diff options
| author | reivilibre <oliverw@matrix.org> | 2022-05-27 10:44:51 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-27 09:44:51 +0000 |
| commit | 7b88f5a107ce9751365f9f2393521ef3d62afde8 (patch) | |
| tree | b93a748112b6ea0c0dc038f9755f0ee0683de67f /synapse/config/auth.py | |
| parent | Improve URL previews by not including the content of media tags in the genera... (diff) | |
| download | synapse-7b88f5a107ce9751365f9f2393521ef3d62afde8.tar.xz | |
Add an option allowing users to use their password to reauthenticate even though password authentication is disabled. (#12883)
Diffstat (limited to 'synapse/config/auth.py')
| -rw-r--r-- | synapse/config/auth.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/synapse/config/auth.py b/synapse/config/auth.py index bb417a2359..265a554a5d 100644 --- a/synapse/config/auth.py +++ b/synapse/config/auth.py @@ -29,7 +29,18 @@ class AuthConfig(Config): if password_config is None: password_config = {} - self.password_enabled = password_config.get("enabled", True) + passwords_enabled = password_config.get("enabled", True) + # 'only_for_reauth' allows users who have previously set a password to use it, + # even though passwords would otherwise be disabled. + passwords_for_reauth_only = passwords_enabled == "only_for_reauth" + + self.password_enabled_for_login = ( + passwords_enabled and not passwords_for_reauth_only + ) + self.password_enabled_for_reauth = ( + passwords_for_reauth_only or passwords_enabled + ) + self.password_localdb_enabled = password_config.get("localdb_enabled", True) self.password_pepper = password_config.get("pepper", "") @@ -46,7 +57,9 @@ class AuthConfig(Config): def generate_config_section(self, **kwargs: Any) -> str: return """\ password_config: - # Uncomment to disable password login + # Uncomment to disable password login. + # Set to `only_for_reauth` to permit reauthentication for users that + # have passwords and are already logged in. # #enabled: false |