Move access token deletion into auth handler

Also move duplicated deactivation code into the auth handler. I want to add some hooks when we deactivate an access token, so let's bring it all in here so that there's somewhere to put it.
2025-11-14 22:50:44 -05:00 · 2017-11-01 10:29:34 +00:00 · 2017-11-01 10:29:34 +00:00 · dd13310fb8
commit dd13310fb8
parent a72e4e3e28
6 changed files with 62 additions and 27 deletions
--- a/synapse/rest/client/v1/admin.py
+++ b/synapse/rest/client/v1/admin.py
@ -137,7 +137,7 @@ class DeactivateAccountRestServlet(ClientV1RestServlet):
    PATTERNS = client_path_patterns("/admin/deactivate/(?P<target_user_id>[^/]*)")

    def __init__(self, hs):
-        self.store = hs.get_datastore()
+        self._auth_handler = hs.get_auth_handler()
        super(DeactivateAccountRestServlet, self).__init__(hs)

    @defer.inlineCallbacks
@ -149,12 +149,7 @@ class DeactivateAccountRestServlet(ClientV1RestServlet):
        if not is_admin:
            raise AuthError(403, "You are not a server admin")

-        # FIXME: Theoretically there is a race here wherein user resets password
-        # using threepid.
-        yield self.store.user_delete_access_tokens(target_user_id)
-        yield self.store.user_delete_threepids(target_user_id)
-        yield self.store.user_set_password_hash(target_user_id, None)
-
+        yield self._auth_handler.deactivate_account(target_user_id)
        defer.returnValue((200, {}))


--- a/synapse/rest/client/v1/logout.py
+++ b/synapse/rest/client/v1/logout.py
@ -30,7 +30,7 @@ class LogoutRestServlet(ClientV1RestServlet):

    def __init__(self, hs):
        super(LogoutRestServlet, self).__init__(hs)
-        self.store = hs.get_datastore()
+        self._auth_handler = hs.get_auth_handler()

    def on_OPTIONS(self, request):
        return (200, {})
@ -38,7 +38,7 @@ class LogoutRestServlet(ClientV1RestServlet):
    @defer.inlineCallbacks
    def on_POST(self, request):
        access_token = get_access_token_from_request(request)
-        yield self.store.delete_access_token(access_token)
+        yield self._auth_handler.delete_access_token(access_token)
        defer.returnValue((200, {}))


@ -47,8 +47,8 @@ class LogoutAllRestServlet(ClientV1RestServlet):

    def __init__(self, hs):
        super(LogoutAllRestServlet, self).__init__(hs)
-        self.store = hs.get_datastore()
        self.auth = hs.get_auth()
+        self._auth_handler = hs.get_auth_handler()

    def on_OPTIONS(self, request):
        return (200, {})
@ -57,7 +57,7 @@ class LogoutAllRestServlet(ClientV1RestServlet):
    def on_POST(self, request):
        requester = yield self.auth.get_user_by_req(request)
        user_id = requester.user.to_string()
-        yield self.store.user_delete_access_tokens(user_id)
+        yield self._auth_handler.delete_access_tokens_for_user(user_id)
        defer.returnValue((200, {}))