Add ability for access tokens to belong to one user but grant access to another user. (#8616)
We do it this way round so that only the "owner" can delete the access token (i.e. `/logout/all` by the "owner" also deletes that token, but `/logout/all` by the "target user" doesn't).
A future PR will add an API for creating such a token.
When the target user and authenticated entity are different the `Processed request` log line will be logged with a: `{@admin:server as @bob:server} ...`. I'm not convinced by that format (especially since it adds spaces in there, making it harder to use `cut -d ' '` to chop off the start of log lines). Suggestions welcome.
Showing
- changelog.d/8616.misc 1 addition, 0 deletionschangelog.d/8616.misc
- synapse/api/auth.py 46 additions, 67 deletionssynapse/api/auth.py
- synapse/appservice/__init__.py 2 additions, 2 deletionssynapse/appservice/__init__.py
- synapse/federation/transport/server.py 1 addition, 1 deletionsynapse/federation/transport/server.py
- synapse/handlers/auth.py 4 additions, 4 deletionssynapse/handlers/auth.py
- synapse/handlers/register.py 5 additions, 2 deletionssynapse/handlers/register.py
- synapse/http/site.py 23 additions, 7 deletionssynapse/http/site.py
- synapse/replication/http/membership.py 2 additions, 4 deletionssynapse/replication/http/membership.py
- synapse/replication/http/send_event.py 1 addition, 2 deletionssynapse/replication/http/send_event.py
- synapse/storage/databases/main/registration.py 39 additions, 9 deletionssynapse/storage/databases/main/registration.py
- synapse/storage/databases/main/schema/delta/58/22puppet_token.sql 17 additions, 0 deletions...storage/databases/main/schema/delta/58/22puppet_token.sql
- synapse/types.py 26 additions, 7 deletionssynapse/types.py
- tests/api/test_auth.py 13 additions, 16 deletionstests/api/test_auth.py
- tests/api/test_ratelimiting.py 2 additions, 2 deletionstests/api/test_ratelimiting.py
- tests/appservice/test_appservice.py 1 addition, 0 deletionstests/appservice/test_appservice.py
- tests/handlers/test_device.py 1 addition, 1 deletiontests/handlers/test_device.py
- tests/handlers/test_message.py 1 addition, 1 deletiontests/handlers/test_message.py
- tests/push/test_email.py 1 addition, 1 deletiontests/push/test_email.py
- tests/push/test_http.py 5 additions, 5 deletionstests/push/test_http.py
- tests/replication/test_pusher_shard.py 1 addition, 1 deletiontests/replication/test_pusher_shard.py
Loading
Please register or sign in to comment