Return m.change_password.enabled=false if local database is disabled (#9588)

Instead of if the user does not have a password hash. This allows a SSO user to add a password to their account, but only if the local password database is configured.
author: Dirk Klimpel <5740567+dklimpel@users.noreply.github.com> 2021-03-16 16:44:25 +0100
committer: GitHub <noreply@github.com> 2021-03-16 11:44:25 -0400
commit: 8000cf131592b6edcded65ef4be20b8ac0f1bfd3 (patch)
tree: 127907a98ffdb130d16b8e955ee8a73d85e04625 /synapse/handlers/auth.py
parent: Changelog typo (diff)
download: synapse-8000cf131592b6edcded65ef4be20b8ac0f1bfd3.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index fb5f8118f0..badac8c26c 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -886,6 +886,19 @@ class AuthHandler(BaseHandler):
             )
         return result
 
+    def can_change_password(self) -> bool:
+        """Get whether users on this server are allowed to change or set a password.
+
+        Both `config.password_enabled` and `config.password_localdb_enabled` must be true.
+
+        Note that any account (even SSO accounts) are allowed to add passwords if the above
+        is true.
+
+        Returns:
+            Whether users on this server are allowed to change or set a password
+        """
+        return self._password_enabled and self._password_localdb_enabled
+
     def get_supported_login_types(self) -> Iterable[str]:
         """Get a the login types supported for the /login API
author	Dirk Klimpel <5740567+dklimpel@users.noreply.github.com>	2021-03-16 16:44:25 +0100
committer	GitHub <noreply@github.com>	2021-03-16 11:44:25 -0400
commit	8000cf131592b6edcded65ef4be20b8ac0f1bfd3 (patch)
tree	127907a98ffdb130d16b8e955ee8a73d85e04625 /synapse/handlers/auth.py
parent	Changelog typo (diff)
download	synapse-8000cf131592b6edcded65ef4be20b8ac0f1bfd3.tar.xz