Explorar el Código
Update MSC2918 refresh token support to confirm with the latest revision: accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. (#11430)
tags/v1.49.0rc1
reivilibre
hace 2 años
committed by
GitHub
GitHub
No se encontró ninguna clave conocida en la base de datos para esta firma
ID de clave GPG: 4AEE18F83AFDEB23
Se han modificado 4 ficheros con 58 adiciones y 22 borrados
Dividir vista
Opciones de diferencias
-
+1 -0changelog.d/11430.misc
-
+7 -5synapse/rest/client/login.py
-
+6 -3synapse/rest/client/register.py
-
+44 -14tests/rest/client/test_auth.py
+ 1
- 0
changelog.d/11430.misc
Ver fichero
| @@ -0,0 +1 @@ | |||
| Update [MSC2918 refresh token](https://github.com/matrix-org/matrix-doc/blob/main/proposals/2918-refreshtokens.md#msc2918-refresh-tokens) support to confirm with the latest revision: accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. | |||
+ 7
- 5
synapse/rest/client/login.py
Ver fichero
| @@ -38,7 +38,6 @@ from synapse.http.server import HttpServer, finish_request | |||
| from synapse.http.servlet import ( | |||
| RestServlet, | |||
| assert_params_in_dict, | |||
| parse_boolean, | |||
| parse_bytes_from_args, | |||
| parse_json_object_from_request, | |||
| parse_string, | |||
| @@ -165,11 +164,14 @@ class LoginRestServlet(RestServlet): | |||
| login_submission = parse_json_object_from_request(request) | |||
| if self._msc2918_enabled: | |||
| # Check if this login should also issue a refresh token, as per | |||
| # MSC2918 | |||
| should_issue_refresh_token = parse_boolean( | |||
| request, name=LoginRestServlet.REFRESH_TOKEN_PARAM, default=False | |||
| # Check if this login should also issue a refresh token, as per MSC2918 | |||
| should_issue_refresh_token = login_submission.get( | |||
| "org.matrix.msc2918.refresh_token", False | |||
| ) | |||
| if not isinstance(should_issue_refresh_token, bool): | |||
| raise SynapseError( | |||
| 400, "`org.matrix.msc2918.refresh_token` should be true or false." | |||
| ) | |||
| else: | |||
| should_issue_refresh_token = False | |||
+ 6
- 3
synapse/rest/client/register.py
Ver fichero
| @@ -41,7 +41,6 @@ from synapse.http.server import HttpServer, finish_request, respond_with_html | |||
| from synapse.http.servlet import ( | |||
| RestServlet, | |||
| assert_params_in_dict, | |||
| parse_boolean, | |||
| parse_json_object_from_request, | |||
| parse_string, | |||
| ) | |||
| @@ -449,9 +448,13 @@ class RegisterRestServlet(RestServlet): | |||
| if self._msc2918_enabled: | |||
| # Check if this registration should also issue a refresh token, as | |||
| # per MSC2918 | |||
| should_issue_refresh_token = parse_boolean( | |||
| request, name="org.matrix.msc2918.refresh_token", default=False | |||
| should_issue_refresh_token = body.get( | |||
| "org.matrix.msc2918.refresh_token", False | |||
| ) | |||
| if not isinstance(should_issue_refresh_token, bool): | |||
| raise SynapseError( | |||
| 400, "`org.matrix.msc2918.refresh_token` should be true or false." | |||
| ) | |||
| else: | |||
| should_issue_refresh_token = False | |||
+ 44
- 14
tests/rest/client/test_auth.py
Ver fichero
| @@ -529,7 +529,11 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| A login response should include a refresh_token only if asked. | |||
| """ | |||
| # Test login | |||
| body = {"type": "m.login.password", "user": "test", "password": self.user_pass} | |||
| body = { | |||
| "type": "m.login.password", | |||
| "user": "test", | |||
| "password": self.user_pass, | |||
| } | |||
| login_without_refresh = self.make_request( | |||
| "POST", "/_matrix/client/r0/login", body | |||
| @@ -539,8 +543,8 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| login_with_refresh = self.make_request( | |||
| "POST", | |||
| "/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true", | |||
| body, | |||
| "/_matrix/client/r0/login", | |||
| {"org.matrix.msc2918.refresh_token": True, **body}, | |||
| ) | |||
| self.assertEqual(login_with_refresh.code, 200, login_with_refresh.result) | |||
| self.assertIn("refresh_token", login_with_refresh.json_body) | |||
| @@ -566,11 +570,12 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| register_with_refresh = self.make_request( | |||
| "POST", | |||
| "/_matrix/client/r0/register?org.matrix.msc2918.refresh_token=true", | |||
| "/_matrix/client/r0/register", | |||
| { | |||
| "username": "test3", | |||
| "password": self.user_pass, | |||
| "auth": {"type": LoginType.DUMMY}, | |||
| "org.matrix.msc2918.refresh_token": True, | |||
| }, | |||
| ) | |||
| self.assertEqual(register_with_refresh.code, 200, register_with_refresh.result) | |||
| @@ -581,10 +586,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| """ | |||
| A refresh token can be used to issue a new access token. | |||
| """ | |||
| body = {"type": "m.login.password", "user": "test", "password": self.user_pass} | |||
| body = { | |||
| "type": "m.login.password", | |||
| "user": "test", | |||
| "password": self.user_pass, | |||
| "org.matrix.msc2918.refresh_token": True, | |||
| } | |||
| login_response = self.make_request( | |||
| "POST", | |||
| "/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true", | |||
| "/_matrix/client/r0/login", | |||
| body, | |||
| ) | |||
| self.assertEqual(login_response.code, 200, login_response.result) | |||
| @@ -614,10 +624,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| """ | |||
| The access token should have some time as specified in the config. | |||
| """ | |||
| body = {"type": "m.login.password", "user": "test", "password": self.user_pass} | |||
| body = { | |||
| "type": "m.login.password", | |||
| "user": "test", | |||
| "password": self.user_pass, | |||
| "org.matrix.msc2918.refresh_token": True, | |||
| } | |||
| login_response = self.make_request( | |||
| "POST", | |||
| "/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true", | |||
| "/_matrix/client/r0/login", | |||
| body, | |||
| ) | |||
| self.assertEqual(login_response.code, 200, login_response.result) | |||
| @@ -666,10 +681,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| refresh the session. | |||
| """ | |||
| body = {"type": "m.login.password", "user": "test", "password": self.user_pass} | |||
| body = { | |||
| "type": "m.login.password", | |||
| "user": "test", | |||
| "password": self.user_pass, | |||
| "org.matrix.msc2918.refresh_token": True, | |||
| } | |||
| login_response = self.make_request( | |||
| "POST", | |||
| "/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true", | |||
| "/_matrix/client/r0/login", | |||
| body, | |||
| ) | |||
| self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result) | |||
| @@ -711,10 +731,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| The session can be configured to have an ultimate, limited lifetime. | |||
| """ | |||
| body = {"type": "m.login.password", "user": "test", "password": self.user_pass} | |||
| body = { | |||
| "type": "m.login.password", | |||
| "user": "test", | |||
| "password": self.user_pass, | |||
| "org.matrix.msc2918.refresh_token": True, | |||
| } | |||
| login_response = self.make_request( | |||
| "POST", | |||
| "/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true", | |||
| "/_matrix/client/r0/login", | |||
| body, | |||
| ) | |||
| self.assertEqual(login_response.code, 200, login_response.result) | |||
| @@ -763,10 +788,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase): | |||
| |-> fourth_refresh (fails) | |||
| """ | |||
| body = {"type": "m.login.password", "user": "test", "password": self.user_pass} | |||
| body = { | |||
| "type": "m.login.password", | |||
| "user": "test", | |||
| "password": self.user_pass, | |||
| "org.matrix.msc2918.refresh_token": True, | |||
| } | |||
| login_response = self.make_request( | |||
| "POST", | |||
| "/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true", | |||
| "/_matrix/client/r0/login", | |||
| body, | |||
| ) | |||
| self.assertEqual(login_response.code, 200, login_response.result) | |||