diff options
| author | Andrew Morgan <andrew@amorgan.xyz> | 2020-02-17 17:28:38 +0000 |
|---|---|---|
| committer | Andrew Morgan <andrew@amorgan.xyz> | 2020-02-17 17:28:38 +0000 |
| commit | e6ae24ec8b1ad404a3938c1666f3806f8bda7e03 (patch) | |
| tree | 71b98b9ebed34bee3a580853d6f0707fad7da6b2 /synapse/handlers/auth.py | |
| parent | Merge pull request #5589 from matrix-org/erikj/admin_exfiltrate_data (diff) | |
| parent | Return a different error from Invalid Password when a user is deactivated (#5... (diff) | |
| download | synapse-e6ae24ec8b1ad404a3938c1666f3806f8bda7e03.tar.xz | |
Return a different error from Invalid Password when a user is deactivated (#5674)
Diffstat (limited to 'synapse/handlers/auth.py')
| -rw-r--r-- | synapse/handlers/auth.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index c684834396..d0e7cd4707 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -35,6 +35,7 @@ from synapse.api.errors import ( LoginError, StoreError, SynapseError, + UserDeactivatedError, ) from synapse.api.ratelimiting import Ratelimiter from synapse.logging.context import defer_to_thread @@ -623,6 +624,7 @@ class AuthHandler(BaseHandler): Raises: LimitExceededError if the ratelimiter's login requests count for this user is too high too proceed. + UserDeactivatedError if a user is found but is deactivated. """ self.ratelimit_login_per_account(user_id) res = yield self._find_user_id_and_pwd_hash(user_id) @@ -838,6 +840,13 @@ class AuthHandler(BaseHandler): if not lookupres: defer.returnValue(None) (user_id, password_hash) = lookupres + + # If the password hash is None, the account has likely been deactivated + if not password_hash: + deactivated = yield self.store.get_user_deactivated_status(user_id) + if deactivated: + raise UserDeactivatedError("This account has been deactivated") + result = yield self.validate_hash(password, password_hash) if not result: logger.warn("Failed password login for user %s", user_id) |