diff options
| author | Quentin Gliech <quenting@element.io> | 2022-10-26 12:45:41 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-26 11:45:41 +0100 |
| commit | 8756d5c87efc5637da55c9e21d2a4eb2369ba693 (patch) | |
| tree | 38b8f68e61fa285fba1bc345b006fe1a9e3af026 /synapse/rest | |
| parent | Unified search query syntax using the full-text search capabilities of the un... (diff) | |
| download | synapse-8756d5c87efc5637da55c9e21d2a4eb2369ba693.tar.xz | |
Save login tokens in database (#13844)
* Save login tokens in database Signed-off-by: Quentin Gliech <quenting@element.io> * Add upgrade notes * Track login token reuse in a Prometheus metric Signed-off-by: Quentin Gliech <quenting@element.io>
Diffstat (limited to 'synapse/rest')
| -rw-r--r-- | synapse/rest/client/login.py | 3 | ||||
| -rw-r--r-- | synapse/rest/client/login_token_request.py | 5 |
2 files changed, 3 insertions, 5 deletions
diff --git a/synapse/rest/client/login.py b/synapse/rest/client/login.py index f554586ac3..7774f1967d 100644 --- a/synapse/rest/client/login.py +++ b/synapse/rest/client/login.py @@ -436,8 +436,7 @@ class LoginRestServlet(RestServlet): The body of the JSON response. """ token = login_submission["token"] - auth_handler = self.auth_handler - res = await auth_handler.validate_short_term_login_token(token) + res = await self.auth_handler.consume_login_token(token) return await self._complete_login( res.user_id, diff --git a/synapse/rest/client/login_token_request.py b/synapse/rest/client/login_token_request.py index 277b20fb63..43ea21d5e6 100644 --- a/synapse/rest/client/login_token_request.py +++ b/synapse/rest/client/login_token_request.py @@ -57,7 +57,6 @@ class LoginTokenRequestServlet(RestServlet): self.store = hs.get_datastores().main self.clock = hs.get_clock() self.server_name = hs.config.server.server_name - self.macaroon_gen = hs.get_macaroon_generator() self.auth_handler = hs.get_auth_handler() self.token_timeout = hs.config.experimental.msc3882_token_timeout self.ui_auth = hs.config.experimental.msc3882_ui_auth @@ -76,10 +75,10 @@ class LoginTokenRequestServlet(RestServlet): can_skip_ui_auth=False, # Don't allow skipping of UI auth ) - login_token = self.macaroon_gen.generate_short_term_login_token( + login_token = await self.auth_handler.create_login_token_for_user_id( user_id=requester.user.to_string(), auth_provider_id="org.matrix.msc3882.login_token_request", - duration_in_ms=self.token_timeout, + duration_ms=self.token_timeout, ) return ( |