Stop generating refresh tokens

Since we're not doing refresh tokens any more, we should start killing off the dead code paths. /tokenrefresh itself is a bit of a thornier subject, since there might be apps out there using it, but we can at least not generate refresh tokens on new logins.
2025-05-02 12:06:08 -04:00 · 2016-11-28 09:52:02 +00:00 · 2016-11-28 09:52:02 +00:00 · 5c4edc83b5
commit 5c4edc83b5
parent b6146537d2
4 changed files with 20 additions and 45 deletions
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -380,12 +380,10 @@ class AuthHandler(BaseHandler):
        return self._check_password(user_id, password)

    @defer.inlineCallbacks
-    def get_login_tuple_for_user_id(self, user_id, device_id=None,
-                                    initial_display_name=None):
+    def get_access_token_for_user_id(self, user_id, device_id=None,
+                                     initial_display_name=None):
        """
-        Gets login tuple for the user with the given user ID.
-
-        Creates a new access/refresh token for the user.
+        Creates a new access token for the user with the given user ID.

        The user is assumed to have been authenticated by some other
        machanism (e.g. CAS), and the user_id converted to the canonical case.
@ -400,16 +398,13 @@ class AuthHandler(BaseHandler):
            initial_display_name (str): display name to associate with the
               device if it needs re-registering
        Returns:
-            A tuple of:
              The access token for the user's session.
-              The refresh token for the user's session.
        Raises:
            StoreError if there was a problem storing the token.
            LoginError if there was an authentication problem.
        """
        logger.info("Logging in user %s on device %s", user_id, device_id)
        access_token = yield self.issue_access_token(user_id, device_id)
-        refresh_token = yield self.issue_refresh_token(user_id, device_id)

        # the device *should* have been registered before we got here; however,
        # it's possible we raced against a DELETE operation. The thing we
@ -420,7 +415,7 @@ class AuthHandler(BaseHandler):
                user_id, device_id, initial_display_name
            )

-        defer.returnValue((access_token, refresh_token))
+        defer.returnValue(access_token)

    @defer.inlineCallbacks
    def check_user_exists(self, user_id):
@ -531,13 +526,6 @@ class AuthHandler(BaseHandler):
                                                  device_id)
        defer.returnValue(access_token)

-    @defer.inlineCallbacks
-    def issue_refresh_token(self, user_id, device_id=None):
-        refresh_token = self.generate_refresh_token(user_id)
-        yield self.store.add_refresh_token_to_user(user_id, refresh_token,
-                                                   device_id)
-        defer.returnValue(refresh_token)
-
    def generate_access_token(self, user_id, extra_caveats=None,
                              duration_in_ms=(60 * 60 * 1000)):
        extra_caveats = extra_caveats or []