summary refs log tree commit diff
path: root/synapse/handlers
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2020-05-20 09:48:03 -0400
committerGitHub <noreply@github.com>2020-05-20 09:48:03 -0400
commit9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e (patch)
treea1ac09304420767e4448472f387d15aca375f813 /synapse/handlers
parentMinor clarifications to the TURN docs (#7533) (diff)
downloadsynapse-9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e.tar.xz
Hash passwords earlier in the password reset process (#7538)
This now matches the logic of the registration process as modified in
56db0b1365965c02ff539193e26c333b7f70d101 / #7523.
Diffstat (limited to 'synapse/handlers')
-rw-r--r--synapse/handlers/set_password.py5
1 files changed, 1 insertions, 4 deletions
diff --git a/synapse/handlers/set_password.py b/synapse/handlers/set_password.py
index 63d8f9aa0d..4d245b618b 100644
--- a/synapse/handlers/set_password.py
+++ b/synapse/handlers/set_password.py
@@ -35,16 +35,13 @@ class SetPasswordHandler(BaseHandler):
     async def set_password(
         self,
         user_id: str,
-        new_password: str,
+        password_hash: str,
         logout_devices: bool,
         requester: Optional[Requester] = None,
     ):
         if not self.hs.config.password_localdb_enabled:
             raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)
 
-        self._password_policy_handler.validate_password(new_password)
-        password_hash = await self._auth_handler.hash(new_password)
-
         try:
             await self.store.user_set_password_hash(user_id, password_hash)
         except StoreError as e: