summary refs log tree commit diff
path: root/synapse/rest/client
diff options
context:
space:
mode:
authorDavid Baker <dave@matrix.org>2017-11-01 16:20:19 +0000
committerDavid Baker <dave@matrix.org>2017-11-01 16:20:19 +0000
commit4f0488b3070b53596bba78a6446ff09a1c50ca16 (patch)
tree0eeb49822a2f016e77a54ec77643b33dde0a301b /synapse/rest/client
parentMove access token deletion into auth handler (diff)
parentMerge pull request #2615 from matrix-org/rav/break_auth_device_dep (diff)
downloadsynapse-4f0488b3070b53596bba78a6446ff09a1c50ca16.tar.xz
Merge remote-tracking branch 'origin/develop' into rav/refactor_accesstoken_delete
Diffstat (limited to 'synapse/rest/client')
-rw-r--r--synapse/rest/client/v1/login.py13
-rw-r--r--synapse/rest/client/v2_alpha/groups.py4
-rw-r--r--synapse/rest/client/v2_alpha/register.py1
3 files changed, 12 insertions, 6 deletions
diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py
index d24590011b..d25a68e753 100644
--- a/synapse/rest/client/v1/login.py
+++ b/synapse/rest/client/v1/login.py
@@ -166,6 +166,16 @@ class LoginRestServlet(ClientV1RestServlet):
         Returns:
             (int, object): HTTP code/response
         """
+        # Log the request we got, but only certain fields to minimise the chance of
+        # logging someone's password (even if they accidentally put it in the wrong
+        # field)
+        logger.info(
+            "Got login request with identifier: %r, medium: %r, address: %r, user: %r",
+            login_submission.get('identifier'),
+            login_submission.get('medium'),
+            login_submission.get('address'),
+            login_submission.get('user'),
+        )
         login_submission_legacy_convert(login_submission)
 
         if "identifier" not in login_submission:
@@ -219,7 +229,6 @@ class LoginRestServlet(ClientV1RestServlet):
         )
         access_token = yield auth_handler.get_access_token_for_user_id(
             canonical_user_id, device_id,
-            login_submission.get("initial_device_display_name"),
         )
 
         result = {
@@ -241,7 +250,6 @@ class LoginRestServlet(ClientV1RestServlet):
         device_id = yield self._register_device(user_id, login_submission)
         access_token = yield auth_handler.get_access_token_for_user_id(
             user_id, device_id,
-            login_submission.get("initial_device_display_name"),
         )
         result = {
             "user_id": user_id,  # may have changed
@@ -284,7 +292,6 @@ class LoginRestServlet(ClientV1RestServlet):
             )
             access_token = yield auth_handler.get_access_token_for_user_id(
                 registered_user_id, device_id,
-                login_submission.get("initial_device_display_name"),
             )
 
             result = {
diff --git a/synapse/rest/client/v2_alpha/groups.py b/synapse/rest/client/v2_alpha/groups.py
index c97885cfc7..792608cd48 100644
--- a/synapse/rest/client/v2_alpha/groups.py
+++ b/synapse/rest/client/v2_alpha/groups.py
@@ -451,7 +451,7 @@ class GroupAdminRoomsServlet(RestServlet):
         requester_user_id = requester.user.to_string()
 
         content = parse_json_object_from_request(request)
-        result = yield self.groups_handler.add_room_to_group(
+        result = yield self.groups_handler.update_room_group_association(
             group_id, requester_user_id, room_id, content,
         )
 
@@ -462,7 +462,7 @@ class GroupAdminRoomsServlet(RestServlet):
         requester = yield self.auth.get_user_by_req(request)
         requester_user_id = requester.user.to_string()
 
-        result = yield self.groups_handler.remove_room_from_group(
+        result = yield self.groups_handler.delete_room_group_association(
             group_id, requester_user_id, room_id,
         )
 
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index d9a8cdbbb5..a077146c89 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -566,7 +566,6 @@ class RegisterRestServlet(RestServlet):
         access_token = (
             yield self.auth_handler.get_access_token_for_user_id(
                 user_id, device_id=device_id,
-                initial_display_name=params.get("initial_device_display_name")
             )
         )