fe1daad672
This simplifies the access token verification logic by removing the `rights` parameter which was only ever used for the unsubscribe link in email notifications. The latter has been moved under the `/_synapse` namespace, since it is not a standard API. This also makes the email verification link more secure, by embedding the app_id and pushkey in the macaroon and verifying it. This prevents the user from tampering the query parameters of that unsubscribe link. Macaroon generation is refactored: - Centralised all macaroon generation and verification logic to the `MacaroonGenerator` - Moved to `synapse.utils` - Changed the constructor to require only a `Clock`, hostname, and a secret key (instead of a full `Homeserver`). - Added tests for all methods. |
||
|---|---|---|
| .. | ||
| api | ||
| app | ||
| appservice | ||
| config | ||
| crypto | ||
| events | ||
| federation | ||
| handlers | ||
| http | ||
| logging | ||
| module_api | ||
| push | ||
| replication | ||
| rest | ||
| scripts | ||
| server_notices | ||
| state | ||
| storage | ||
| test_utils | ||
| util | ||
| __init__.py | ||
| server.py | ||
| test_distributor.py | ||
| test_event_auth.py | ||
| test_federation.py | ||
| test_mau.py | ||
| test_metrics.py | ||
| test_phone_home.py | ||
| test_server.py | ||
| test_state.py | ||
| test_terms_auth.py | ||
| test_test_utils.py | ||
| test_types.py | ||
| test_visibility.py | ||
| unittest.py | ||
| utils.py | ||