diff options
| author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-07-12 17:26:02 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-12 17:26:02 +0100 |
| commit | 5f158ec039e4753959aad9b8d288b3d8cb4959a1 (patch) | |
| tree | 5365e3257124ee89e8ef0026ffc6dd5ef4b153fc /synapse/api/auth.py | |
| parent | fix typo: backgroud -> background (diff) | |
| download | synapse-5f158ec039e4753959aad9b8d288b3d8cb4959a1.tar.xz | |
Implement access token expiry (#5660)
Record how long an access token is valid for, and raise a soft-logout once it expires.
Diffstat (limited to 'synapse/api/auth.py')
| -rw-r--r-- | synapse/api/auth.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index afc6400948..d9e943c39c 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -319,6 +319,17 @@ class Auth(object): # first look in the database r = yield self._look_up_user_by_access_token(token) if r: + valid_until_ms = r["valid_until_ms"] + if ( + valid_until_ms is not None + and valid_until_ms < self.clock.time_msec() + ): + # there was a valid access token, but it has expired. + # soft-logout the user. + raise InvalidClientTokenError( + msg="Access token has expired", soft_logout=True + ) + defer.returnValue(r) # otherwise it needs to be a valid macaroon @@ -505,6 +516,7 @@ class Auth(object): "token_id": ret.get("token_id", None), "is_guest": False, "device_id": ret.get("device_id"), + "valid_until_ms": ret.get("valid_until_ms"), } defer.returnValue(user_info) |