Merge pull request #2621 from matrix-org/rav/refactor_accesstoken_delete

Move access token deletion into auth handler
author: David Baker <dbkr@users.noreply.github.com> 2017-11-01 16:26:06 +0000
committer: GitHub <noreply@github.com> 2017-11-01 16:26:06 +0000
commit: c9b9ef575b02c6ece501a0bbdeacff66129cffcc (patch)
tree: 0fdeaac7556bde98a40dd160dd9a719c7868987f /synapse/handlers
parent: Merge pull request #2617 from matrix-org/matthew/auto-displayname (diff)
parent: Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_d... (diff)
download: synapse-c9b9ef575b02c6ece501a0bbdeacff66129cffcc.tar.xz
3 files changed, 52 insertions, 5 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 051995bcce..4ba75eb742 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -605,14 +605,59 @@ class AuthHandler(BaseHandler):
             if e.code == 404:
                 raise SynapseError(404, "Unknown user", Codes.NOT_FOUND)
             raise e
-        yield self.store.user_delete_access_tokens(
-            user_id, except_access_token_id
+        yield self.delete_access_tokens_for_user(
+            user_id, except_token_id=except_access_token_id,
         )
         yield self.hs.get_pusherpool().remove_pushers_by_user(
             user_id, except_access_token_id
         )
 
     @defer.inlineCallbacks
+    def deactivate_account(self, user_id):
+        """Deactivate a user's account
+
+        Args:
+            user_id (str): ID of user to be deactivated
+
+        Returns:
+            Deferred
+        """
+        # FIXME: Theoretically there is a race here wherein user resets
+        # password using threepid.
+        yield self.delete_access_tokens_for_user(user_id)
+        yield self.store.user_delete_threepids(user_id)
+        yield self.store.user_set_password_hash(user_id, None)
+
+    def delete_access_token(self, access_token):
+        """Invalidate a single access token
+
+        Args:
+            access_token (str): access token to be deleted
+
+        Returns:
+            Deferred
+        """
+        return self.store.delete_access_token(access_token)
+
+    def delete_access_tokens_for_user(self, user_id, except_token_id=None,
+                                      device_id=None):
+        """Invalidate access tokens belonging to a user
+
+        Args:
+            user_id (str):  ID of user the tokens belong to
+            except_token_id (str|None): access_token ID which should *not* be
+                deleted
+            device_id (str|None):  ID of device the tokens are associated with.
+                If None, tokens associated with any device (or no device) will
+                be deleted
+        Returns:
+            Deferred
+        """
+        return self.store.user_delete_access_tokens(
+            user_id, except_token_id=except_token_id, device_id=device_id,
+        )
+
+    @defer.inlineCallbacks
     def add_threepid(self, user_id, medium, address, validated_at):
         # 'Canonicalise' email addresses down to lower case.
         # We've now moving towards the Home Server being the entity that
diff --git a/synapse/handlers/device.py b/synapse/handlers/device.py
index 94fc08446b..579d8477ba 100644
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@@ -34,6 +34,7 @@ class DeviceHandler(BaseHandler):
 
         self.hs = hs
         self.state = hs.get_state_handler()
+        self._auth_handler = hs.get_auth_handler()
         self.federation_sender = hs.get_federation_sender()
         self.federation = hs.get_replication_layer()
 
@@ -159,7 +160,7 @@ class DeviceHandler(BaseHandler):
             else:
                 raise
 
-        yield self.store.user_delete_access_tokens(
+        yield self._auth_handler.delete_access_tokens_for_user(
             user_id, device_id=device_id,
         )
 
@@ -193,7 +194,7 @@ class DeviceHandler(BaseHandler):
         # Delete access tokens and e2e keys for each device. Not optimised as it is not
         # considered as part of a critical path.
         for device_id in device_ids:
-            yield self.store.user_delete_access_tokens(
+            yield self._auth_handler.delete_access_tokens_for_user(
                 user_id, device_id=device_id,
             )
             yield self.store.delete_e2e_keys_by_device(
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index 49dc33c147..f6e7e58563 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -36,6 +36,7 @@ class RegistrationHandler(BaseHandler):
         super(RegistrationHandler, self).__init__(hs)
 
         self.auth = hs.get_auth()
+        self._auth_handler = hs.get_auth_handler()
         self.profile_handler = hs.get_profile_handler()
         self.captcha_client = CaptchaServerHttpClient(hs)
 
@@ -416,7 +417,7 @@ class RegistrationHandler(BaseHandler):
                 create_profile_with_localpart=user.localpart,
             )
         else:
-            yield self.store.user_delete_access_tokens(user_id=user_id)
+            yield self._auth_handler.delete_access_tokens_for_user(user_id)
             yield self.store.add_access_token_to_user(user_id=user_id, token=token)
 
         if displayname is not None:
author	David Baker <dbkr@users.noreply.github.com>	2017-11-01 16:26:06 +0000
committer	GitHub <noreply@github.com>	2017-11-01 16:26:06 +0000
commit	c9b9ef575b02c6ece501a0bbdeacff66129cffcc (patch)
tree	0fdeaac7556bde98a40dd160dd9a719c7868987f /synapse/handlers
parent	Merge pull request #2617 from matrix-org/matthew/auto-displayname (diff)
parent	Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_d... (diff)
download	synapse-c9b9ef575b02c6ece501a0bbdeacff66129cffcc.tar.xz