diff options
| author | Sean Quah <seanq@matrix.org> | 2022-05-27 12:07:18 +0100 |
|---|---|---|
| committer | Sean Quah <seanq@matrix.org> | 2022-05-27 12:07:18 +0100 |
| commit | 053ca5f3ca6b913d2c4bfdc7a77cb4657bc86d68 (patch) | |
| tree | f85c93172d9b17fdffe1a835812eb8a39f4945d4 /synapse/config | |
| parent | Add storage and module API methods to get monthly active users and their apps... (diff) | |
| parent | 1.60.0rc2 (diff) | |
| download | synapse-053ca5f3ca6b913d2c4bfdc7a77cb4657bc86d68.tar.xz | |
Merge tag 'v1.60.0rc2' into develop
Synapse 1.60.0rc2 (2022-05-27) ============================== This release of Synapse adds a unique index to the `state_group_edges` table, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. Additionally, the signature of the `check_event_for_spam` module callback has changed. The previous signature has been deprecated and remains working for now. Module authors should update their modules to use the new signature where possible. See [the upgrade notes](https://github.com/matrix-org/synapse/blob/develop/docs/upgrade.md#upgrading-to-v1600) for more details. Features -------- - Add an option allowing users to use their password to reauthenticate for privileged actions even though password login is disabled. ([\#12883](https://github.com/matrix-org/synapse/issues/12883)) Bugfixes -------- - Explicitly close `ijson` coroutines once we are done with them, instead of leaving the garbage collector to close them. ([\#12875](https://github.com/matrix-org/synapse/issues/12875)) Internal Changes ---------------- - Improve URL previews by not including the content of media tags in the generated description. ([\#12887](https://github.com/matrix-org/synapse/issues/12887))
Diffstat (limited to 'synapse/config')
| -rw-r--r-- | synapse/config/auth.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/synapse/config/auth.py b/synapse/config/auth.py index bb417a2359..265a554a5d 100644 --- a/synapse/config/auth.py +++ b/synapse/config/auth.py @@ -29,7 +29,18 @@ class AuthConfig(Config): if password_config is None: password_config = {} - self.password_enabled = password_config.get("enabled", True) + passwords_enabled = password_config.get("enabled", True) + # 'only_for_reauth' allows users who have previously set a password to use it, + # even though passwords would otherwise be disabled. + passwords_for_reauth_only = passwords_enabled == "only_for_reauth" + + self.password_enabled_for_login = ( + passwords_enabled and not passwords_for_reauth_only + ) + self.password_enabled_for_reauth = ( + passwords_for_reauth_only or passwords_enabled + ) + self.password_localdb_enabled = password_config.get("localdb_enabled", True) self.password_pepper = password_config.get("pepper", "") @@ -46,7 +57,9 @@ class AuthConfig(Config): def generate_config_section(self, **kwargs: Any) -> str: return """\ password_config: - # Uncomment to disable password login + # Uncomment to disable password login. + # Set to `only_for_reauth` to permit reauthentication for users that + # have passwords and are already logged in. # #enabled: false |