Implement access token expiry (#5660)

Record how long an access token is valid for, and raise a soft-logout once it expires.
author: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> 2019-07-12 17:26:02 +0100
committer: GitHub <noreply@github.com> 2019-07-12 17:26:02 +0100
commit: 5f158ec039e4753959aad9b8d288b3d8cb4959a1 (patch)
tree: 5365e3257124ee89e8ef0026ffc6dd5ef4b153fc /synapse/storage/registration.py
parent: fix typo: backgroud -> background (diff)
download: synapse-5f158ec039e4753959aad9b8d288b3d8cb4959a1.tar.xz
1 files changed, 14 insertions, 5 deletions
diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py
index 73580f1725..8b2c2a97ab 100644
--- a/synapse/storage/registration.py
+++ b/synapse/storage/registration.py
@@ -90,7 +90,8 @@ class RegistrationWorkerStore(SQLBaseStore):
             token (str): The access token of a user.
         Returns:
             defer.Deferred: None, if the token did not match, otherwise dict
-                including the keys `name`, `is_guest`, `device_id`, `token_id`.
+                including the keys `name`, `is_guest`, `device_id`, `token_id`,
+                `valid_until_ms`.
         """
         return self.runInteraction(
             "get_user_by_access_token", self._query_for_auth, token
@@ -284,7 +285,7 @@ class RegistrationWorkerStore(SQLBaseStore):
     def _query_for_auth(self, txn, token):
         sql = (
             "SELECT users.name, users.is_guest, access_tokens.id as token_id,"
-            " access_tokens.device_id"
+            " access_tokens.device_id, access_tokens.valid_until_ms"
             " FROM users"
             " INNER JOIN access_tokens on users.name = access_tokens.user_id"
             " WHERE token = ?"
@@ -679,14 +680,16 @@ class RegistrationStore(
         defer.returnValue(batch_size)
 
     @defer.inlineCallbacks
-    def add_access_token_to_user(self, user_id, token, device_id=None):
+    def add_access_token_to_user(self, user_id, token, device_id, valid_until_ms):
         """Adds an access token for the given user.
 
         Args:
             user_id (str): The user ID.
             token (str): The new access token to add.
             device_id (str): ID of the device to associate with the access
-               token
+                token
+            valid_until_ms (int|None): when the token is valid until. None for
+                no expiry.
         Raises:
             StoreError if there was a problem adding this.
         """
@@ -694,7 +697,13 @@ class RegistrationStore(
 
         yield self._simple_insert(
             "access_tokens",
-            {"id": next_id, "user_id": user_id, "token": token, "device_id": device_id},
+            {
+                "id": next_id,
+                "user_id": user_id,
+                "token": token,
+                "device_id": device_id,
+                "valid_until_ms": valid_until_ms,
+            },
             desc="add_access_token_to_user",
         )
author	Richard van der Hoff <1389908+richvdh@users.noreply.github.com>	2019-07-12 17:26:02 +0100
committer	GitHub <noreply@github.com>	2019-07-12 17:26:02 +0100
commit	5f158ec039e4753959aad9b8d288b3d8cb4959a1 (patch)
tree	5365e3257124ee89e8ef0026ffc6dd5ef4b153fc /synapse/storage/registration.py
parent	fix typo: backgroud -> background (diff)
download	synapse-5f158ec039e4753959aad9b8d288b3d8cb4959a1.tar.xz