Update MSC2918 refresh token support to confirm with the latest revision: accept the `refresh_tokens` parameter in the request body rather than in the URL parameters. (#11430)
This commit is contained in:
reivilibre
GitHub
parent
ffd858aa68
commit
1b6691dce4
|
|
@ -0,0 +1 @@
|
||||||
|
Update [MSC2918 refresh token](https://github.com/matrix-org/matrix-doc/blob/main/proposals/2918-refreshtokens.md#msc2918-refresh-tokens) support to confirm with the latest revision: accept the `refresh_tokens` parameter in the request body rather than in the URL parameters.
|
||||||
|
|
@ -38,7 +38,6 @@ from synapse.http.server import HttpServer, finish_request
|
||||||
from synapse.http.servlet import (
|
from synapse.http.servlet import (
|
||||||
RestServlet,
|
RestServlet,
|
||||||
assert_params_in_dict,
|
assert_params_in_dict,
|
||||||
parse_boolean,
|
|
||||||
parse_bytes_from_args,
|
parse_bytes_from_args,
|
||||||
parse_json_object_from_request,
|
parse_json_object_from_request,
|
||||||
parse_string,
|
parse_string,
|
||||||
|
|
@ -165,11 +164,14 @@ class LoginRestServlet(RestServlet):
|
||||||
login_submission = parse_json_object_from_request(request)
|
login_submission = parse_json_object_from_request(request)
|
||||||
|
|
||||||
if self._msc2918_enabled:
|
if self._msc2918_enabled:
|
||||||
# Check if this login should also issue a refresh token, as per
|
# Check if this login should also issue a refresh token, as per MSC2918
|
||||||
# MSC2918
|
should_issue_refresh_token = login_submission.get(
|
||||||
should_issue_refresh_token = parse_boolean(
|
"org.matrix.msc2918.refresh_token", False
|
||||||
request, name=LoginRestServlet.REFRESH_TOKEN_PARAM, default=False
|
|
||||||
)
|
)
|
||||||
|
if not isinstance(should_issue_refresh_token, bool):
|
||||||
|
raise SynapseError(
|
||||||
|
400, "`org.matrix.msc2918.refresh_token` should be true or false."
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
should_issue_refresh_token = False
|
should_issue_refresh_token = False
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,6 @@ from synapse.http.server import HttpServer, finish_request, respond_with_html
|
||||||
from synapse.http.servlet import (
|
from synapse.http.servlet import (
|
||||||
RestServlet,
|
RestServlet,
|
||||||
assert_params_in_dict,
|
assert_params_in_dict,
|
||||||
parse_boolean,
|
|
||||||
parse_json_object_from_request,
|
parse_json_object_from_request,
|
||||||
parse_string,
|
parse_string,
|
||||||
)
|
)
|
||||||
|
|
@ -449,9 +448,13 @@ class RegisterRestServlet(RestServlet):
|
||||||
if self._msc2918_enabled:
|
if self._msc2918_enabled:
|
||||||
# Check if this registration should also issue a refresh token, as
|
# Check if this registration should also issue a refresh token, as
|
||||||
# per MSC2918
|
# per MSC2918
|
||||||
should_issue_refresh_token = parse_boolean(
|
should_issue_refresh_token = body.get(
|
||||||
request, name="org.matrix.msc2918.refresh_token", default=False
|
"org.matrix.msc2918.refresh_token", False
|
||||||
)
|
)
|
||||||
|
if not isinstance(should_issue_refresh_token, bool):
|
||||||
|
raise SynapseError(
|
||||||
|
400, "`org.matrix.msc2918.refresh_token` should be true or false."
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
should_issue_refresh_token = False
|
should_issue_refresh_token = False
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -529,7 +529,11 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
A login response should include a refresh_token only if asked.
|
A login response should include a refresh_token only if asked.
|
||||||
"""
|
"""
|
||||||
# Test login
|
# Test login
|
||||||
body = {"type": "m.login.password", "user": "test", "password": self.user_pass}
|
body = {
|
||||||
|
"type": "m.login.password",
|
||||||
|
"user": "test",
|
||||||
|
"password": self.user_pass,
|
||||||
|
}
|
||||||
|
|
||||||
login_without_refresh = self.make_request(
|
login_without_refresh = self.make_request(
|
||||||
"POST", "/_matrix/client/r0/login", body
|
"POST", "/_matrix/client/r0/login", body
|
||||||
|
|
@ -539,8 +543,8 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
login_with_refresh = self.make_request(
|
login_with_refresh = self.make_request(
|
||||||
"POST",
|
"POST",
|
||||||
"/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true",
|
"/_matrix/client/r0/login",
|
||||||
body,
|
{"org.matrix.msc2918.refresh_token": True, **body},
|
||||||
)
|
)
|
||||||
self.assertEqual(login_with_refresh.code, 200, login_with_refresh.result)
|
self.assertEqual(login_with_refresh.code, 200, login_with_refresh.result)
|
||||||
self.assertIn("refresh_token", login_with_refresh.json_body)
|
self.assertIn("refresh_token", login_with_refresh.json_body)
|
||||||
|
|
@ -566,11 +570,12 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
register_with_refresh = self.make_request(
|
register_with_refresh = self.make_request(
|
||||||
"POST",
|
"POST",
|
||||||
"/_matrix/client/r0/register?org.matrix.msc2918.refresh_token=true",
|
"/_matrix/client/r0/register",
|
||||||
{
|
{
|
||||||
"username": "test3",
|
"username": "test3",
|
||||||
"password": self.user_pass,
|
"password": self.user_pass,
|
||||||
"auth": {"type": LoginType.DUMMY},
|
"auth": {"type": LoginType.DUMMY},
|
||||||
|
"org.matrix.msc2918.refresh_token": True,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
self.assertEqual(register_with_refresh.code, 200, register_with_refresh.result)
|
self.assertEqual(register_with_refresh.code, 200, register_with_refresh.result)
|
||||||
|
|
@ -581,10 +586,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
"""
|
"""
|
||||||
A refresh token can be used to issue a new access token.
|
A refresh token can be used to issue a new access token.
|
||||||
"""
|
"""
|
||||||
body = {"type": "m.login.password", "user": "test", "password": self.user_pass}
|
body = {
|
||||||
|
"type": "m.login.password",
|
||||||
|
"user": "test",
|
||||||
|
"password": self.user_pass,
|
||||||
|
"org.matrix.msc2918.refresh_token": True,
|
||||||
|
}
|
||||||
login_response = self.make_request(
|
login_response = self.make_request(
|
||||||
"POST",
|
"POST",
|
||||||
"/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true",
|
"/_matrix/client/r0/login",
|
||||||
body,
|
body,
|
||||||
)
|
)
|
||||||
self.assertEqual(login_response.code, 200, login_response.result)
|
self.assertEqual(login_response.code, 200, login_response.result)
|
||||||
|
|
@ -614,10 +624,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
"""
|
"""
|
||||||
The access token should have some time as specified in the config.
|
The access token should have some time as specified in the config.
|
||||||
"""
|
"""
|
||||||
body = {"type": "m.login.password", "user": "test", "password": self.user_pass}
|
body = {
|
||||||
|
"type": "m.login.password",
|
||||||
|
"user": "test",
|
||||||
|
"password": self.user_pass,
|
||||||
|
"org.matrix.msc2918.refresh_token": True,
|
||||||
|
}
|
||||||
login_response = self.make_request(
|
login_response = self.make_request(
|
||||||
"POST",
|
"POST",
|
||||||
"/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true",
|
"/_matrix/client/r0/login",
|
||||||
body,
|
body,
|
||||||
)
|
)
|
||||||
self.assertEqual(login_response.code, 200, login_response.result)
|
self.assertEqual(login_response.code, 200, login_response.result)
|
||||||
|
|
@ -666,10 +681,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
refresh the session.
|
refresh the session.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
body = {"type": "m.login.password", "user": "test", "password": self.user_pass}
|
body = {
|
||||||
|
"type": "m.login.password",
|
||||||
|
"user": "test",
|
||||||
|
"password": self.user_pass,
|
||||||
|
"org.matrix.msc2918.refresh_token": True,
|
||||||
|
}
|
||||||
login_response = self.make_request(
|
login_response = self.make_request(
|
||||||
"POST",
|
"POST",
|
||||||
"/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true",
|
"/_matrix/client/r0/login",
|
||||||
body,
|
body,
|
||||||
)
|
)
|
||||||
self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
|
self.assertEqual(login_response.code, HTTPStatus.OK, login_response.result)
|
||||||
|
|
@ -711,10 +731,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
The session can be configured to have an ultimate, limited lifetime.
|
The session can be configured to have an ultimate, limited lifetime.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
body = {"type": "m.login.password", "user": "test", "password": self.user_pass}
|
body = {
|
||||||
|
"type": "m.login.password",
|
||||||
|
"user": "test",
|
||||||
|
"password": self.user_pass,
|
||||||
|
"org.matrix.msc2918.refresh_token": True,
|
||||||
|
}
|
||||||
login_response = self.make_request(
|
login_response = self.make_request(
|
||||||
"POST",
|
"POST",
|
||||||
"/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true",
|
"/_matrix/client/r0/login",
|
||||||
body,
|
body,
|
||||||
)
|
)
|
||||||
self.assertEqual(login_response.code, 200, login_response.result)
|
self.assertEqual(login_response.code, 200, login_response.result)
|
||||||
|
|
@ -763,10 +788,15 @@ class RefreshAuthTests(unittest.HomeserverTestCase):
|
||||||
|-> fourth_refresh (fails)
|
|-> fourth_refresh (fails)
|
||||||
"""
|
"""
|
||||||
|
|
||||||
body = {"type": "m.login.password", "user": "test", "password": self.user_pass}
|
body = {
|
||||||
|
"type": "m.login.password",
|
||||||
|
"user": "test",
|
||||||
|
"password": self.user_pass,
|
||||||
|
"org.matrix.msc2918.refresh_token": True,
|
||||||
|
}
|
||||||
login_response = self.make_request(
|
login_response = self.make_request(
|
||||||
"POST",
|
"POST",
|
||||||
"/_matrix/client/r0/login?org.matrix.msc2918.refresh_token=true",
|
"/_matrix/client/r0/login",
|
||||||
body,
|
body,
|
||||||
)
|
)
|
||||||
self.assertEqual(login_response.code, 200, login_response.result)
|
self.assertEqual(login_response.code, 200, login_response.result)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue