diff options
| author | Richard van der Hoff <richard@matrix.org> | 2017-11-01 10:29:34 +0000 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2017-11-01 15:46:22 +0000 |
| commit | dd13310fb8ca0cfce60e4fccdb93e90a16078609 (patch) | |
| tree | f6b42e32e82bb54fd6027c2985dd09c96b7a2ac9 /synapse/handlers/auth.py | |
| parent | Merge pull request #2610 from matrix-org/rav/schema_for_pw_providers (diff) | |
| download | synapse-dd13310fb8ca0cfce60e4fccdb93e90a16078609.tar.xz | |
Move access token deletion into auth handler
Also move duplicated deactivation code into the auth handler. I want to add some hooks when we deactivate an access token, so let's bring it all in here so that there's somewhere to put it.
Diffstat (limited to 'synapse/handlers/auth.py')
| -rw-r--r-- | synapse/handlers/auth.py | 49 |
1 files changed, 47 insertions, 2 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 93d8ac0e04..1a90c10b01 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -608,14 +608,59 @@ class AuthHandler(BaseHandler): if e.code == 404: raise SynapseError(404, "Unknown user", Codes.NOT_FOUND) raise e - yield self.store.user_delete_access_tokens( - user_id, except_access_token_id + yield self.delete_access_tokens_for_user( + user_id, except_token_id=except_access_token_id, ) yield self.hs.get_pusherpool().remove_pushers_by_user( user_id, except_access_token_id ) @defer.inlineCallbacks + def deactivate_account(self, user_id): + """Deactivate a user's account + + Args: + user_id (str): ID of user to be deactivated + + Returns: + Deferred + """ + # FIXME: Theoretically there is a race here wherein user resets + # password using threepid. + yield self.delete_access_tokens_for_user(user_id) + yield self.store.user_delete_threepids(user_id) + yield self.store.user_set_password_hash(user_id, None) + + def delete_access_token(self, access_token): + """Invalidate a single access token + + Args: + access_token (str): access token to be deleted + + Returns: + Deferred + """ + return self.store.delete_access_token(access_token) + + def delete_access_tokens_for_user(self, user_id, except_token_id=None, + device_id=None): + """Invalidate access tokens belonging to a user + + Args: + user_id (str): ID of user the tokens belong to + except_token_id (str|None): access_token ID which should *not* be + deleted + device_id (str|None): ID of device the tokens are associated with. + If None, tokens associated with any device (or no device) will + be deleted + Returns: + Deferred + """ + return self.store.user_delete_access_tokens( + user_id, except_token_id=except_token_id, device_id=device_id, + ) + + @defer.inlineCallbacks def add_threepid(self, user_id, medium, address, validated_at): # 'Canonicalise' email addresses down to lower case. # We've now moving towards the Home Server being the entity that |