diff options
author | Patrick Cloke <patrickc@matrix.org> | 2020-05-18 11:10:04 -0400 |
---|---|---|
committer | Patrick Cloke <patrickc@matrix.org> | 2020-05-18 11:10:04 -0400 |
commit | ee421e524478c1ad8d43741c27379499c2f6135c (patch) | |
tree | f89dfec1c42ba0e18c1eb71f94cd4742deeb17de /synapse/rest/admin/users.py | |
parent | Allow ReplicationRestResource to be added to workers (#7515) (diff) | |
parent | 1.13.0rc3 (diff) | |
download | synapse-ee421e524478c1ad8d43741c27379499c2f6135c.tar.xz |
Merge tag 'v1.13.0rc3' into develop
Synapse 1.13.0rc3 (2020-05-18) Bugfixes: - Hash passwords as early as possible during registration. #7523
Diffstat (limited to 'synapse/rest/admin/users.py')
-rw-r--r-- | synapse/rest/admin/users.py | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py index 593ce011e8..326682fbdb 100644 --- a/synapse/rest/admin/users.py +++ b/synapse/rest/admin/users.py @@ -243,11 +243,11 @@ class UserRestServletV2(RestServlet): else: # create user password = body.get("password") - if password is not None and ( - not isinstance(body["password"], text_type) - or len(body["password"]) > 512 - ): - raise SynapseError(400, "Invalid password") + password_hash = None + if password is not None: + if not isinstance(password, text_type) or len(password) > 512: + raise SynapseError(400, "Invalid password") + password_hash = await self.auth_handler.hash(password) admin = body.get("admin", None) user_type = body.get("user_type", None) @@ -259,7 +259,7 @@ class UserRestServletV2(RestServlet): user_id = await self.registration_handler.register_user( localpart=target_user.localpart, - password=password, + password_hash=password_hash, admin=bool(admin), default_display_name=displayname, user_type=user_type, @@ -298,7 +298,7 @@ class UserRegisterServlet(RestServlet): NONCE_TIMEOUT = 60 def __init__(self, hs): - self.handlers = hs.get_handlers() + self.auth_handler = hs.get_auth_handler() self.reactor = hs.get_reactor() self.nonces = {} self.hs = hs @@ -362,16 +362,16 @@ class UserRegisterServlet(RestServlet): 400, "password must be specified", errcode=Codes.BAD_JSON ) else: - if ( - not isinstance(body["password"], text_type) - or len(body["password"]) > 512 - ): + password = body["password"] + if not isinstance(password, text_type) or len(password) > 512: raise SynapseError(400, "Invalid password") - password = body["password"].encode("utf-8") - if b"\x00" in password: + password_bytes = password.encode("utf-8") + if b"\x00" in password_bytes: raise SynapseError(400, "Invalid password") + password_hash = await self.auth_handler.hash(password) + admin = body.get("admin", None) user_type = body.get("user_type", None) @@ -388,7 +388,7 @@ class UserRegisterServlet(RestServlet): want_mac_builder.update(b"\x00") want_mac_builder.update(username) want_mac_builder.update(b"\x00") - want_mac_builder.update(password) + want_mac_builder.update(password_bytes) want_mac_builder.update(b"\x00") want_mac_builder.update(b"admin" if admin else b"notadmin") if user_type: @@ -407,7 +407,7 @@ class UserRegisterServlet(RestServlet): user_id = await register.registration_handler.register_user( localpart=body["username"].lower(), - password=body["password"], + password_hash=password_hash, admin=bool(admin), user_type=user_type, ) |