diff options
| author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-07-12 17:26:02 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-07-12 17:26:02 +0100 |
| commit | 5f158ec039e4753959aad9b8d288b3d8cb4959a1 (patch) | |
| tree | 5365e3257124ee89e8ef0026ffc6dd5ef4b153fc /synapse/handlers/auth.py | |
| parent | fix typo: backgroud -> background (diff) | |
| download | synapse-5f158ec039e4753959aad9b8d288b3d8cb4959a1.tar.xz | |
Implement access token expiry (#5660)
Record how long an access token is valid for, and raise a soft-logout once it expires.
Diffstat (limited to 'synapse/handlers/auth.py')
| -rw-r--r-- | synapse/handlers/auth.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index da312b188e..b74a6e9c62 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -15,6 +15,7 @@ # limitations under the License. import logging +import time import unicodedata import attr @@ -558,7 +559,7 @@ class AuthHandler(BaseHandler): return self.sessions[session_id] @defer.inlineCallbacks - def get_access_token_for_user_id(self, user_id, device_id=None): + def get_access_token_for_user_id(self, user_id, device_id, valid_until_ms): """ Creates a new access token for the user with the given user ID. @@ -572,16 +573,26 @@ class AuthHandler(BaseHandler): device_id (str|None): the device ID to associate with the tokens. None to leave the tokens unassociated with a device (deprecated: we should always have a device ID) + valid_until_ms (int|None): when the token is valid until. None for + no expiry. Returns: The access token for the user's session. Raises: StoreError if there was a problem storing the token. """ - logger.info("Logging in user %s on device %s", user_id, device_id) + fmt_expiry = "" + if valid_until_ms is not None: + fmt_expiry = time.strftime( + " until %Y-%m-%d %H:%M:%S", time.localtime(valid_until_ms / 1000.0) + ) + logger.info("Logging in user %s on device %s%s", user_id, device_id, fmt_expiry) + yield self.auth.check_auth_blocking(user_id) access_token = self.macaroon_gen.generate_access_token(user_id) - yield self.store.add_access_token_to_user(user_id, access_token, device_id) + yield self.store.add_access_token_to_user( + user_id, access_token, device_id, valid_until_ms + ) # the device *should* have been registered before we got here; however, # it's possible we raced against a DELETE operation. The thing we |