Merge remote-tracking branch 'origin/develop' into store_event_actions

This commit is contained in:
David Baker 2016-01-05 18:39:50 +00:00
commit eb03625626
17 changed files with 139 additions and 74 deletions

View File

@ -1,6 +1,7 @@
Changes in synapse v0.12.0-rc4 (unreleased) Changes in synapse v0.12.0 (2016-01-04)
=========================================== =======================================
* Fix C-S API to expose ``/login`` under ``r0`` (PR #459)
* Expose ``/login`` under ``r0`` (PR #459)
Changes in synapse v0.12.0-rc3 (2015-12-23) Changes in synapse v0.12.0-rc3 (2015-12-23)
=========================================== ===========================================
@ -14,17 +15,15 @@ Changes in synapse v0.12.0-rc3 (2015-12-23)
* Add a ``display_name`` to third-party invites (PR #449) * Add a ``display_name`` to third-party invites (PR #449)
* Send more information to the identity server for third-party invites so that * Send more information to the identity server for third-party invites so that
it can send richer messages to the invitee (PR #446) it can send richer messages to the invitee (PR #446)
* Cache the responses to ``/initialSync`` for 5 minutes. If a client
* Cache the responses to ``/intialSync`` for 5 minutes. If a client
retries a request to ``/initialSync`` before the a response was computed retries a request to ``/initialSync`` before the a response was computed
to the first request then the same response is used for both requests to the first request then the same response is used for both requests
(PR #457) (PR #457)
* Fix a bug where synapse would always request the signing keys of * Fix a bug where synapse would always request the signing keys of
remote servers even when the key was cached locally (PR #452) remote servers even when the key was cached locally (PR #452)
* Fix 500 when pagination search results (PR #447) * Fix 500 when pagination search results (PR #447)
* Fix a bug where synapse was leaking raw email address in third-party invites * Fix a bug where synapse was leaking raw email address in third-party invites
(PR #448) (PR #448)
Changes in synapse v0.12.0-rc2 (2015-12-14) Changes in synapse v0.12.0-rc2 (2015-12-14)
=========================================== ===========================================

View File

@ -146,6 +146,10 @@ Note that these packages do not include a client - choose one from
https://matrix.org/blog/try-matrix-now/ (or build your own with https://matrix.org/blog/try-matrix-now/ (or build your own with
https://github.com/matrix-org/matrix-js-sdk/). https://github.com/matrix-org/matrix-js-sdk/).
Finally, Martin Giess has created an auto-deployment process with vagrant/ansible,
tested with VirtualBox/AWS/DigitalOcean - see https://github.com/EMnify/matrix-synapse-auto-deploy
for details.
To set up your homeserver, run (in your virtualenv, as before):: To set up your homeserver, run (in your virtualenv, as before)::
cd ~/.synapse cd ~/.synapse

View File

@ -16,4 +16,4 @@
""" This is a reference implementation of a Matrix home server. """ This is a reference implementation of a Matrix home server.
""" """
__version__ = "0.12.0-rc3" __version__ = "0.12.0"

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -583,7 +583,7 @@ class Auth(object):
AuthError if no user by that token exists or the token is invalid. AuthError if no user by that token exists or the token is invalid.
""" """
try: try:
ret = yield self._get_user_from_macaroon(token) ret = yield self.get_user_from_macaroon(token)
except AuthError: except AuthError:
# TODO(daniel): Remove this fallback when all existing access tokens # TODO(daniel): Remove this fallback when all existing access tokens
# have been re-issued as macaroons. # have been re-issued as macaroons.
@ -591,7 +591,7 @@ class Auth(object):
defer.returnValue(ret) defer.returnValue(ret)
@defer.inlineCallbacks @defer.inlineCallbacks
def _get_user_from_macaroon(self, macaroon_str): def get_user_from_macaroon(self, macaroon_str):
try: try:
macaroon = pymacaroons.Macaroon.deserialize(macaroon_str) macaroon = pymacaroons.Macaroon.deserialize(macaroon_str)
self.validate_macaroon(macaroon, "access", False) self.validate_macaroon(macaroon, "access", False)

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -55,8 +55,7 @@ class BaseHandler(object):
self.event_builder_factory = hs.get_event_builder_factory() self.event_builder_factory = hs.get_event_builder_factory()
@defer.inlineCallbacks @defer.inlineCallbacks
def _filter_events_for_client(self, user_id, events, is_guest=False, def _filter_events_for_client(self, user_id, events, is_guest=False):
require_all_visible_for_guests=True):
# Assumes that user has at some point joined the room if not is_guest. # Assumes that user has at some point joined the room if not is_guest.
def allowed(event, membership, visibility): def allowed(event, membership, visibility):
@ -117,17 +116,6 @@ class BaseHandler(object):
if should_include: if should_include:
events_to_return.append(event) events_to_return.append(event)
if (require_all_visible_for_guests
and is_guest
and len(events_to_return) < len(events)):
# This indicates that some events in the requested range were not
# visible to guest users. To be safe, we reject the entire request,
# so that we don't have to worry about interpreting visibility
# boundaries.
raise AuthError(403, "User %s does not have permission" % (
user_id
))
defer.returnValue(events_to_return) defer.returnValue(events_to_return)
def ratelimit(self, user_id): def ratelimit(self, user_id):

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -408,7 +408,7 @@ class AuthHandler(BaseHandler):
macaroon = pymacaroons.Macaroon.deserialize(login_token) macaroon = pymacaroons.Macaroon.deserialize(login_token)
auth_api = self.hs.get_auth() auth_api = self.hs.get_auth()
auth_api.validate_macaroon(macaroon, "login", True) auth_api.validate_macaroon(macaroon, "login", True)
return self._get_user_from_macaroon(macaroon) return self.get_user_from_macaroon(macaroon)
except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError): except (pymacaroons.exceptions.MacaroonException, TypeError, ValueError):
raise AuthError(401, "Invalid token", errcode=Codes.UNKNOWN_TOKEN) raise AuthError(401, "Invalid token", errcode=Codes.UNKNOWN_TOKEN)
@ -421,7 +421,7 @@ class AuthHandler(BaseHandler):
macaroon.add_first_party_caveat("user_id = %s" % (user_id,)) macaroon.add_first_party_caveat("user_id = %s" % (user_id,))
return macaroon return macaroon
def _get_user_from_macaroon(self, macaroon): def get_user_from_macaroon(self, macaroon):
user_prefix = "user_id = " user_prefix = "user_id = "
for caveat in macaroon.caveats: for caveat in macaroon.caveats:
if caveat.caveat_id.startswith(user_prefix): if caveat.caveat_id.startswith(user_prefix):

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -685,7 +685,7 @@ class MessageHandler(BaseHandler):
).addErrback(unwrapFirstError) ).addErrback(unwrapFirstError)
messages = yield self._filter_events_for_client( messages = yield self._filter_events_for_client(
user_id, messages, is_guest=is_guest, require_all_visible_for_guests=False user_id, messages, is_guest=is_guest,
) )
start_token = now_token.copy_and_replace("room_key", token[0]) start_token = now_token.copy_and_replace("room_key", token[0])

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -40,12 +40,13 @@ class RegistrationHandler(BaseHandler):
def __init__(self, hs): def __init__(self, hs):
super(RegistrationHandler, self).__init__(hs) super(RegistrationHandler, self).__init__(hs)
self.auth = hs.get_auth()
self.distributor = hs.get_distributor() self.distributor = hs.get_distributor()
self.distributor.declare("registered_user") self.distributor.declare("registered_user")
self.captcha_client = CaptchaServerHttpClient(hs) self.captcha_client = CaptchaServerHttpClient(hs)
@defer.inlineCallbacks @defer.inlineCallbacks
def check_username(self, localpart): def check_username(self, localpart, guest_access_token=None):
yield run_on_reactor() yield run_on_reactor()
if urllib.quote(localpart) != localpart: if urllib.quote(localpart) != localpart:
@ -62,14 +63,29 @@ class RegistrationHandler(BaseHandler):
users = yield self.store.get_users_by_id_case_insensitive(user_id) users = yield self.store.get_users_by_id_case_insensitive(user_id)
if users: if users:
raise SynapseError( if not guest_access_token:
400, raise SynapseError(
"User ID already taken.", 400,
errcode=Codes.USER_IN_USE, "User ID already taken.",
) errcode=Codes.USER_IN_USE,
)
user_data = yield self.auth.get_user_from_macaroon(guest_access_token)
if not user_data["is_guest"] or user_data["user"].localpart != localpart:
raise AuthError(
403,
"Cannot register taken user ID without valid guest "
"credentials for that user.",
errcode=Codes.FORBIDDEN,
)
@defer.inlineCallbacks @defer.inlineCallbacks
def register(self, localpart=None, password=None, generate_token=True): def register(
self,
localpart=None,
password=None,
generate_token=True,
guest_access_token=None
):
"""Registers a new client on the server. """Registers a new client on the server.
Args: Args:
@ -89,7 +105,7 @@ class RegistrationHandler(BaseHandler):
password_hash = self.auth_handler().hash(password) password_hash = self.auth_handler().hash(password)
if localpart: if localpart:
yield self.check_username(localpart) yield self.check_username(localpart, guest_access_token=guest_access_token)
user = UserID(localpart, self.hs.hostname) user = UserID(localpart, self.hs.hostname)
user_id = user.to_string() user_id = user.to_string()
@ -100,7 +116,8 @@ class RegistrationHandler(BaseHandler):
yield self.store.register( yield self.store.register(
user_id=user_id, user_id=user_id,
token=token, token=token,
password_hash=password_hash password_hash=password_hash,
was_guest=guest_access_token is not None,
) )
yield registered_user(self.distributor, user) yield registered_user(self.distributor, user)

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -115,6 +115,8 @@ class RoomCreationHandler(BaseHandler):
except: except:
raise SynapseError(400, "Invalid user_id: %s" % (i,)) raise SynapseError(400, "Invalid user_id: %s" % (i,))
invite_3pid_list = config.get("invite_3pid", [])
is_public = config.get("visibility", None) == "public" is_public = config.get("visibility", None) == "public"
if room_id: if room_id:
@ -220,6 +222,20 @@ class RoomCreationHandler(BaseHandler):
"content": {"membership": Membership.INVITE}, "content": {"membership": Membership.INVITE},
}, ratelimit=False) }, ratelimit=False)
for invite_3pid in invite_3pid_list:
id_server = invite_3pid["id_server"]
address = invite_3pid["address"]
medium = invite_3pid["medium"]
yield self.hs.get_handlers().room_member_handler.do_3pid_invite(
room_id,
user,
medium,
address,
id_server,
token_id=None,
txn_id=None,
)
result = {"room_id": room_id} result = {"room_id": room_id}
if room_alias: if room_alias:
@ -879,14 +895,12 @@ class RoomContextHandler(BaseHandler):
user.to_string(), user.to_string(),
results["events_before"], results["events_before"],
is_guest=is_guest, is_guest=is_guest,
require_all_visible_for_guests=False
) )
results["events_after"] = yield self._filter_events_for_client( results["events_after"] = yield self._filter_events_for_client(
user.to_string(), user.to_string(),
results["events_after"], results["events_after"],
is_guest=is_guest, is_guest=is_guest,
require_all_visible_for_guests=False
) )
if results["events_after"]: if results["events_after"]:

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2015 OpenMarket Ltd # Copyright 2015 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -118,7 +118,7 @@ class SyncResult(collections.namedtuple("SyncResult", [
events. events.
""" """
return bool( return bool(
self.presence or self.joined or self.invited self.presence or self.joined or self.invited or self.archived
) )
GuestRoom = collections.namedtuple("GuestRoom", ("room_id", "membership")) GuestRoom = collections.namedtuple("GuestRoom", ("room_id", "membership"))
@ -690,7 +690,6 @@ class SyncHandler(BaseHandler):
sync_config.user.to_string(), sync_config.user.to_string(),
loaded_recents, loaded_recents,
is_guest=sync_config.is_guest, is_guest=sync_config.is_guest,
require_all_visible_for_guests=False
) )
loaded_recents.extend(recents) loaded_recents.extend(recents)
recents = loaded_recents recents = loaded_recents

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -386,7 +386,6 @@ class Notifier(object):
user.to_string(), user.to_string(),
new_events, new_events,
is_guest=is_guest, is_guest=is_guest,
require_all_visible_for_guests=False
) )
events.extend(new_events) events.extend(new_events)

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2015 OpenMarket Ltd # Copyright 2015 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -119,8 +119,13 @@ class RegisterRestServlet(RestServlet):
if self.hs.config.disable_registration: if self.hs.config.disable_registration:
raise SynapseError(403, "Registration has been disabled") raise SynapseError(403, "Registration has been disabled")
guest_access_token = body.get("guest_access_token", None)
if desired_username is not None: if desired_username is not None:
yield self.registration_handler.check_username(desired_username) yield self.registration_handler.check_username(
desired_username,
guest_access_token=guest_access_token
)
if self.hs.config.enable_registration_captcha: if self.hs.config.enable_registration_captcha:
flows = [ flows = [
@ -150,7 +155,8 @@ class RegisterRestServlet(RestServlet):
(user_id, token) = yield self.registration_handler.register( (user_id, token) = yield self.registration_handler.register(
localpart=desired_username, localpart=desired_username,
password=new_password password=new_password,
guest_access_token=guest_access_token,
) )
if result and LoginType.EMAIL_IDENTITY in result: if result and LoginType.EMAIL_IDENTITY in result:

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -248,6 +248,7 @@ class ThumbnailResource(BaseMediaResource):
if desired_method.lower() == "crop": if desired_method.lower() == "crop":
info_list = [] info_list = []
info_list2 = []
for info in thumbnail_infos: for info in thumbnail_infos:
t_w = info["thumbnail_width"] t_w = info["thumbnail_width"]
t_h = info["thumbnail_height"] t_h = info["thumbnail_height"]
@ -258,12 +259,20 @@ class ThumbnailResource(BaseMediaResource):
size_quality = abs((d_w - t_w) * (d_h - t_h)) size_quality = abs((d_w - t_w) * (d_h - t_h))
type_quality = desired_type != info["thumbnail_type"] type_quality = desired_type != info["thumbnail_type"]
length_quality = info["thumbnail_length"] length_quality = info["thumbnail_length"]
info_list.append(( if t_w >= d_w or t_h >= d_h:
aspect_quality, min_quality, size_quality, type_quality, info_list.append((
length_quality, info aspect_quality, min_quality, size_quality, type_quality,
)) length_quality, info
))
else:
info_list2.append((
aspect_quality, min_quality, size_quality, type_quality,
length_quality, info
))
if info_list: if info_list:
return min(info_list)[-1] return min(info_list)[-1]
else:
return min(info_list2)[-1]
else: else:
info_list = [] info_list = []
info_list2 = [] info_list2 = []

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -25,7 +25,7 @@ logger = logging.getLogger(__name__)
# Remember to update this number every time a change is made to database # Remember to update this number every time a change is made to database
# schema files, so the users will be informed on server restarts. # schema files, so the users will be informed on server restarts.
SCHEMA_VERSION = 27 SCHEMA_VERSION = 28
dir_path = os.path.abspath(os.path.dirname(__file__)) dir_path = os.path.abspath(os.path.dirname(__file__))

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2014, 2015 OpenMarket Ltd # Copyright 2014 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -73,30 +73,39 @@ class RegistrationStore(SQLBaseStore):
) )
@defer.inlineCallbacks @defer.inlineCallbacks
def register(self, user_id, token, password_hash): def register(self, user_id, token, password_hash, was_guest=False):
"""Attempts to register an account. """Attempts to register an account.
Args: Args:
user_id (str): The desired user ID to register. user_id (str): The desired user ID to register.
token (str): The desired access token to use for this user. token (str): The desired access token to use for this user.
password_hash (str): Optional. The password hash for this user. password_hash (str): Optional. The password hash for this user.
was_guest (bool): Optional. Whether this is a guest account being
upgraded to a non-guest account.
Raises: Raises:
StoreError if the user_id could not be registered. StoreError if the user_id could not be registered.
""" """
yield self.runInteraction( yield self.runInteraction(
"register", "register",
self._register, user_id, token, password_hash self._register, user_id, token, password_hash, was_guest
) )
def _register(self, txn, user_id, token, password_hash): def _register(self, txn, user_id, token, password_hash, was_guest):
now = int(self.clock.time()) now = int(self.clock.time())
next_id = self._access_tokens_id_gen.get_next_txn(txn) next_id = self._access_tokens_id_gen.get_next_txn(txn)
try: try:
txn.execute("INSERT INTO users(name, password_hash, creation_ts) " if was_guest:
"VALUES (?,?,?)", txn.execute("UPDATE users SET"
[user_id, password_hash, now]) " password_hash = ?,"
" upgrade_ts = ?"
" WHERE name = ?",
[password_hash, now, user_id])
else:
txn.execute("INSERT INTO users(name, password_hash, creation_ts) "
"VALUES (?,?,?)",
[user_id, password_hash, now])
except self.database_engine.module.IntegrityError: except self.database_engine.module.IntegrityError:
raise StoreError( raise StoreError(
400, "User ID already taken.", errcode=Codes.USER_IN_USE 400, "User ID already taken.", errcode=Codes.USER_IN_USE

View File

@ -0,0 +1,21 @@
/* Copyright 2016 OpenMarket Ltd
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/*
* Stores the timestamp when a user upgraded from a guest to a full user, if
* that happened.
*/
ALTER TABLE users ADD COLUMN upgrade_ts BIGINT;

View File

@ -1,5 +1,5 @@
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# Copyright 2015 OpenMarket Ltd # Copyright 2015 - 2016 OpenMarket Ltd
# #
# Licensed under the Apache License, Version 2.0 (the "License"); # Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License. # you may not use this file except in compliance with the License.
@ -154,7 +154,7 @@ class AuthTestCase(unittest.TestCase):
macaroon.add_first_party_caveat("gen = 1") macaroon.add_first_party_caveat("gen = 1")
macaroon.add_first_party_caveat("type = access") macaroon.add_first_party_caveat("type = access")
macaroon.add_first_party_caveat("user_id = %s" % (user_id,)) macaroon.add_first_party_caveat("user_id = %s" % (user_id,))
user_info = yield self.auth._get_user_from_macaroon(macaroon.serialize()) user_info = yield self.auth.get_user_from_macaroon(macaroon.serialize())
user = user_info["user"] user = user_info["user"]
self.assertEqual(UserID.from_string(user_id), user) self.assertEqual(UserID.from_string(user_id), user)
@ -171,7 +171,7 @@ class AuthTestCase(unittest.TestCase):
macaroon.add_first_party_caveat("guest = true") macaroon.add_first_party_caveat("guest = true")
serialized = macaroon.serialize() serialized = macaroon.serialize()
user_info = yield self.auth._get_user_from_macaroon(serialized) user_info = yield self.auth.get_user_from_macaroon(serialized)
user = user_info["user"] user = user_info["user"]
is_guest = user_info["is_guest"] is_guest = user_info["is_guest"]
self.assertEqual(UserID.from_string(user_id), user) self.assertEqual(UserID.from_string(user_id), user)
@ -192,7 +192,7 @@ class AuthTestCase(unittest.TestCase):
macaroon.add_first_party_caveat("type = access") macaroon.add_first_party_caveat("type = access")
macaroon.add_first_party_caveat("user_id = %s" % (user,)) macaroon.add_first_party_caveat("user_id = %s" % (user,))
with self.assertRaises(AuthError) as cm: with self.assertRaises(AuthError) as cm:
yield self.auth._get_user_from_macaroon(macaroon.serialize()) yield self.auth.get_user_from_macaroon(macaroon.serialize())
self.assertEqual(401, cm.exception.code) self.assertEqual(401, cm.exception.code)
self.assertIn("User mismatch", cm.exception.msg) self.assertIn("User mismatch", cm.exception.msg)
@ -212,7 +212,7 @@ class AuthTestCase(unittest.TestCase):
macaroon.add_first_party_caveat("type = access") macaroon.add_first_party_caveat("type = access")
with self.assertRaises(AuthError) as cm: with self.assertRaises(AuthError) as cm:
yield self.auth._get_user_from_macaroon(macaroon.serialize()) yield self.auth.get_user_from_macaroon(macaroon.serialize())
self.assertEqual(401, cm.exception.code) self.assertEqual(401, cm.exception.code)
self.assertIn("No user caveat", cm.exception.msg) self.assertIn("No user caveat", cm.exception.msg)
@ -234,7 +234,7 @@ class AuthTestCase(unittest.TestCase):
macaroon.add_first_party_caveat("user_id = %s" % (user,)) macaroon.add_first_party_caveat("user_id = %s" % (user,))
with self.assertRaises(AuthError) as cm: with self.assertRaises(AuthError) as cm:
yield self.auth._get_user_from_macaroon(macaroon.serialize()) yield self.auth.get_user_from_macaroon(macaroon.serialize())
self.assertEqual(401, cm.exception.code) self.assertEqual(401, cm.exception.code)
self.assertIn("Invalid macaroon", cm.exception.msg) self.assertIn("Invalid macaroon", cm.exception.msg)
@ -257,7 +257,7 @@ class AuthTestCase(unittest.TestCase):
macaroon.add_first_party_caveat("cunning > fox") macaroon.add_first_party_caveat("cunning > fox")
with self.assertRaises(AuthError) as cm: with self.assertRaises(AuthError) as cm:
yield self.auth._get_user_from_macaroon(macaroon.serialize()) yield self.auth.get_user_from_macaroon(macaroon.serialize())
self.assertEqual(401, cm.exception.code) self.assertEqual(401, cm.exception.code)
self.assertIn("Invalid macaroon", cm.exception.msg) self.assertIn("Invalid macaroon", cm.exception.msg)
@ -285,11 +285,11 @@ class AuthTestCase(unittest.TestCase):
self.hs.clock.now = 5000 # seconds self.hs.clock.now = 5000 # seconds
yield self.auth._get_user_from_macaroon(macaroon.serialize()) yield self.auth.get_user_from_macaroon(macaroon.serialize())
# TODO(daniel): Turn on the check that we validate expiration, when we # TODO(daniel): Turn on the check that we validate expiration, when we
# validate expiration (and remove the above line, which will start # validate expiration (and remove the above line, which will start
# throwing). # throwing).
# with self.assertRaises(AuthError) as cm: # with self.assertRaises(AuthError) as cm:
# yield self.auth._get_user_from_macaroon(macaroon.serialize()) # yield self.auth.get_user_from_macaroon(macaroon.serialize())
# self.assertEqual(401, cm.exception.code) # self.assertEqual(401, cm.exception.code)
# self.assertIn("Invalid macaroon", cm.exception.msg) # self.assertIn("Invalid macaroon", cm.exception.msg)