Commit Graph

69 Commits

Author SHA1 Message Date
Negi Fazeli
40aa6e8349 Create user with expiry
- Add unittests for client, api and handler

Signed-off-by: Negar Fazeli <negar.fazeli@ericsson.com>
2016-05-13 15:34:15 +02:00
Erik Johnston
6fd2f685fe Simplify _check_password 2016-04-15 11:17:18 +01:00
Mark Haines
3c79bdd7a0 Fix check_password rather than inverting the meaning of _check_local_password (#730) 2016-04-14 19:00:21 +01:00
David Baker
4c1b32d7e2 Fix login to error for nonexistent users
Fixes SYN-680
2016-04-14 18:28:42 +01:00
Christoph Witzany
ed4d18f516 fix check for failed authentication 2016-04-06 18:30:11 +02:00
Christoph Witzany
9c62fcdb68 remove line 2016-04-06 18:23:46 +02:00
Christoph Witzany
27a0c21c38 make tests for ldap more specific to not be fooled by Mocks 2016-04-06 18:23:46 +02:00
Christoph Witzany
3555a659ec output ldap version for info and to pacify pep8 2016-04-06 18:23:46 +02:00
Christoph Witzany
4c5e8adf8b conditionally import ldap 2016-04-06 18:23:46 +02:00
Christoph Witzany
875ed05bdc fix pep8 2016-04-06 18:23:46 +02:00
Christoph Witzany
67f3a50e9a fix exception handling 2016-04-06 18:23:46 +02:00
Christoph Witzany
afff321e9a code style 2016-04-06 18:23:46 +02:00
Christoph Witzany
823b8be4b7 add tls property and twist my head around twisted 2016-04-06 18:23:45 +02:00
Christoph Witzany
7b9319b1c8 move LDAP authentication to AuthenticationHandler 2016-04-06 18:23:45 +02:00
Mark Haines
2a37467fa1 Use google style doc strings.
pycharm supports them so there is no need to use the other format.

Might as well convert the existing strings to reduce the risk of
people accidentally cargo culting the wrong doc string format.
2016-04-01 16:12:07 +01:00
David Baker
a7daa5ae13 Make registration idempotent, part 2: be idempotent if the client specifies a username. 2016-03-16 19:36:57 +00:00
David Baker
b58d10a875 pep8 2016-03-16 16:22:20 +00:00
David Baker
3ee7d7dc7f time_msec() 2016-03-16 16:18:52 +00:00
David Baker
3176aebf9d string with symbols is a bit too symboly. 2016-03-16 15:55:49 +00:00
David Baker
9671e6750c Replace other time.time(). 2016-03-16 15:51:28 +00:00
David Baker
742b6c6d15 Use hs get_clock instead of time.time() 2016-03-16 15:42:35 +00:00
David Baker
99797947aa pep8 & remove debug logging 2016-03-16 12:51:34 +00:00
David Baker
c12b9d719a Make registration idempotent: if you specify the same session, make it give you an access token for the user that was registered on previous uses of that session. Tweak the UI auth layer to not delete sessions when their auth has completed and hence expire themn so they don't hang around until server restart. Allow server-side data to be associated with UI auth sessions. 2016-03-16 11:56:24 +00:00
David Baker
af59826a2f Make select more sensible when dseleting access tokens, rename pusher deletion to match access token deletion and make exception arg optional. 2016-03-11 14:34:09 +00:00
David Baker
f523177850 Delete old, unused methods and rename new one to just be user_delete_access_tokens with an except_token_ids argument doing what it says on the tin. 2016-03-11 14:29:01 +00:00
David Baker
57c444b3ad Dear PyCharm, please indent sensibly for me. Thx. 2016-03-11 14:25:05 +00:00
David Baker
aa11db5f11 Fix cache invalidation so deleting access tokens (which we did when changing password) actually takes effect without HS restart. Reinstate the code to avoid logging out the session that changed the password, removed in 415c2f0549 2016-03-11 13:14:18 +00:00
David Baker
ff8b87118d Stop using checkpw as it seems to have vanished from bcrypt. Use bcrypt.hashpw(password, hashed) == hashed as per the bcrypt README. 2016-03-02 18:06:45 +00:00
Daniel Wagner-Hall
cfd07aafff Allow guests to upgrade their accounts 2016-01-05 18:01:18 +00:00
Daniel Wagner-Hall
248cfd5eb3 Take a boolean not a list of lambdas 2015-11-19 15:16:25 +00:00
Steven Hammerton
2b779af10f Minor review fixes 2015-11-11 11:21:43 +00:00
Steven Hammerton
dd2eb49385 Share more code between macaroon validation 2015-11-11 11:12:35 +00:00
Steven Hammerton
414a4a71b4 Allow hs to do CAS login completely and issue the client with a login token that can be redeemed for the usual successful login response 2015-11-05 14:06:48 +00:00
Daniel Wagner-Hall
f522f50a08 Allow guests to register and call /events?room_id=
This follows the same flows-based flow as regular registration, but as
the only implemented flow has no requirements, it auto-succeeds. In the
future, other flows (e.g. captcha) may be required, so clients should
treat this like the regular registration flow choices.
2015-11-04 17:29:07 +00:00
Mark Haines
f2f031fd57 Add config for how many bcrypt rounds to use for password hashes
By default we leave it at the default value of 12. But now we can reduce
it for preparing users for loadtests or running integration tests.
2015-10-16 14:52:08 +01:00
Steven Hammerton
22112f8d14 Formatting changes 2015-10-10 10:49:42 +01:00
Steven Hammerton
c33f5c1a24 Provide ability to login using CAS 2015-10-10 10:49:42 +01:00
Daniel Wagner-Hall
81a93ddcc8 Allow configuration to ignore invalid SSL certs
This will be useful for sytest, and sytest only, hence the aggressive
config key name.
2015-09-09 12:02:07 +01:00
Daniel Wagner-Hall
3063383547 Swap out bcrypt for md5 in tests
This reduces our ~8 second sequential test time down to ~7 seconds
2015-08-26 15:59:32 +01:00
Daniel Wagner-Hall
d3c0e48859 Merge erikj/user_dedup to develop 2015-08-26 13:42:45 +01:00
Daniel Wagner-Hall
c7788685b0 Fix bad merge 2015-08-20 17:43:12 +01:00
Daniel Wagner-Hall
8c74bd8960 Fix indentation 2015-08-20 17:26:52 +01:00
Daniel Wagner-Hall
ea570ffaeb Fix flake8 warnings 2015-08-20 17:22:41 +01:00
Daniel Wagner-Hall
d5a825edee Merge branch 'auth' into refresh
Conflicts:
	synapse/handlers/register.py
2015-08-20 17:13:33 +01:00
Daniel Wagner-Hall
e8cf77fa49 Merge branch 'develop' into refresh
Conflicts:
	synapse/rest/client/v1/login.py
2015-08-20 16:25:40 +01:00
Daniel Wagner-Hall
cecbd636e9 /tokenrefresh POST endpoint
This allows refresh tokens to be exchanged for (access_token,
refresh_token).

It also starts issuing them on login, though no clients currently
interpret them.
2015-08-20 16:21:35 +01:00
David Baker
ca0d28ef34 Another use of check_password that got missed in the yield fix 2015-08-20 15:35:14 +01:00
Daniel Wagner-Hall
617501dd2a Move token generation to auth handler
I prefer the auth handler to worry about all auth, and register to call
into it as needed, than to smatter auth logic between the two.
2015-08-20 11:35:56 +01:00
Erik Johnston
40da1f200d Remove an access token log line 2015-08-19 09:41:07 +01:00
Erik Johnston
abc6986a24 Fix regression where we incorrectly responded with a 200 to /login 2015-08-19 09:31:11 +01:00