diff options
| author | Richard van der Hoff <richard@matrix.org> | 2016-11-30 17:10:04 +0000 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2016-11-30 17:10:04 +0000 |
| commit | dc4b23e1a102071227288bb9d2ad77611f0d34c8 (patch) | |
| tree | c1147b1f393c416daa7fd8855850e42caf9d9956 /synapse/handlers/auth.py | |
| parent | Stop generating refresh tokens (diff) | |
| parent | Merge pull request #1660 from matrix-org/rav/better_content_type_validation (diff) | |
| download | synapse-dc4b23e1a102071227288bb9d2ad77611f0d34c8.tar.xz | |
Merge branch 'develop' into rav/no_more_refresh_tokens
Diffstat (limited to 'synapse/handlers/auth.py')
| -rw-r--r-- | synapse/handlers/auth.py | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 8984f87f96..91e7e725b9 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -526,14 +526,15 @@ class AuthHandler(BaseHandler): device_id) defer.returnValue(access_token) - def generate_access_token(self, user_id, extra_caveats=None, - duration_in_ms=(60 * 60 * 1000)): + def generate_access_token(self, user_id, extra_caveats=None): extra_caveats = extra_caveats or [] macaroon = self._generate_base_macaroon(user_id) macaroon.add_first_party_caveat("type = access") - now = self.hs.get_clock().time_msec() - expiry = now + duration_in_ms - macaroon.add_first_party_caveat("time < %d" % (expiry,)) + # Include a nonce, to make sure that each login gets a different + # access token. + macaroon.add_first_party_caveat("nonce = %s" % ( + stringutils.random_string_with_symbols(16), + )) for caveat in extra_caveats: macaroon.add_first_party_caveat(caveat) return macaroon.serialize() |