Attempt to validate macaroons
A couple of weird caveats: * If we can't validate your macaroon, we fall back to checking that your access token is in the DB, and ignoring the failure * Even if we can validate your macaroon, we still have to hit the DB to get the access token ID, which we pretend is a device ID all over the codebase. This mostly adds the interesting code, and points out the two pieces we need to delete (and necessary conditions) in order to fix the above caveats.
Showing
- synapse/api/auth.py 95 additions, 9 deletionssynapse/api/auth.py
- tests/api/test_auth.py 140 additions, 2 deletionstests/api/test_auth.py
- tests/rest/client/v1/test_presence.py 4 additions, 4 deletionstests/rest/client/v1/test_presence.py
- tests/rest/client/v1/test_rooms.py 14 additions, 14 deletionstests/rest/client/v1/test_rooms.py
- tests/rest/client/v1/test_typing.py 2 additions, 2 deletionstests/rest/client/v1/test_typing.py
- tests/rest/client/v1/utils.py 0 additions, 3 deletionstests/rest/client/v1/utils.py
- tests/rest/client/v2_alpha/__init__.py 2 additions, 2 deletionstests/rest/client/v2_alpha/__init__.py
Loading
Please register or sign in to comment