diff options
author | Brendan Abolivier <contact@brendanabolivier.com> | 2019-04-09 17:02:41 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-09 17:02:41 +0100 |
commit | bfc8fdf1fcd03808b54282a856bc33a856cc5add (patch) | |
tree | 7b31c6b90103e41c1d12500eb04a98e100a10f46 /synapse/api/auth.py | |
parent | Merge pull request #5030 from matrix-org/rav/rewrite_g_s_v_k (diff) | |
parent | Add account expiration feature (diff) | |
download | synapse-bfc8fdf1fcd03808b54282a856bc33a856cc5add.tar.xz |
Merge pull request #5027 from matrix-org/babolivier/account_expiration
Add time-based account expiration
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r-- | synapse/api/auth.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index e8112d5f05..976e0dd18b 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -64,6 +64,8 @@ class Auth(object): self.token_cache = LruCache(CACHE_SIZE_FACTOR * 10000) register_cache("cache", "token_cache", self.token_cache) + self._account_validity = hs.config.account_validity + @defer.inlineCallbacks def check_from_context(self, room_version, event, context, do_sig_check=True): prev_state_ids = yield context.get_prev_state_ids(self.store) @@ -226,6 +228,16 @@ class Auth(object): token_id = user_info["token_id"] is_guest = user_info["is_guest"] + # Deny the request if the user account has expired. + if self._account_validity.enabled: + expiration_ts = yield self.store.get_expiration_ts_for_user(user) + if self.clock.time_msec() >= expiration_ts: + raise AuthError( + 403, + "User account has expired", + errcode=Codes.EXPIRED_ACCOUNT, + ) + # device_id may not be present if get_user_by_access_token has been # stubbed out. device_id = user_info.get("device_id") |