fe1daad672
This simplifies the access token verification logic by removing the `rights` parameter which was only ever used for the unsubscribe link in email notifications. The latter has been moved under the `/_synapse` namespace, since it is not a standard API. This also makes the email verification link more secure, by embedding the app_id and pushkey in the macaroon and verifying it. This prevents the user from tampering the query parameters of that unsubscribe link. Macaroon generation is refactored: - Centralised all macaroon generation and verification logic to the `MacaroonGenerator` - Moved to `synapse.utils` - Changed the constructor to require only a `Clock`, hostname, and a secret key (instead of a full `Homeserver`). - Added tests for all methods. |
||
|---|---|---|
| .. | ||
| caches | ||
| __init__.py | ||
| async_helpers.py | ||
| batching_queue.py | ||
| check_dependencies.py | ||
| daemonize.py | ||
| distributor.py | ||
| file_consumer.py | ||
| frozenutils.py | ||
| gai_resolver.py | ||
| hash.py | ||
| httpresourcetree.py | ||
| iterutils.py | ||
| linked_list.py | ||
| logcontext.py | ||
| logformatter.py | ||
| macaroons.py | ||
| manhole.py | ||
| metrics.py | ||
| module_loader.py | ||
| msisdn.py | ||
| patch_inline_callbacks.py | ||
| ratelimitutils.py | ||
| retryutils.py | ||
| rlimit.py | ||
| stringutils.py | ||
| templates.py | ||
| threepids.py | ||
| wheel_timer.py | ||