Implement access token expiry (#5660)

Record how long an access token is valid for, and raise a soft-logout once it expires.
2025-05-02 10:56:06 -04:00 · 2019-07-12 17:26:02 +01:00 · 2019-07-12 17:26:02 +01:00 · 5f158ec039
commit 5f158ec039
parent 24aa0e0a5b
14 changed files with 255 additions and 33 deletions
--- a/tests/handlers/test_auth.py
+++ b/tests/handlers/test_auth.py
@ -117,7 +117,9 @@ class AuthTestCase(unittest.TestCase):
    def test_mau_limits_disabled(self):
        self.hs.config.limit_usage_by_mau = False
        # Ensure does not throw exception
-        yield self.auth_handler.get_access_token_for_user_id("user_a")
+        yield self.auth_handler.get_access_token_for_user_id(
+            "user_a", device_id=None, valid_until_ms=None
+        )

        yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
            self._get_macaroon().serialize()
@ -131,7 +133,9 @@ class AuthTestCase(unittest.TestCase):
        )

        with self.assertRaises(ResourceLimitError):
-            yield self.auth_handler.get_access_token_for_user_id("user_a")
+            yield self.auth_handler.get_access_token_for_user_id(
+                "user_a", device_id=None, valid_until_ms=None
+            )

        self.hs.get_datastore().get_monthly_active_count = Mock(
            return_value=defer.succeed(self.large_number_of_users)
@ -150,7 +154,9 @@ class AuthTestCase(unittest.TestCase):
            return_value=defer.succeed(self.hs.config.max_mau_value)
        )
        with self.assertRaises(ResourceLimitError):
-            yield self.auth_handler.get_access_token_for_user_id("user_a")
+            yield self.auth_handler.get_access_token_for_user_id(
+                "user_a", device_id=None, valid_until_ms=None
+            )

        self.hs.get_datastore().get_monthly_active_count = Mock(
            return_value=defer.succeed(self.hs.config.max_mau_value)
@ -166,7 +172,9 @@ class AuthTestCase(unittest.TestCase):
        self.hs.get_datastore().get_monthly_active_count = Mock(
            return_value=defer.succeed(self.hs.config.max_mau_value)
        )
-        yield self.auth_handler.get_access_token_for_user_id("user_a")
+        yield self.auth_handler.get_access_token_for_user_id(
+            "user_a", device_id=None, valid_until_ms=None
+        )
        self.hs.get_datastore().user_last_seen_monthly_active = Mock(
            return_value=defer.succeed(self.hs.get_clock().time_msec())
        )
@ -185,7 +193,9 @@ class AuthTestCase(unittest.TestCase):
            return_value=defer.succeed(self.small_number_of_users)
        )
        # Ensure does not raise exception
-        yield self.auth_handler.get_access_token_for_user_id("user_a")
+        yield self.auth_handler.get_access_token_for_user_id(
+            "user_a", device_id=None, valid_until_ms=None
+        )

        self.hs.get_datastore().get_monthly_active_count = Mock(
            return_value=defer.succeed(self.small_number_of_users)