diff options
| author | Quentin Gliech <quenting@element.io> | 2022-08-22 15:17:59 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-22 14:17:59 +0100 |
| commit | 3dd175b628bab5638165f20de9eade36a4e88147 (patch) | |
| tree | 9f4f0b459e22c9665baf03e0fb509baa447c4ce2 /synapse/handlers/auth.py | |
| parent | Remove redundant opentracing spans for `/sendToDevice` and `/keys/upload` (#1... (diff) | |
| download | synapse-3dd175b628bab5638165f20de9eade36a4e88147.tar.xz | |
`synapse.api.auth.Auth` cleanup: make permission-related methods use `Requester` instead of the `UserID` (#13024)
Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
Diffstat (limited to 'synapse/handlers/auth.py')
| -rw-r--r-- | synapse/handlers/auth.py | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index bfa5535044..0327fc57a4 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -280,7 +280,7 @@ class AuthHandler: that it isn't stolen by re-authenticating them. Args: - requester: The user, as given by the access token + requester: The user making the request, according to the access token. request: The request sent by the client. @@ -1435,20 +1435,25 @@ class AuthHandler: access_token: access token to be deleted """ - user_info = await self.auth.get_user_by_access_token(access_token) + token = await self.store.get_user_by_access_token(access_token) + if not token: + # At this point, the token should already have been fetched once by + # the caller, so this should not happen, unless of a race condition + # between two delete requests + raise SynapseError(HTTPStatus.UNAUTHORIZED, "Unrecognised access token") await self.store.delete_access_token(access_token) # see if any modules want to know about this await self.password_auth_provider.on_logged_out( - user_id=user_info.user_id, - device_id=user_info.device_id, + user_id=token.user_id, + device_id=token.device_id, access_token=access_token, ) # delete pushers associated with this access token - if user_info.token_id is not None: + if token.token_id is not None: await self.hs.get_pusherpool().remove_pushers_by_access_token( - user_info.user_id, (user_info.token_id,) + token.user_id, (token.token_id,) ) async def delete_access_tokens_for_user( |