Add account expiration feature

2025-05-02 22:14:55 -04:00 · 2019-04-08 17:10:55 +01:00 · 2019-04-08 17:10:55 +01:00 · 747aa9f8ca
commit 747aa9f8ca
parent 35442efb75
10 changed files with 144 additions and 4 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -64,6 +64,8 @@ class Auth(object):
        self.token_cache = LruCache(CACHE_SIZE_FACTOR * 10000)
        register_cache("cache", "token_cache", self.token_cache)

+        self._account_validity = hs.config.account_validity
+
    @defer.inlineCallbacks
    def check_from_context(self, room_version, event, context, do_sig_check=True):
        prev_state_ids = yield context.get_prev_state_ids(self.store)
@ -226,6 +228,16 @@ class Auth(object):
            token_id = user_info["token_id"]
            is_guest = user_info["is_guest"]

+            # Deny the request if the user account has expired.
+            if self._account_validity.enabled:
+                expiration_ts = yield self.store.get_expiration_ts_for_user(user)
+                if self.clock.time_msec() >= expiration_ts:
+                    raise AuthError(
+                        403,
+                        "User account has expired",
+                        errcode=Codes.EXPIRED_ACCOUNT,
+                    )
+
            # device_id may not be present if get_user_by_access_token has been
            # stubbed out.
            device_id = user_info.get("device_id")