Create user with expiry

[negzi]

• Add unit tests for client, api and handler

[matrixbot]

Can one of the admins verify this patch?

[matrixbot]

Can one of the admins verify this patch?

[matrixbot]

Can one of the admins verify this patch?

[matrixbot]

Can one of the admins verify this patch?

[negzi]

Does this need to use an AS? AS's require a fair bit of config to set up, which isn't ideal if the only thing the other server needs to do is to create users. On the other hand, using an AS means that you can ensure the other server only creates users with a certain prefix.

- The reason for using AS with AS auth which gives full access to home server.

Could the other server register the user once, and then store a token? As the other server could simply add the time constraint to the macaroon/token itself each time it served the token to whatever used it.
- saving tokens and reusing then would be too inconvenient

There is also the registration_shared_secret config option that might be another way of doing this; instead of requiring the other server be a registered AS, auth using the registration shared secret.
- the createUser API gives full access to the homeserver.

[erikjohnston]

I prefer to never use plain except: and to always specify the exception type. Otherwise, its very easy for other exceptions to get swallowed and incorrectly handled, leading to a lot of confusion while debugging.

In this case I think it should be except ValueError:

[erikjohnston]

Oops :/ Thanks for the comments Erik. I will need to fix and test it on Sunday though (Flying to London soon and back on Sunday).

No worries, sorry for the delay in review. Enjoy your trip!

@matrixbot ok to test

[erikjohnston]

Might be worth calling the short_term_user_max_duration, just to spell out it only affects short term users?

[erikjohnston]

Oh, but it affects all users if expire_access_token is on?

[negzi]

Yes, but by default it is False.

[erikjohnston]

This looks good now! Just need you to sign off the PR: https://github.com/matrix-org/synapse/blob/master/CONTRIBUTING.rst#sign-off. Feel free to add yourself to AUTHORS.rst :)

It might also be nice to separate out expiration of users created via /createUser and created via normal login, but I'm happy to merge as is.

[negzi]

Thanks for the review Erik, I really appreciate it :)

[rubo77]

I couldn't find anything in the changelog.

Did this add a functionality to automatically desable a user after a certain period? Or did it add a timeout only on user creation, if the user is not created within the timeout?