Allow re-using a UI auth validation for a period of time (#8970)

2025-05-07 23:55:05 -04:00 · 2020-12-18 07:33:57 -05:00 · 2020-12-18 07:33:57 -05:00 · 5d4c330ed9
commit 5d4c330ed9
parent 4136255d3c
10 changed files with 193 additions and 49 deletions
--- a/synapse/storage/databases/main/registration.py
+++ b/synapse/storage/databases/main/registration.py
@ -943,6 +943,42 @@ class RegistrationWorkerStore(CacheInvalidationWorkerStore):
            desc="del_user_pending_deactivation",
        )

+    async def get_access_token_last_validated(self, token_id: int) -> int:
+        """Retrieves the time (in milliseconds) of the last validation of an access token.
+
+        Args:
+            token_id: The ID of the access token to update.
+        Raises:
+            StoreError if the access token was not found.
+
+        Returns:
+            The last validation time.
+        """
+        result = await self.db_pool.simple_select_one_onecol(
+            "access_tokens", {"id": token_id}, "last_validated"
+        )
+
+        # If this token has not been validated (since starting to track this),
+        # return 0 instead of None.
+        return result or 0
+
+    async def update_access_token_last_validated(self, token_id: int) -> None:
+        """Updates the last time an access token was validated.
+
+        Args:
+            token_id: The ID of the access token to update.
+        Raises:
+            StoreError if there was a problem updating this.
+        """
+        now = self._clock.time_msec()
+
+        await self.db_pool.simple_update_one(
+            "access_tokens",
+            {"id": token_id},
+            {"last_validated": now},
+            desc="update_access_token_last_validated",
+        )
+

 class RegistrationBackgroundUpdateStore(RegistrationWorkerStore):
    def __init__(self, database: DatabasePool, db_conn: Connection, hs: "HomeServer"):
@ -1150,6 +1186,7 @@ class RegistrationStore(StatsStore, RegistrationBackgroundUpdateStore):
            The token ID
        """
        next_id = self._access_tokens_id_gen.get_next()
+        now = self._clock.time_msec()

        await self.db_pool.simple_insert(
            "access_tokens",
@ -1160,6 +1197,7 @@ class RegistrationStore(StatsStore, RegistrationBackgroundUpdateStore):
                "device_id": device_id,
                "valid_until_ms": valid_until_ms,
                "puppets_user_id": puppets_user_id,
+                "last_validated": now,
            },
            desc="add_access_token_to_user",
        )