summary refs log tree commit diff
path: root/synapse/rest
diff options
context:
space:
mode:
authorMathieu Velten <mathieuv@matrix.org>2023-08-10 11:10:55 +0200
committerGitHub <noreply@github.com>2023-08-10 09:10:55 +0000
commitdac97642e41f3f4bc0deff0c80b6a3f7acb4dbc0 (patch)
treed13c5ad7f19ee84223129dd1693331f8866d952c /synapse/rest
parentSupport MSC3814: Dehydrated Devices Part 2 (#16010) (diff)
downloadsynapse-dac97642e41f3f4bc0deff0c80b6a3f7acb4dbc0.tar.xz
Implements admin API to lock an user (MSC3939) (#15870)
Diffstat (limited to '')
-rw-r--r--synapse/rest/admin/users.py17


-rw-r--r--synapse/rest/client/logout.py8


2 files changed, 23 insertions, 2 deletions
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py

index e0257daa75..04d9ef25b7 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -280,6 +280,17 @@ class UserRestServletV2(RestServlet):
                 HTTPStatus.BAD_REQUEST, "'deactivated' parameter is not of type boolean"
             )
 
+        lock = body.get("locked", False)
+        if not isinstance(lock, bool):
+            raise SynapseError(
+                HTTPStatus.BAD_REQUEST, "'locked' parameter is not of type boolean"
+            )
+
+        if deactivate and lock:
+            raise SynapseError(
+                HTTPStatus.BAD_REQUEST, "An user can't be deactivated and locked"
+            )
+
         approved: Optional[bool] = None
         if "approved" in body and self._msc3866_enabled:
             approved = body["approved"]
@@ -397,6 +408,12 @@ class UserRestServletV2(RestServlet):
                         target_user.to_string()
                     )
 
+            if "locked" in body:
+                if lock and not user["locked"]:
+                    await self.store.set_user_locked_status(user_id, True)
+                elif not lock and user["locked"]:
+                    await self.store.set_user_locked_status(user_id, False)
+
             if "user_type" in body:
                 await self.store.set_user_type(target_user, user_type)
 
diff --git a/synapse/rest/client/logout.py b/synapse/rest/client/logout.py

index 94ad90942f..2e104d4888 100644
--- a/synapse/rest/client/logout.py
+++ b/synapse/rest/client/logout.py
@@ -40,7 +40,9 @@ class LogoutRestServlet(RestServlet):
         self._device_handler = handler
 
     async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
-        requester = await self.auth.get_user_by_req(request, allow_expired=True)
+        requester = await self.auth.get_user_by_req(
+            request, allow_expired=True, allow_locked=True
+        )
 
         if requester.device_id is None:
             # The access token wasn't associated with a device.
@@ -67,7 +69,9 @@ class LogoutAllRestServlet(RestServlet):
         self._device_handler = handler
 
     async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
-        requester = await self.auth.get_user_by_req(request, allow_expired=True)
+        requester = await self.auth.get_user_by_req(
+            request, allow_expired=True, allow_locked=True
+        )
         user_id = requester.user.to_string()
 
         # first delete all of the user's devices

 

generated by cgit-magenta 1.5.1 (git 2.48.1) at 2026-01-04 08:06:16 +0000