summary refs log tree commit diff
path: root/synapse/replication
diff options
context:
space:
mode:
authorShay <hillerys@element.io>2023-08-22 07:15:34 -0700
committerGitHub <noreply@github.com>2023-08-22 14:15:34 +0000
commit69048f7b4848ab6a4ae6cb233f8cbf36d73c0ba1 (patch)
tree36358213ec30b624ac550e77c9df7f318776676e /synapse/replication
parentBump serde from 1.0.183 to 1.0.184 (#16139) (diff)
downloadsynapse-69048f7b4848ab6a4ae6cb233f8cbf36d73c0ba1.tar.xz
Add an admin endpoint to allow authorizing server to signal token revocations (#16125)
Diffstat (limited to 'synapse/replication')
-rw-r--r--synapse/replication/tcp/client.py12
1 files changed, 12 insertions, 0 deletions
diff --git a/synapse/replication/tcp/client.py b/synapse/replication/tcp/client.py
index 139f57cf86..04e8cff6ea 100644
--- a/synapse/replication/tcp/client.py
+++ b/synapse/replication/tcp/client.py
@@ -26,6 +26,7 @@ from synapse.logging.context import PreserveLoggingContext, make_deferred_yielda
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.replication.tcp.streams import (
     AccountDataStream,
+    CachesStream,
     DeviceListsStream,
     PushersStream,
     PushRulesStream,
@@ -73,6 +74,7 @@ class ReplicationDataHandler:
         self._instance_name = hs.get_instance_name()
         self._typing_handler = hs.get_typing_handler()
         self._state_storage_controller = hs.get_storage_controllers().state
+        self.auth = hs.get_auth()
 
         self._notify_pushers = hs.config.worker.start_pushers
         self._pusher_pool = hs.get_pusherpool()
@@ -218,6 +220,16 @@ class ReplicationDataHandler:
                 self._state_storage_controller.notify_event_un_partial_stated(
                     row.event_id
                 )
+        # invalidate the introspection token cache
+        elif stream_name == CachesStream.NAME:
+            for row in rows:
+                if row.cache_func == "introspection_token_invalidation":
+                    if row.keys[0] is None:
+                        # invalidate the whole cache
+                        # mypy ignore - the token cache is defined on MSC3861DelegatedAuth
+                        self.auth.invalidate_token_cache()  # type: ignore[attr-defined]
+                    else:
+                        self.auth.invalidate_cached_tokens(row.keys)  # type: ignore[attr-defined]
 
         await self._presence_handler.process_replication_rows(
             stream_name, instance_name, token, rows