synapse.api.auth.Auth cleanup: make permission-related methods use Requester instead of the UserID (#13024)

Part of #13019 This changes all the permission-related methods to rely on the Requester instead of the UserID. This is a first step towards enabling scoped access tokens at some point, since I expect the Requester to have scope-related informations in it. It also changes methods which figure out the user/device/appservice out of the access token to return a Requester instead of something else. This avoids having store-related objects in the methods signatures.
2025-05-02 22:14:55 -04:00 · 2022-08-22 15:17:59 +02:00 · 2022-08-22 15:17:59 +02:00 · 3dd175b628
commit 3dd175b628
parent 94375f7a91
26 changed files with 202 additions and 207 deletions
--- a/tests/api/test_auth.py
+++ b/tests/api/test_auth.py
@ -284,10 +284,13 @@ class AuthTestCase(unittest.HomeserverTestCase):
            TokenLookupResult(
                user_id="@baldrick:matrix.org",
                device_id="device",
+                token_id=5,
                token_owner="@admin:matrix.org",
+                token_used=True,
            )
        )
        self.store.insert_client_ip = simple_async_mock(None)
+        self.store.mark_access_token_as_used = simple_async_mock(None)
        request = Mock(args={})
        request.getClientAddress.return_value.host = "127.0.0.1"
        request.args[b"access_token"] = [self.test_token]
@ -301,10 +304,13 @@ class AuthTestCase(unittest.HomeserverTestCase):
            TokenLookupResult(
                user_id="@baldrick:matrix.org",
                device_id="device",
+                token_id=5,
                token_owner="@admin:matrix.org",
+                token_used=True,
            )
        )
        self.store.insert_client_ip = simple_async_mock(None)
+        self.store.mark_access_token_as_used = simple_async_mock(None)
        request = Mock(args={})
        request.getClientAddress.return_value.host = "127.0.0.1"
        request.args[b"access_token"] = [self.test_token]
@ -347,7 +353,7 @@ class AuthTestCase(unittest.HomeserverTestCase):
        serialized = macaroon.serialize()

        user_info = self.get_success(self.auth.get_user_by_access_token(serialized))
-        self.assertEqual(user_id, user_info.user_id)
+        self.assertEqual(user_id, user_info.user.to_string())
        self.assertTrue(user_info.is_guest)
        self.store.get_user_by_id.assert_called_with(user_id)