synapse-product/synapse/api
Quentin Gliech fe1daad672
Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986)
This simplifies the access token verification logic by removing the `rights`
parameter which was only ever used for the unsubscribe link in email
notifications. The latter has been moved under the `/_synapse` namespace,
since it is not a standard API.

This also makes the email verification link more secure, by embedding the
app_id and pushkey in the macaroon and verifying it. This prevents the user
from tampering the query parameters of that unsubscribe link.

Macaroon generation is refactored:

- Centralised all macaroon generation and verification logic to the
  `MacaroonGenerator`
- Moved to `synapse.utils`
- Changed the constructor to require only a `Clock`, hostname, and a secret key
  (instead of a full `Homeserver`).
- Added tests for all methods.
2022-06-14 09:12:08 -04:00
..
__init__.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
auth_blocking.py Remove HomeServer.get_datastore() (#12031) 2022-02-23 11:04:02 +00:00
auth.py Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
constants.py Remove remaining bits of groups code. (#12936) 2022-06-01 09:41:25 -04:00
errors.py Fix M_USER_ACCOUNT_SUSPENDED error code for spec compliance (#12923) 2022-05-31 08:42:18 +01:00
filtering.py Additional constants for EDU types. (#12884) 2022-05-27 07:14:36 -04:00
presence.py Add missing type hints to synapse.api. (#11109) 2021-10-18 15:01:10 -04:00
ratelimiting.py Add missing type hints to synapse.api. (#11109) 2021-10-18 15:01:10 -04:00
room_versions.py Add a new room version for MSC3787's knock+restricted join rule (#12623) 2022-05-17 10:41:39 +00:00
urls.py Remove support for the webclient listener. (#11895) 2022-02-03 18:36:49 +00:00