From 5986ff9cb94b80a62e6afb291776ef6011b59f31 Mon Sep 17 00:00:00 2001
From: "Olivier Wilkinson (reivilibre)" <oliverw@matrix.org>
Date: Thu, 25 Nov 2021 14:05:12 +0000
Subject: [PATCH 1/5] Add desired type annotation to
 refreshable_access_token_lifetime.

---
 synapse/config/registration.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index 5e2154806048..c1df5a48d3db 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -11,6 +11,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+from typing import Optional
 
 from synapse.api.constants import RoomCreationPreset
 from synapse.config._base import Config, ConfigError
@@ -123,7 +124,9 @@ def read_config(self, config, **kwargs):
             refreshable_access_token_lifetime = self.parse_duration(
                 refreshable_access_token_lifetime
             )
-        self.refreshable_access_token_lifetime = refreshable_access_token_lifetime
+        self.refreshable_access_token_lifetime: Optional[
+            int
+        ] = refreshable_access_token_lifetime
 
         refresh_token_lifetime = config.get("refresh_token_lifetime")
         if refresh_token_lifetime is not None:

From dcf6f87ed49fd89209518dd67f9871e8215f8064 Mon Sep 17 00:00:00 2001
From: "Olivier Wilkinson (reivilibre)" <oliverw@matrix.org>
Date: Thu, 25 Nov 2021 14:07:05 +0000
Subject: [PATCH 2/5] Fix fallout

---
 synapse/handlers/register.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index 8136ae264d22..ef3627f56c9b 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -812,7 +812,10 @@ class and RegisterDeviceReplicationServlet.
             assert access_token_expiry is None
             access_token = self.macaroon_gen.generate_guest_access_token(user_id)
         else:
-            if should_issue_refresh_token:
+            if (
+                should_issue_refresh_token
+                and self.refreshable_access_token_lifetime is not None
+            ):
                 now_ms = self.clock.time_msec()
 
                 # Set the expiry time of the refreshable access token

From 43325e45840bc2c207dabaacaae326317e9c7e87 Mon Sep 17 00:00:00 2001
From: "Olivier Wilkinson (reivilibre)" <oliverw@matrix.org>
Date: Thu, 25 Nov 2021 14:07:39 +0000
Subject: [PATCH 3/5] Add desired type annotation to refresh_token_lifetime

---
 synapse/config/registration.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index c1df5a48d3db..1ddad7cb7096 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -131,7 +131,7 @@ def read_config(self, config, **kwargs):
         refresh_token_lifetime = config.get("refresh_token_lifetime")
         if refresh_token_lifetime is not None:
             refresh_token_lifetime = self.parse_duration(refresh_token_lifetime)
-        self.refresh_token_lifetime = refresh_token_lifetime
+        self.refresh_token_lifetime: Optional[int] = refresh_token_lifetime
 
         # The fallback template used for authenticating using a registration token
         self.registration_token_template = self.read_template("registration_token.html")

From b25e2b9285145a52e12f673e6edf7eb966f820ef Mon Sep 17 00:00:00 2001
From: "Olivier Wilkinson (reivilibre)" <oliverw@matrix.org>
Date: Thu, 25 Nov 2021 14:08:53 +0000
Subject: [PATCH 4/5] Newsfile

Signed-off-by: Olivier Wilkinson (reivilibre) <oliverw@matrix.org>
---
 changelog.d/11428.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/11428.misc

diff --git a/changelog.d/11428.misc b/changelog.d/11428.misc
new file mode 100644
index 000000000000..2f814fa5fb30
--- /dev/null
+++ b/changelog.d/11428.misc
@@ -0,0 +1 @@
+Add type annotations to some of the configuration surrounding refresh tokens.
\ No newline at end of file

From 774909429797a5766c8455b4385f5d32a11371dc Mon Sep 17 00:00:00 2001
From: "Olivier Wilkinson (reivilibre)" <oliverw@matrix.org>
Date: Mon, 29 Nov 2021 13:03:40 +0000
Subject: [PATCH 5/5] Assert rather than checking something that we know to be
 true in a sane world

---
 synapse/handlers/register.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index ef3627f56c9b..24ca11b9240c 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -812,10 +812,12 @@ class and RegisterDeviceReplicationServlet.
             assert access_token_expiry is None
             access_token = self.macaroon_gen.generate_guest_access_token(user_id)
         else:
-            if (
-                should_issue_refresh_token
-                and self.refreshable_access_token_lifetime is not None
-            ):
+            if should_issue_refresh_token:
+                # A refreshable access token lifetime must be configured
+                # since we're told to issue a refresh token (the caller checks
+                # that this value is set before setting this flag).
+                assert self.refreshable_access_token_lifetime is not None
+
                 now_ms = self.clock.time_msec()
 
                 # Set the expiry time of the refreshable access token