mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2025-07-22 09:20:35 -04:00
Add ability for access tokens to belong to one user but grant access to another user. (#8616)
We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't). A future PR will add an API for creating such a token. When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
This commit is contained in:
parent
22eeb6bc54
commit
f21e24ffc2
22 changed files with 197 additions and 138 deletions
|
@ -69,11 +69,9 @@ class RegistrationStoreTestCase(unittest.TestCase):
|
|||
self.store.get_user_by_access_token(self.tokens[1])
|
||||
)
|
||||
|
||||
self.assertDictContainsSubset(
|
||||
{"name": self.user_id, "device_id": self.device_id}, result
|
||||
)
|
||||
|
||||
self.assertTrue("token_id" in result)
|
||||
self.assertEqual(result.user_id, self.user_id)
|
||||
self.assertEqual(result.device_id, self.device_id)
|
||||
self.assertIsNotNone(result.token_id)
|
||||
|
||||
@defer.inlineCallbacks
|
||||
def test_user_delete_access_tokens(self):
|
||||
|
@ -105,7 +103,7 @@ class RegistrationStoreTestCase(unittest.TestCase):
|
|||
user = yield defer.ensureDeferred(
|
||||
self.store.get_user_by_access_token(self.tokens[0])
|
||||
)
|
||||
self.assertEqual(self.user_id, user["name"])
|
||||
self.assertEqual(self.user_id, user.user_id)
|
||||
|
||||
# now delete the rest
|
||||
yield defer.ensureDeferred(self.store.user_delete_access_tokens(self.user_id))
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue