summary refs log tree commit diff
path: root/tests/handlers/test_auth.py
diff options
context:
space:
mode:
authorRichard van der Hoff <richard@matrix.org>2016-11-28 09:55:21 +0000
committerRichard van der Hoff <richard@matrix.org>2016-11-29 16:49:41 +0000
commit1c4f05db41eab20f8be4ac2dac0f7e86b0b7e1fd (patch)
tree1aa5d1b54239c730c32cab8d05abf405cd6e2ff9 /tests/handlers/test_auth.py
parentMerge pull request #1655 from matrix-org/rav/remove_redundant_macaroon_checks (diff)
downloadsynapse-1c4f05db41eab20f8be4ac2dac0f7e86b0b7e1fd.tar.xz
Stop putting a time caveat on access tokens
The 'time' caveat on the access tokens was something of a lie, since we weren't
enforcing it; more pertinently its presence stops us ever adding useful time
caveats.

Let's move in the right direction by not lying in our caveats.
Diffstat (limited to 'tests/handlers/test_auth.py')
-rw-r--r--tests/handlers/test_auth.py6
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/handlers/test_auth.py b/tests/handlers/test_auth.py
index 4a8cd19acf..9d013e5ca7 100644
--- a/tests/handlers/test_auth.py
+++ b/tests/handlers/test_auth.py
@@ -61,14 +61,14 @@ class AuthTestCase(unittest.TestCase):
         def verify_type(caveat):
             return caveat == "type = access"
 
-        def verify_expiry(caveat):
-            return caveat == "time < 8600000"
+        def verify_nonce(caveat):
+            return caveat.startswith("nonce =")
 
         v = pymacaroons.Verifier()
         v.satisfy_general(verify_gen)
         v.satisfy_general(verify_user)
         v.satisfy_general(verify_type)
-        v.satisfy_general(verify_expiry)
+        v.satisfy_general(verify_nonce)
         v.verify(macaroon, self.hs.config.macaroon_secret_key)
 
     def test_short_term_login_token_gives_user_id(self):