mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-10-01 08:25:44 -04:00
Comments
Update comments in verify_macaroon
This commit is contained in:
parent
1c4f05db41
commit
4febfe47f0
@ -790,9 +790,6 @@ class Auth(object):
|
|||||||
type_string(str): The kind of token required (e.g. "access", "refresh",
|
type_string(str): The kind of token required (e.g. "access", "refresh",
|
||||||
"delete_pusher")
|
"delete_pusher")
|
||||||
verify_expiry(bool): Whether to verify whether the macaroon has expired.
|
verify_expiry(bool): Whether to verify whether the macaroon has expired.
|
||||||
This should really always be True, but there exist access tokens
|
|
||||||
in the wild which expire when they should not, so we can't
|
|
||||||
enforce expiry yet.
|
|
||||||
user_id (str): The user_id required
|
user_id (str): The user_id required
|
||||||
"""
|
"""
|
||||||
v = pymacaroons.Verifier()
|
v = pymacaroons.Verifier()
|
||||||
@ -805,6 +802,15 @@ class Auth(object):
|
|||||||
v.satisfy_exact("type = " + type_string)
|
v.satisfy_exact("type = " + type_string)
|
||||||
v.satisfy_exact("user_id = %s" % user_id)
|
v.satisfy_exact("user_id = %s" % user_id)
|
||||||
v.satisfy_exact("guest = true")
|
v.satisfy_exact("guest = true")
|
||||||
|
|
||||||
|
# verify_expiry should really always be True, but there exist access
|
||||||
|
# tokens in the wild which expire when they should not, so we can't
|
||||||
|
# enforce expiry yet (so we have to allow any caveat starting with
|
||||||
|
# 'time < ' in access tokens).
|
||||||
|
#
|
||||||
|
# On the other hand, short-term login tokens (as used by CAS login, for
|
||||||
|
# example) have an expiry time which we do want to enforce.
|
||||||
|
|
||||||
if verify_expiry:
|
if verify_expiry:
|
||||||
v.satisfy_general(self._verify_expiry)
|
v.satisfy_general(self._verify_expiry)
|
||||||
else:
|
else:
|
||||||
|
Loading…
Reference in New Issue
Block a user