diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2020-12-01 13:04:03 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-01 13:04:03 +0000 |
commit | 89f79307306ed117d9dcfe46a31a3fe1a1a5ceae (patch) | |
tree | 87810d918f3bb9d2f658fd583cb421d95aa81d82 /synapse | |
parent | Add some tests for `password_auth_providers` (#8819) (diff) | |
download | synapse-89f79307306ed117d9dcfe46a31a3fe1a1a5ceae.tar.xz |
Don't offer password login when it is disabled (#8835)
Fix a minor bug where we would offer "m.login.password" login if a custom auth provider supported it, even if password login was disabled.
Diffstat (limited to 'synapse')
-rw-r--r-- | synapse/handlers/auth.py | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 5163afd86c..588d3a60df 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -205,15 +205,23 @@ class AuthHandler(BaseHandler): # type in the list. (NB that the spec doesn't require us to do so and # clients which favour types that they don't understand over those that # they do are technically broken) + + # start out by assuming PASSWORD is enabled; we will remove it later if not. login_types = [] - if self._password_enabled: + if hs.config.password_localdb_enabled: login_types.append(LoginType.PASSWORD) + for provider in self.password_providers: if hasattr(provider, "get_supported_login_types"): for t in provider.get_supported_login_types().keys(): if t not in login_types: login_types.append(t) + + if not self._password_enabled: + login_types.remove(LoginType.PASSWORD) + self._supported_login_types = login_types + # Login types and UI Auth types have a heavy overlap, but are not # necessarily identical. Login types have SSO (and other login types) # added in the rest layer, see synapse.rest.client.v1.login.LoginRestServerlet.on_GET. |