Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Clear the session on successful authentication.
Browse files Browse the repository at this point in the history
  • Loading branch information
clokep committed Mar 11, 2020
1 parent 006b4da commit 6bcd1fe
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 1 deletion.
15 changes: 15 additions & 0 deletions synapse/handlers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -347,6 +347,10 @@ def check_auth(
creds,
list(clientdict),
)

# Blow away the session so it can not be re-used.
self._invalidate_session(session["id"])

return creds, clientdict, session["id"]

ret = self._auth_dict_for_flows(flows, session)
Expand Down Expand Up @@ -517,6 +521,17 @@ def _get_session_info(self, session_id: Optional[str]) -> dict:

return self.sessions[session_id]

def _invalidate_session(self, session_id) -> None:
"""Invalidate session information for session ID"""
session = self.sessions.get(session_id, None)
if session and "ui_auth" in session:
# Set the items in the ui_auth session to sentinel values that can
# never be equaled.
session["ui_auth"] = {
"action_type": object(),
"action_id": object(),
}

@defer.inlineCallbacks
def get_access_token_for_user_id(
self, user_id: str, device_id: Optional[str], valid_until_ms: Optional[int]
Expand Down
2 changes: 1 addition & 1 deletion tests/rest/client/v2_alpha/test_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ def test_fallback_captcha(self):
)
self.render(request)

# Now we should have fufilled a complete auth flow, including
# Now we should have fulfilled a complete auth flow, including
# the recaptcha fallback step, we can then send a
# request to the register API with the session in the authdict.
request, channel = self.make_request(
Expand Down

0 comments on commit 6bcd1fe

Please sign in to comment.