diff options
author | Patrick Cloke <clokep@users.noreply.github.com> | 2020-12-18 07:33:57 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-18 07:33:57 -0500 |
commit | 5d4c330ed979b0d60efe5f80fd76de8f162263a1 (patch) | |
tree | 5aa8056a61519bf53d3c15b445d004a0cf269047 /synapse/rest/client/v2_alpha/account.py | |
parent | Ensure that a URL exists in the content during push. (#8965) (diff) | |
download | synapse-5d4c330ed979b0d60efe5f80fd76de8f162263a1.tar.xz |
Allow re-using a UI auth validation for a period of time (#8970)
Diffstat (limited to 'synapse/rest/client/v2_alpha/account.py')
-rw-r--r-- | synapse/rest/client/v2_alpha/account.py | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index eebee44a44..d837bde1d6 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -254,14 +254,18 @@ class PasswordRestServlet(RestServlet): logger.error("Auth succeeded but no known type! %r", result.keys()) raise SynapseError(500, "", Codes.UNKNOWN) - # If we have a password in this request, prefer it. Otherwise, there - # must be a password hash from an earlier request. + # If we have a password in this request, prefer it. Otherwise, use the + # password hash from an earlier request. if new_password: password_hash = await self.auth_handler.hash(new_password) - else: + elif session_id is not None: password_hash = await self.auth_handler.get_session_data( session_id, "password_hash", None ) + else: + # UI validation was skipped, but the request did not include a new + # password. + password_hash = None if not password_hash: raise SynapseError(400, "Missing params: password", Codes.MISSING_PARAM) |