diff options
| author | Richard van der Hoff <richard@matrix.org> | 2016-11-28 09:55:21 +0000 |
|---|---|---|
| committer | Richard van der Hoff <richard@matrix.org> | 2016-11-29 16:49:41 +0000 |
| commit | 1c4f05db41eab20f8be4ac2dac0f7e86b0b7e1fd (patch) | |
| tree | 1aa5d1b54239c730c32cab8d05abf405cd6e2ff9 /tests/handlers/test_auth.py | |
| parent | Merge pull request #1655 from matrix-org/rav/remove_redundant_macaroon_checks (diff) | |
| download | synapse-1c4f05db41eab20f8be4ac2dac0f7e86b0b7e1fd.tar.xz | |
Stop putting a time caveat on access tokens
The 'time' caveat on the access tokens was something of a lie, since we weren't enforcing it; more pertinently its presence stops us ever adding useful time caveats. Let's move in the right direction by not lying in our caveats.
Diffstat (limited to 'tests/handlers/test_auth.py')
| -rw-r--r-- | tests/handlers/test_auth.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/handlers/test_auth.py b/tests/handlers/test_auth.py index 4a8cd19acf..9d013e5ca7 100644 --- a/tests/handlers/test_auth.py +++ b/tests/handlers/test_auth.py @@ -61,14 +61,14 @@ class AuthTestCase(unittest.TestCase): def verify_type(caveat): return caveat == "type = access" - def verify_expiry(caveat): - return caveat == "time < 8600000" + def verify_nonce(caveat): + return caveat.startswith("nonce =") v = pymacaroons.Verifier() v.satisfy_general(verify_gen) v.satisfy_general(verify_user) v.satisfy_general(verify_type) - v.satisfy_general(verify_expiry) + v.satisfy_general(verify_nonce) v.verify(macaroon, self.hs.config.macaroon_secret_key) def test_short_term_login_token_gives_user_id(self): |