_POST(
         )
 
         return HTTPStatus.OK, {}
+
+
+class MasReactivateUserResource(MasBaseResource):
+    def __init__(self, hs: "HomeServer"):
+        MasBaseResource.__init__(self, hs)
+
+        self.deactivate_account_handler = hs.get_deactivate_account_handler()
+
+    class PostBody(BaseModel):
+        localpart: StrictStr
+
+    async def _async_render_POST(
+        self, request: "SynapseRequest"
+    ) -> Tuple[int, JsonDict]:
+        self.assert_mas_request(request)
+
+        body = parse_and_validate_json_object_from_request(request, self.PostBody)
+        user_id = UserID(body.localpart, self.hostname)
+
+        await self.deactivate_account_handler.activate_account(
+            user_id=user_id.to_string(),
+        )
+
+        return HTTPStatus.OK, {}
+
+
+class MasSetDisplayNameResource(MasBaseResource):
+    def __init__(self, hs: "HomeServer"):
+        MasBaseResource.__init__(self, hs)
+
+        self.profile_handler = hs.get_profile_handler()
+
+    class PostBody(BaseModel):
+        localpart: StrictStr
+        displayname: StrictStr
+
+    async def _async_render_POST(
+        self, request: "SynapseRequest"
+    ) -> Tuple[int, JsonDict]:
+        self.assert_mas_request(request)
+
+        body = parse_and_validate_json_object_from_request(request, self.PostBody)
+        user_id = UserID(body.localpart, self.hostname)
+        requester = create_requester(user_id=user_id)
+
+        await self.profile_handler.set_displayname(
+            target_user=user_id,
+            requester=requester,
+            new_displayname=body.displayname,
+        )
+
+        return HTTPStatus.OK, {}
+
+
+class MasUnsetDisplayNameResource(MasBaseResource):
+    def __init__(self, hs: "HomeServer"):
+        MasBaseResource.__init__(self, hs)
+
+        self.profile_handler = hs.get_profile_handler()
+
+    class PostBody(BaseModel):
+        localpart: StrictStr
+
+    async def _async_render_POST(
+        self, request: "SynapseRequest"
+    ) -> Tuple[int, JsonDict]:
+        self.assert_mas_request(request)
+
+        body = parse_and_validate_json_object_from_request(request, self.PostBody)
+        user_id = UserID(body.localpart, self.hostname)
+        requester = create_requester(user_id=user_id)
+
+        await self.profile_handler.set_displayname(
+            target_user=user_id,
+            requester=requester,
+            new_displayname="",
+        )
+
+        return HTTPStatus.OK, {}
+
+
+class MasAllowCrossSigningResetResource(MasBaseResource):
+    REPLACEMENT_PERIOD_MS = 10 * 60 * 1000  # 10 minutes
+
+    def __init__(self, hs: "HomeServer"):
+        MasBaseResource.__init__(self, hs)
+
+    class PostBody(BaseModel):
+        localpart: StrictStr
+        password: StrictStr
+
+    async def _async_render_POST(
+        self, request: "SynapseRequest"
+    ) -> Tuple[int, JsonDict]:
+        self.assert_mas_request(request)
+
+        body = parse_and_validate_json_object_from_request(request, self.PostBody)
+        user_id = UserID(body.localpart, self.hostname)
+
+        timestamp = (
+            await self.store.allow_master_cross_signing_key_replacement_without_uia(
+                user_id=str(user_id),
+                duration_ms=self.REPLACEMENT_PERIOD_MS,
+            )
+        )
+
+        if timestamp is None:
+            raise NotFoundError("User has no master cross-signing key")
+
+        return HTTPStatus.OK, {}