diff options
| author | Erik Johnston <erik@matrix.org> | 2019-06-18 16:11:43 +0100 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2019-06-18 16:11:43 +0100 |
| commit | 19b80fe68a9e594dd00878ae8a2d34f94000755b (patch) | |
| tree | 21708e4462b2dcf551f717e4c8188cd561171591 /synapse/api/auth.py | |
| parent | Newsfile (diff) | |
| parent | Fix seven contrib files with Python syntax errors (#5446) (diff) | |
| download | synapse-19b80fe68a9e594dd00878ae8a2d34f94000755b.tar.xz | |
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/fix_get_missing_events_error
Diffstat (limited to 'synapse/api/auth.py')
| -rw-r--r-- | synapse/api/auth.py | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 976e0dd18b..79e2808dc5 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -184,11 +184,22 @@ class Auth(object): return event_auth.get_public_keys(invite_event) @defer.inlineCallbacks - def get_user_by_req(self, request, allow_guest=False, rights="access"): + def get_user_by_req( + self, + request, + allow_guest=False, + rights="access", + allow_expired=False, + ): """ Get a registered user's ID. Args: request - An HTTP request with an access_token query parameter. + allow_expired - Whether to allow the request through even if the account is + expired. If true, Synapse will still require an access token to be + provided but won't check if the account it belongs to has expired. This + works thanks to /login delivering access tokens regardless of accounts' + expiration. Returns: defer.Deferred: resolves to a ``synapse.types.Requester`` object Raises: @@ -229,9 +240,10 @@ class Auth(object): is_guest = user_info["is_guest"] # Deny the request if the user account has expired. - if self._account_validity.enabled: - expiration_ts = yield self.store.get_expiration_ts_for_user(user) - if self.clock.time_msec() >= expiration_ts: + if self._account_validity.enabled and not allow_expired: + user_id = user.to_string() + expiration_ts = yield self.store.get_expiration_ts_for_user(user_id) + if expiration_ts is not None and self.clock.time_msec() >= expiration_ts: raise AuthError( 403, "User account has expired", @@ -555,7 +567,7 @@ class Auth(object): """ Check if the given user is a local server admin. Args: - user (str): mxid of user to check + user (UserID): user to check Returns: bool: True if the user is an admin |