Hash passwords earlier in the password reset process (#7538)

This now matches the logic of the registration process as modified in 56db0b1365965c02ff539193e26c333b7f70d101 / #7523.
author: Patrick Cloke <clokep@users.noreply.github.com> 2020-05-20 09:48:03 -0400
committer: GitHub <noreply@github.com> 2020-05-20 09:48:03 -0400
commit: 9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e (patch)
tree: a1ac09304420767e4448472f387d15aca375f813 /synapse/rest/client/v2_alpha/register.py
parent: Minor clarifications to the TURN docs (#7533) (diff)
download: synapse-9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index c26927f27b..addd4cae19 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -431,8 +431,8 @@ class RegisterRestServlet(RestServlet):
                 raise SynapseError(400, "Invalid password")
             self.password_policy_handler.validate_password(password)
 
-            # If the password is valid, hash it and store it back on the request.
-            # This ensures the hashed password is handled everywhere.
+            # If the password is valid, hash it and store it back on the body.
+            # This ensures that only the hashed password is handled everywhere.
             if "password_hash" in body:
                 raise SynapseError(400, "Unexpected property: password_hash")
             body["password_hash"] = await self.auth_handler.hash(password)
author	Patrick Cloke <clokep@users.noreply.github.com>	2020-05-20 09:48:03 -0400
committer	GitHub <noreply@github.com>	2020-05-20 09:48:03 -0400
commit	9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e (patch)
tree	a1ac09304420767e4448472f387d15aca375f813 /synapse/rest/client/v2_alpha/register.py
parent	Minor clarifications to the TURN docs (#7533) (diff)
download	synapse-9dc6f3075aea7c76c3d6a201f8a78ace76f99a3e.tar.xz