forked-synapse/synapse/rest
Quentin Gliech fe1daad672
Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986)
This simplifies the access token verification logic by removing the `rights`
parameter which was only ever used for the unsubscribe link in email
notifications. The latter has been moved under the `/_synapse` namespace,
since it is not a standard API.

This also makes the email verification link more secure, by embedding the
app_id and pushkey in the macaroon and verifying it. This prevents the user
from tampering the query parameters of that unsubscribe link.

Macaroon generation is refactored:

- Centralised all macaroon generation and verification logic to the
  `MacaroonGenerator`
- Moved to `synapse.utils`
- Changed the constructor to require only a `Clock`, hostname, and a secret key
  (instead of a full `Homeserver`).
- Added tests for all methods.
2022-06-14 09:12:08 -04:00
..
admin Fix Synapse git info missing in version strings (#12973) 2022-06-07 15:24:11 +01:00
client Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
consent Remove HomeServer.get_datastore() (#12031) 2022-02-23 11:04:02 +00:00
key Fix typechecker problems exposed by signedjson 1.1.2 (#12326) 2022-03-29 21:37:50 +00:00
media Uniformize spam-checker API, part 4: port other spam-checker callbacks to return Union[Allow, Codes]. (#12857) 2022-06-13 18:16:16 +00:00
synapse Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
__init__.py Remove user-visible groups/communities code (#12553) 2022-05-25 07:53:40 -04:00
health.py Add missing type hints to non-client REST servlets. (#10817) 2021-09-15 08:45:32 -04:00
well_known.py Default value for public_baseurl (#11210) 2021-11-08 14:13:10 +00:00