Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

MSC2918 Refresh tokens implementation #9450

Merged
merged 51 commits into from
Jun 24, 2021
Merged

MSC2918 Refresh tokens implementation #9450

merged 51 commits into from
Jun 24, 2021

Commits on Apr 9, 2021

  1. WIP: MSC2918 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Apr 9, 2021
    Configuration menu
    Copy the full SHA
    fe80ef5 View commit details
    Browse the repository at this point in the history

  2. MSC2918: implement refresh tokens 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Apr 9, 2021
    Configuration menu
    Copy the full SHA
    523d8cf View commit details
    Browse the repository at this point in the history

  3. MSC2918: Changelog

    @sandhose
    sandhose committed Apr 9, 2021
    Configuration menu
    Copy the full SHA
    358da22 View commit details
    Browse the repository at this point in the history

  4. MSC2918: fix mypy and lint errors

    @sandhose
    sandhose committed Apr 9, 2021
    Configuration menu
    Copy the full SHA
    f53466e View commit details
    Browse the repository at this point in the history

  5. MSC2918: add PostgreSQL schema

    @sandhose
    sandhose committed Apr 9, 2021
    Configuration menu
    Copy the full SHA
    324d7bf View commit details
    Browse the repository at this point in the history

  6. MSC2918: do not invalidate refresh token immediately & fix tests 

    This checks for child token usage to validate the refresh token validity.
This means that a token can be refreshed multiple times until one of the child tokens gets used.

Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Apr 9, 2021
    Configuration menu
    Copy the full SHA
    450a962 View commit details
    Browse the repository at this point in the history

  7. MSC2918: lint fixes 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Apr 9, 2021
    Configuration menu
    Copy the full SHA
    022485e View commit details
    Browse the repository at this point in the history

Commits on Apr 22, 2021

  1. MSC2918: also delete refresh tokens when logging out

    @sandhose
    sandhose committed Apr 22, 2021
    Configuration menu
    Copy the full SHA
    51ba1c3 View commit details
    Browse the repository at this point in the history

  2. MSC2918: fix field name in migrations

    @sandhose
    sandhose committed Apr 22, 2021
    Configuration menu
    Copy the full SHA
    d281f7e View commit details
    Browse the repository at this point in the history

Commits on May 5, 2021

  1. MSC2918: merge SQLite and PostgreSQL schema deltas 

    This also rolls back the SCHEMA_VERSION to 59 since this does not introduce any breaking database change.

Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    f499d63 View commit details
    Browse the repository at this point in the history

  2. MSC2918: fix sample config 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    e402a07 View commit details
    Browse the repository at this point in the history

  3. MSC2918: use parse_boolean to get query parameter value 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    adc6eab View commit details
    Browse the repository at this point in the history

  4. MSC2918: use attr.s instead of TypedDict 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    6963fe0 View commit details
    Browse the repository at this point in the history

  5. MSC2918: remove unused sequence in refresh_tokens 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    318b74c View commit details
    Browse the repository at this point in the history

  6. MSC2918: try fixing port_db script when a table references itself 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    29806b4 View commit details
    Browse the repository at this point in the history

  7. MSC2918: lint

    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    72e5c25 View commit details
    Browse the repository at this point in the history

  8. Revert "MSC2918: use attr.s instead of TypedDict" 

    This reverts commit 6963fe0.
    @sandhose
    sandhose committed May 5, 2021
    Configuration menu
    Copy the full SHA
    eb9f680 View commit details
    Browse the repository at this point in the history

Commits on May 20, 2021

  1. MSC2918: random signed token instead of macaroons for refresh tokens

    @sandhose
    sandhose committed May 20, 2021
    Configuration menu
    Copy the full SHA
    417a34a View commit details
    Browse the repository at this point in the history

  2. MSC2918: some docstrings and minor changes

    @sandhose
    sandhose committed May 20, 2021
    Configuration menu
    Copy the full SHA
    45177a6 View commit details
    Browse the repository at this point in the history

Commits on May 27, 2021

  1. MSC2918: expires_in -> expires_in_ms

    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    e37f53a View commit details
    Browse the repository at this point in the history

  2. MSC2918: properly figure out whether an access token was already used… 

    … or not
    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    262d1ab View commit details
    Browse the repository at this point in the history

  3. MSC2918: implement for registration endpoint

    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    75ce9e5 View commit details
    Browse the repository at this point in the history

  4. MSC2918: properly replace old-next refresh token

    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    6f2cc61 View commit details
    Browse the repository at this point in the history

  5. MSC2918: add tests

    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    b7b17ed View commit details
    Browse the repository at this point in the history

  6. MSC2918: use secrets.token_bytes instead of random.randbytes 

    random.randbytes isn't available in python < 3.9 while
secrets.token_bytes is available starting python 3.6

Also remove some leftover in the macaroon generator
    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    c7eab51 View commit details
    Browse the repository at this point in the history

  7. MSC2918: mark new column as boolean in port_db

    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    088e023 View commit details
    Browse the repository at this point in the history

  8. MSC2918: fix existing auth test

    @sandhose
    sandhose committed May 27, 2021
    Configuration menu
    Copy the full SHA
    6247228 View commit details
    Browse the repository at this point in the history

Commits on May 28, 2021

  1. Merge remote-tracking branch 'upstream/develop' into sandhose/msc2918

    @sandhose
    sandhose committed May 28, 2021
    Configuration menu
    Copy the full SHA
    67d4c9e View commit details
    Browse the repository at this point in the history

  2. MSC2918: use the same pattern as access tokens for refresh tokens

    @sandhose
    sandhose committed May 28, 2021
    Configuration menu
    Copy the full SHA
    2ec853c View commit details
    Browse the repository at this point in the history

  3. MSC2918: lint: remove unused import

    @sandhose
    sandhose committed May 28, 2021
    Configuration menu
    Copy the full SHA
    9e7ce1f View commit details
    Browse the repository at this point in the history

  4. MSC2918: fix typing issue

    @sandhose
    sandhose committed May 28, 2021
    Configuration menu
    Copy the full SHA
    45e2eaf View commit details
    Browse the repository at this point in the history

  5. MSC2918: properly check refresh_token parameter

    @sandhose
    sandhose committed May 28, 2021
    Configuration menu
    Copy the full SHA
    c20f94a View commit details
    Browse the repository at this point in the history

  6. MSC2918: cleanup old refresh token generation code

    @sandhose
    sandhose committed May 28, 2021
    Configuration menu
    Copy the full SHA
    790baac View commit details
    Browse the repository at this point in the history

Commits on Jun 3, 2021

  1. MSC2918: add more docstrings 

    Also applies some of richvdh's suggestions
    @sandhose
    sandhose committed Jun 3, 2021
    Configuration menu
    Copy the full SHA
    01b0740 View commit details
    Browse the repository at this point in the history

  2. MSC2918: change refresh token API error codes 

    Aligns with matrix-org/matrix-spec-proposals@d433e3b
    @sandhose
    sandhose committed Jun 3, 2021
    Configuration menu
    Copy the full SHA
    797e0d3 View commit details
    Browse the repository at this point in the history

  3. MSC2918: disable refresh tokens when session_lifetime is set

    @sandhose
    sandhose committed Jun 3, 2021
    Configuration menu
    Copy the full SHA
    8f8f369 View commit details
    Browse the repository at this point in the history

  4. MSC2918: add missing docstring

    @sandhose
    sandhose committed Jun 3, 2021
    Configuration menu
    Copy the full SHA
    6024ed8 View commit details
    Browse the repository at this point in the history

  5. MSC2918: temp: mark the access token as used only once 

    This is a temporary fix to work around the cache. It's only there to
confirm it broke tests, and check if CI passes with this fix.
    @sandhose
    sandhose committed Jun 3, 2021
    Configuration menu
    Copy the full SHA
    908c279 View commit details
    Browse the repository at this point in the history

Commits on Jun 4, 2021

  1. MSC2918: explicit cast on access_tokens.used 

    Boolean handling seems to be broken with older versions of sqlite making
the py3-old environment fail in CI. This explicitely casts the
`access_tokens.used` column to INTEGER then compares it with "1" when
querying it.
    @sandhose
    sandhose committed Jun 4, 2021
    Configuration menu
    Copy the full SHA
    cdfd871 View commit details
    Browse the repository at this point in the history

  2. Revert "MSC2918: explicit cast on access_tokens.used" 

    This reverts commit cdfd871.
    @sandhose
    sandhose committed Jun 4, 2021
    Configuration menu
    Copy the full SHA
    b169a62 View commit details
    Browse the repository at this point in the history

  3. MSC2918: properly fix access_tokens.used column on old SQLite

    @sandhose
    sandhose committed Jun 4, 2021
    Configuration menu
    Copy the full SHA
    e07ef9b View commit details
    Browse the repository at this point in the history

  4. Merge remote-tracking branch 'upstream/develop' into sandhose/msc2918

    @sandhose
    sandhose committed Jun 4, 2021
    Configuration menu
    Copy the full SHA
    4cf49a6 View commit details
    Browse the repository at this point in the history

  5. MSC2918: properly fix "mark_access_token_as_used" by caching it

    @sandhose
    sandhose committed Jun 4, 2021
    Configuration menu
    Copy the full SHA
    ef0e051 View commit details
    Browse the repository at this point in the history

Commits on Jun 10, 2021

  1. Merge remote-tracking branch 'upstream/develop' into sandhose/msc2918

    @sandhose
    sandhose committed Jun 10, 2021
    Configuration menu
    Copy the full SHA
    7adfe0c View commit details
    Browse the repository at this point in the history

Commits on Jun 17, 2021

  1. MSC2918: add comments as suggested by richvdh 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Jun 17, 2021
    Configuration menu
    Copy the full SHA
    ab443a3 View commit details
    Browse the repository at this point in the history

  2. Merge remote-tracking branch 'upstream/develop' into sandhose/msc2918

    @sandhose
    sandhose committed Jun 17, 2021
    Configuration menu
    Copy the full SHA
    0060bc9 View commit details
    Browse the repository at this point in the history

Commits on Jun 18, 2021

  1. MSC2918: make access_tokens.used nullable 

    This avoids rewriting the whole table on disk on Postgres < 11

Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Jun 18, 2021
    Configuration menu
    Copy the full SHA
    18628fc View commit details
    Browse the repository at this point in the history

  2. MSC2918: 403 when using a refresh token twice 

    This could help differenciate errors where the refresh token was never
valid from errors where it is not valid anymore

Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Jun 18, 2021
    Configuration menu
    Copy the full SHA
    bcc33e2 View commit details
    Browse the repository at this point in the history

  3. MSC2918: clarify comment about access_token_lifetime and session_life… 

    …time interaction in config

Co-authored-by: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
    @sandhose @richvdh
    sandhose and richvdh authored Jun 18, 2021
    Configuration menu
    Copy the full SHA
    ddfc2a4 View commit details
    Browse the repository at this point in the history

  4. Merge remote-tracking branch 'upstream/develop' into sandhose/msc2918

    @sandhose
    sandhose committed Jun 18, 2021
    Configuration menu
    Copy the full SHA
    a013064 View commit details
    Browse the repository at this point in the history

  5. MSC2918: fix refresh token invalidation test 

    Signed-off-by: Quentin Gliech <quentingliech@gmail.com>
    @sandhose
    sandhose committed Jun 18, 2021
    Configuration menu
    Copy the full SHA
    9fe5556 View commit details
    Browse the repository at this point in the history