MatrixSynapse/tests/handlers
Quentin Gliech fe1daad672
Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986)
This simplifies the access token verification logic by removing the `rights`
parameter which was only ever used for the unsubscribe link in email
notifications. The latter has been moved under the `/_synapse` namespace,
since it is not a standard API.

This also makes the email verification link more secure, by embedding the
app_id and pushkey in the macaroon and verifying it. This prevents the user
from tampering the query parameters of that unsubscribe link.

Macaroon generation is refactored:

- Centralised all macaroon generation and verification logic to the
  `MacaroonGenerator`
- Moved to `synapse.utils`
- Changed the constructor to require only a `Clock`, hostname, and a secret key
  (instead of a full `Homeserver`).
- Added tests for all methods.
2022-06-14 09:12:08 -04:00
..
__init__.py
oidc_test_key.p8 JWT OIDC secrets for Sign in with Apple (#9549) 2021-03-09 15:03:37 +00:00
oidc_test_key.pub.pem JWT OIDC secrets for Sign in with Apple (#9549) 2021-03-09 15:03:37 +00:00
test_admin.py Add some type hints to the tests.handlers module. (#12207) 2022-03-11 07:07:15 -05:00
test_appservice.py Remove remaining bits of groups code. (#12936) 2022-06-01 09:41:25 -04:00
test_auth.py Decouple `synapse.api.auth_blocking.AuthBlocking` from `synapse.api.auth.Auth`. (#13021) 2022-06-14 09:51:15 +01:00
test_cas.py Use `getClientAddress` instead of `getClientIP`. (#12599) 2022-05-04 14:11:21 -04:00
test_deactivate_account.py Remove redundant `get_success` calls in test code (#12346) 2022-04-01 16:10:31 +01:00
test_device.py Consolidate the logic of delete_device/delete_devices. (#12970) 2022-06-07 07:43:35 -04:00
test_directory.py Reduce the amount of state we pull from the DB (#12811) 2022-06-06 09:24:12 +01:00
test_e2e_keys.py Prefer `make_awaitable` over `defer.succeed` in tests (#12505) 2022-04-27 14:58:26 +01:00
test_e2e_room_keys.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
test_federation.py Wait for lazy join to complete when getting current state (#12872) 2022-06-01 16:02:53 +01:00
test_federation_event.py Wait for lazy join to complete when getting current state (#12872) 2022-06-01 16:02:53 +01:00
test_message.py Rename storage classes (#12913) 2022-05-31 12:17:50 +00:00
test_oidc.py Move the "email unsubscribe" resource, refactor the macaroon generator & simplify the access token verification logic. (#12986) 2022-06-14 09:12:08 -04:00
test_password_providers.py Remove unstable/unspecced login types. (#12597) 2022-05-04 13:53:21 +00:00
test_presence.py Prevent a sync request from removing a user's busy presence status (#12213) 2022-04-13 16:21:07 +01:00
test_profile.py Remove redundant `get_success` calls in test code (#12346) 2022-04-01 16:10:31 +01:00
test_receipts.py Additional constants for EDU types. (#12884) 2022-05-27 07:14:36 -04:00
test_register.py Decouple `synapse.api.auth_blocking.AuthBlocking` from `synapse.api.auth.Auth`. (#13021) 2022-06-14 09:51:15 +01:00
test_room.py Pull out encrypted_by_default tests from user_directory tests (#10752) 2021-09-06 11:37:54 +01:00
test_room_summary.py Stop depending on `room_id` to be returned for children state in the hierarchy response. (#12991) 2022-06-10 07:15:51 -04:00
test_saml.py Use `getClientAddress` instead of `getClientIP`. (#12599) 2022-05-04 14:11:21 -04:00
test_send_email.py Fix incompatibility with Twisted < 21. (#10713) 2021-08-27 16:33:41 +01:00
test_stats.py Replace noop background updates with DELETE. (#12954) 2022-06-13 14:06:27 -04:00
test_sync.py Decouple `synapse.api.auth_blocking.AuthBlocking` from `synapse.api.auth.Auth`. (#13021) 2022-06-14 09:51:15 +01:00
test_typing.py Reduce state pulled from DB due to sending typing and receipts over federation (#12964) 2022-06-06 16:46:11 +01:00
test_user_directory.py Remove remaining bits of groups code. (#12936) 2022-06-01 09:41:25 -04:00