Hash passwords earlier in the password reset process (#7538)

This now matches the logic of the registration process as modified in 56db0b1365965c02ff539193e26c333b7f70d101 / #7523.
author: Patrick Cloke <clokep@users.noreply.github.com> 2020-05-20 09:48:03 -0400
committer: GitHub <noreply@github.com> 2020-05-20 09:48:03 -0400
commit: 9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e (patch)
tree: a1ac09304420767e4448472f387d15aca375f813 /synapse/handlers/set_password.py
parent: Minor clarifications to the TURN docs (#7533) (diff)
download: synapse-9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e.tar.xz
1 files changed, 1 insertions, 4 deletions
diff --git a/synapse/handlers/set_password.py b/synapse/handlers/set_password.py
index 63d8f9aa0d..4d245b618b 100644
--- a/synapse/handlers/set_password.py
+++ b/synapse/handlers/set_password.py
@@ -35,16 +35,13 @@ class SetPasswordHandler(BaseHandler):
     async def set_password(
         self,
         user_id: str,
-        new_password: str,
+        password_hash: str,
         logout_devices: bool,
         requester: Optional[Requester] = None,
     ):
         if not self.hs.config.password_localdb_enabled:
             raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)
 
-        self._password_policy_handler.validate_password(new_password)
-        password_hash = await self._auth_handler.hash(new_password)
-
         try:
             await self.store.user_set_password_hash(user_id, password_hash)
         except StoreError as e:
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-05-20 09:48:03 -0400
committer	GitHub <noreply@github.com>	2020-05-20 09:48:03 -0400
commit	9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e (patch)
tree	a1ac09304420767e4448472f387d15aca375f813 /synapse/handlers/set_password.py
parent	Minor clarifications to the TURN docs (#7533) (diff)
download	synapse-9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e.tar.xz