diff options
author | Richard van der Hoff <richard@matrix.org> | 2017-11-29 15:44:59 +0000 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2017-11-29 16:44:35 +0000 |
commit | ad7e570d07e498e7a9395800650aeef0f9fbc914 (patch) | |
tree | f8d8f53bdf064d0033be76bc3c4ce8bc1582540f /synapse/module_api/__init__.py | |
parent | Move set_password into its own handler (diff) | |
download | synapse-ad7e570d07e498e7a9395800650aeef0f9fbc914.tar.xz |
Delete devices in various logout situations
Make sure that we delete devices whenever a user is logged out due to any of the following situations: * /logout * /logout_all * change password * deactivate account (by the user or by an admin) * invalidate access token from a dynamic module Fixes #2672.
Diffstat (limited to 'synapse/module_api/__init__.py')
-rw-r--r-- | synapse/module_api/__init__.py | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/synapse/module_api/__init__.py b/synapse/module_api/__init__.py index dc680ddf43..097c844d31 100644 --- a/synapse/module_api/__init__.py +++ b/synapse/module_api/__init__.py @@ -12,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +from twisted.internet import defer from synapse.types import UserID @@ -81,6 +82,7 @@ class ModuleApi(object): reg = self.hs.get_handlers().registration_handler return reg.register(localpart=localpart) + @defer.inlineCallbacks def invalidate_access_token(self, access_token): """Invalidate an access token for a user @@ -94,8 +96,16 @@ class ModuleApi(object): Raises: synapse.api.errors.AuthError: the access token is invalid """ - - return self._auth_handler.delete_access_token(access_token) + # see if the access token corresponds to a device + user_info = yield self._auth.get_user_by_access_token(access_token) + device_id = user_info.get("device_id") + user_id = user_info["user"].to_string() + if device_id: + # delete the device, which will also delete its access tokens + yield self.hs.get_device_handler().delete_device(user_id, device_id) + else: + # no associated device. Just delete the access token. + yield self._auth_handler.delete_access_token(access_token) def run_db_interaction(self, desc, func, *args, **kwargs): """Run a function with a database connection |