Matrix-Mirrors/synapse-product
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse-product.git synced 2025-10-10 00:48:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

Stabilise support for MSC2918 refresh tokens as they have now been merged into the Matrix specification. (#11435)

Browse source
This commit is contained in:
reivilibre 2021-12-06 19:11:43 +00:00 committed by GitHub
parent a15a893df8
commit 2f053f3f82
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 115 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

38
synapse/config/registration.py
View file

@ -220,6 +220,44 @@ class RegistrationConfig(Config):
#
#session_lifetime: 24h
# Time that an access token remains valid for, if the session is
# using refresh tokens.
# For more information about refresh tokens, please see the manual.
# Note that this only applies to clients which advertise support for
# refresh tokens.
#
# Note also that this is calculated at login time and refresh time:
# changes are not applied to existing sessions until they are refreshed.
#
# By default, this is 5 minutes.
#
#refreshable_access_token_lifetime: 5m
# Time that a refresh token remains valid for (provided that it is not
# exchanged for another one first).
# This option can be used to automatically log-out inactive sessions.
# Please see the manual for more information.
#
# Note also that this is calculated at login time and refresh time:
# changes are not applied to existing sessions until they are refreshed.
#
# By default, this is infinite.
#
#refresh_token_lifetime: 24h
# Time that an access token remains valid for, if the session is NOT
# using refresh tokens.
# Please note that not all clients support refresh tokens, so setting
# this to a short value may be inconvenient for some users who will
# then be logged out frequently.
#
# Note also that this is calculated at login time: changes are not applied
# retrospectively to existing sessions for users that have already logged in.
#
# By default, this is infinite.
#
#nonrefreshable_access_token_lifetime: 24h
# The user must provide all of the below types of 3PID when registering.
#
#registrations_require_3pid:

29
synapse/rest/client/login.py
View file

@ -72,7 +72,7 @@ class LoginRestServlet(RestServlet):
JWT_TYPE_DEPRECATED = "m.login.jwt"
APPSERVICE_TYPE = "m.login.application_service"
APPSERVICE_TYPE_UNSTABLE = "uk.half-shot.msc2778.login.application_service"
REFRESH_TOKEN_PARAM = "org.matrix.msc2918.refresh_token"
REFRESH_TOKEN_PARAM = "refresh_token"
def __init__(self, hs: "HomeServer"):
super().__init__()
@ -90,7 +90,7 @@ class LoginRestServlet(RestServlet):
self.saml2_enabled = hs.config.saml2.saml2_enabled
self.cas_enabled = hs.config.cas.cas_enabled
self.oidc_enabled = hs.config.oidc.oidc_enabled
self._msc2918_enabled = (
self._refresh_tokens_enabled = (
hs.config.registration.refreshable_access_token_lifetime is not None
)
@ -163,17 +163,16 @@ class LoginRestServlet(RestServlet):
async def on_POST(self, request: SynapseRequest) -> Tuple[int, LoginResponse]:
login_submission = parse_json_object_from_request(request)
if self._msc2918_enabled:
# Check if this login should also issue a refresh token, as per MSC2918
should_issue_refresh_token = login_submission.get(
"org.matrix.msc2918.refresh_token", False
)
if not isinstance(should_issue_refresh_token, bool):
raise SynapseError(
400, "`org.matrix.msc2918.refresh_token` should be true or false."
)
else:
should_issue_refresh_token = False
# Check to see if the client requested a refresh token.
client_requested_refresh_token = login_submission.get(
LoginRestServlet.REFRESH_TOKEN_PARAM, False
)
if not isinstance(client_requested_refresh_token, bool):
raise SynapseError(400, "`refresh_token` should be true or false.")
should_issue_refresh_token = (
self._refresh_tokens_enabled and client_requested_refresh_token
)
try:
if login_submission["type"] in (
@ -463,9 +462,7 @@ def _get_auth_flow_dict_for_idp(idp: SsoIdentityProvider) -> JsonDict:
class RefreshTokenServlet(RestServlet):
PATTERNS = client_patterns(
"/org.matrix.msc2918.refresh_token/refresh$", releases=(), unstable=True
)
PATTERNS = (re.compile("^/_matrix/client/v1/refresh$"),)
def __init__(self, hs: "HomeServer"):
self._auth_handler = hs.get_auth_handler()

23
synapse/rest/client/register.py
View file

@ -419,7 +419,7 @@ class RegisterRestServlet(RestServlet):
self.password_policy_handler = hs.get_password_policy_handler()
self.clock = hs.get_clock()
self._registration_enabled = self.hs.config.registration.enable_registration
self._msc2918_enabled = (
self._refresh_tokens_enabled = (
hs.config.registration.refreshable_access_token_lifetime is not None
)
@ -445,18 +445,15 @@ class RegisterRestServlet(RestServlet):
f"Do not understand membership kind: {kind}",
)
if self._msc2918_enabled:
# Check if this registration should also issue a refresh token, as
# per MSC2918
should_issue_refresh_token = body.get(
"org.matrix.msc2918.refresh_token", False
)
if not isinstance(should_issue_refresh_token, bool):
raise SynapseError(
400, "`org.matrix.msc2918.refresh_token` should be true or false."
)
else:
should_issue_refresh_token = False
# Check if the clients wishes for this registration to issue a refresh
# token.
client_requested_refresh_tokens = body.get("refresh_token", False)
if not isinstance(client_requested_refresh_tokens, bool):
raise SynapseError(400, "`refresh_token` should be true or false.")
should_issue_refresh_token = (
self._refresh_tokens_enabled and client_requested_refresh_tokens
)
# Pull out the provided username and do basic sanity checks early since
# the auth layer will store these in sessions.