diff options
author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2019-07-15 11:45:29 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-15 11:45:29 +0100 |
commit | 18c516698e78004df39ec62c3fc08ff03313ba4e (patch) | |
tree | f77ee0a55dae567f16ebcadc8c33428381c35607 /synapse/handlers/auth.py | |
parent | Merge pull request #5589 from matrix-org/erikj/admin_exfiltrate_data (diff) | |
download | synapse-18c516698e78004df39ec62c3fc08ff03313ba4e.tar.xz |
Return a different error from Invalid Password when a user is deactivated (#5674)
Return `This account has been deactivated` instead of `Invalid password` when a user is deactivated.
Diffstat (limited to 'synapse/handlers/auth.py')
-rw-r--r-- | synapse/handlers/auth.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index b74a6e9c62..d4d6574975 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -35,6 +35,7 @@ from synapse.api.errors import ( LoginError, StoreError, SynapseError, + UserDeactivatedError, ) from synapse.api.ratelimiting import Ratelimiter from synapse.logging.context import defer_to_thread @@ -623,6 +624,7 @@ class AuthHandler(BaseHandler): Raises: LimitExceededError if the ratelimiter's login requests count for this user is too high too proceed. + UserDeactivatedError if a user is found but is deactivated. """ self.ratelimit_login_per_account(user_id) res = yield self._find_user_id_and_pwd_hash(user_id) @@ -838,6 +840,13 @@ class AuthHandler(BaseHandler): if not lookupres: defer.returnValue(None) (user_id, password_hash) = lookupres + + # If the password hash is None, the account has likely been deactivated + if not password_hash: + deactivated = yield self.store.get_user_deactivated_status(user_id) + if deactivated: + raise UserDeactivatedError("This account has been deactivated") + result = yield self.validate_hash(password, password_hash) if not result: logger.warn("Failed password login for user %s", user_id) |