diff options
author | Richard van der Hoff <richard@matrix.org> | 2016-10-11 11:34:40 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2016-10-11 11:34:40 +0100 |
commit | fa74fcf5120998e0bdb030638ce391914198f648 (patch) | |
tree | 438f1dd520902e40ebc1cb4c29db225033e0dd52 /synapse/handlers/auth.py | |
parent | Merge pull request #1160 from matrix-org/rav/401_on_password_fail (diff) | |
download | synapse-fa74fcf5120998e0bdb030638ce391914198f648.tar.xz |
Work around email-spamming Riot bug
5d9546f9 introduced a change to synapse behaviour, in that failures in the interactive-auth process would return the flows and params data as well as an error code (as specced in https://github.com/matrix-org/matrix-doc/pull/397). That change exposed a bug in Riot which would make it request a new validation token (and send a new email) each time it got a 401 with a `flows` parameter (see https://github.com/vector-im/vector-web/issues/2447 and the fix at https://github.com/matrix-org/matrix-react-sdk/pull/510). To preserve compatibility with broken versions of Riot, grandfather in the old behaviour for the email validation stage.
Diffstat (limited to '')
-rw-r--r-- | synapse/handlers/auth.py | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 51888d1f97..6b8de1e7cf 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -150,14 +150,25 @@ class AuthHandler(BaseHandler): # check auth type currently being presented errordict = {} if 'type' in authdict: - if authdict['type'] not in self.checkers: + login_type = authdict['type'] + if login_type not in self.checkers: raise LoginError(400, "", Codes.UNRECOGNIZED) try: - result = yield self.checkers[authdict['type']](authdict, clientip) + result = yield self.checkers[login_type](authdict, clientip) if result: - creds[authdict['type']] = result + creds[login_type] = result self._save_session(session) except LoginError, e: + if login_type == LoginType.EMAIL_IDENTITY: + # riot used to have a bug where it would request a new + # validation token (thus sending a new email) each time it + # got a 401 with a 'flows' field. + # (https://github.com/vector-im/vector-web/issues/2447). + # + # Grandfather in the old behaviour for now to avoid + # breaking old riot deployments. + raise e + # this step failed. Merge the error dict into the response # so that the client can have another go. errordict = e.error_dict() |