Support SAML in the user interactive authentication workflow. (#7102)

author: Patrick Cloke <clokep@users.noreply.github.com> 2020-04-01 08:48:00 -0400
committer: GitHub <noreply@github.com> 2020-04-01 08:48:00 -0400
commit: b9930d24a05e47c36845d8607b12a45eea889be0 (patch)
tree: d6411d13b03978cc8b16d4daba04d0016cc0aff0 /synapse/rest/client/v2_alpha/account.py
parent: Allow admins to create aliases when they are not in the room (#7191) (diff)
download: synapse-b9930d24a05e47c36845d8607b12a45eea889be0.tar.xz
1 files changed, 16 insertions, 3 deletions
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
index f80b5e40ea..31435b1e1c 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -234,7 +234,11 @@ class PasswordRestServlet(RestServlet):
         if self.auth.has_access_token(request):
             requester = await self.auth.get_user_by_req(request)
             params = await self.auth_handler.validate_user_via_ui_auth(
-                requester, request, body, self.hs.get_ip_from_request(request),
+                requester,
+                request,
+                body,
+                self.hs.get_ip_from_request(request),
+                "modify your account password",
             )
             user_id = requester.user.to_string()
         else:
@@ -244,6 +248,7 @@ class PasswordRestServlet(RestServlet):
                 request,
                 body,
                 self.hs.get_ip_from_request(request),
+                "modify your account password",
             )
 
             if LoginType.EMAIL_IDENTITY in result:
@@ -311,7 +316,11 @@ class DeactivateAccountRestServlet(RestServlet):
             return 200, {}
 
         await self.auth_handler.validate_user_via_ui_auth(
-            requester, request, body, self.hs.get_ip_from_request(request),
+            requester,
+            request,
+            body,
+            self.hs.get_ip_from_request(request),
+            "deactivate your account",
         )
         result = await self._deactivate_account_handler.deactivate_account(
             requester.user.to_string(), erase, id_server=body.get("id_server")
@@ -669,7 +678,11 @@ class ThreepidAddRestServlet(RestServlet):
         assert_valid_client_secret(client_secret)
 
         await self.auth_handler.validate_user_via_ui_auth(
-            requester, request, body, self.hs.get_ip_from_request(request),
+            requester,
+            request,
+            body,
+            self.hs.get_ip_from_request(request),
+            "add a third-party identifier to your account",
         )
 
         validation_session = await self.identity_handler.validate_threepid_session(
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-04-01 08:48:00 -0400
committer	GitHub <noreply@github.com>	2020-04-01 08:48:00 -0400
commit	b9930d24a05e47c36845d8607b12a45eea889be0 (patch)
tree	d6411d13b03978cc8b16d4daba04d0016cc0aff0 /synapse/rest/client/v2_alpha/account.py
parent	Allow admins to create aliases when they are not in the room (#7191) (diff)
download	synapse-b9930d24a05e47c36845d8607b12a45eea889be0.tar.xz