diff options
| author | Richard van der Hoff <richard@matrix.org> | 2016-11-30 17:40:18 +0000 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2016-11-30 17:40:18 +0000 |
| commit | aa09d6b8f0a8f3f006f08b8816b3f2a0fe7eb167 (patch) | |
| tree | 2b63610291843d6b24c9baa44cb6f18e163357b3 /synapse/api | |
| parent | Merge branch 'develop' into rav/no_more_refresh_tokens (diff) | |
| download | synapse-aa09d6b8f0a8f3f006f08b8816b3f2a0fe7eb167.tar.xz | |
Rip out more refresh_token code
We might as well treat all refresh_tokens as invalid. Just return a 403 from /tokenrefresh, so that we don't have a load of dead, untestable code hanging around. Still TODO: removing the table from the schema.
Diffstat (limited to 'synapse/api')
| -rw-r--r-- | synapse/api/auth.py | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index b17025c7ce..ddab210718 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -791,7 +791,7 @@ class Auth(object): Args: macaroon(pymacaroons.Macaroon): The macaroon to validate - type_string(str): The kind of token required (e.g. "access", "refresh", + type_string(str): The kind of token required (e.g. "access", "delete_pusher") verify_expiry(bool): Whether to verify whether the macaroon has expired. user_id (str): The user_id required @@ -820,8 +820,7 @@ class Auth(object): else: v.satisfy_general(lambda c: c.startswith("time < ")) - # access_tokens and refresh_tokens include a nonce for uniqueness: any - # value is acceptable + # access_tokens include a nonce for uniqueness: any value is acceptable v.satisfy_general(lambda c: c.startswith("nonce = ")) v.verify(macaroon, self.hs.config.macaroon_secret_key) |