Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-02 12:26:02 -04:00
Code Issues Projects Releases Packages Wiki Activity

Stop putting a time caveat on access tokens

Browse source 
The 'time' caveat on the access tokens was something of a lie, since we weren't
enforcing it; more pertinently its presence stops us ever adding useful time
caveats.

Let's move in the right direction by not lying in our caveats.
This commit is contained in:
Richard van der Hoff 2016-11-28 09:55:21 +00:00
parent b6146537d2
commit 1c4f05db41
7 changed files with 17 additions and 33 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/handlers/test_auth.py
View file

@ -61,14 +61,14 @@ class AuthTestCase(unittest.TestCase):
def verify_type(caveat):
return caveat == "type = access"
def verify_expiry(caveat):
return caveat == "time < 8600000"
def verify_nonce(caveat):
return caveat.startswith("nonce =")
v = pymacaroons.Verifier()
v.satisfy_general(verify_gen)
v.satisfy_general(verify_user)
v.satisfy_general(verify_type)
v.satisfy_general(verify_expiry)
v.satisfy_general(verify_nonce)
v.verify(macaroon, self.hs.config.macaroon_secret_key)
def test_short_term_login_token_gives_user_id(self):