diff options
| author | Patrick Cloke <clokep@users.noreply.github.com> | 2023-09-08 08:57:56 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-08 08:57:56 -0400 |
| commit | 69b74d9330e42fc91a9c7423d00a06cd6d3732bf (patch) | |
| tree | 7140c417741cea23e32ac1ac6cd05d907bbf60b4 /synapse | |
| parent | Raise setuptools_rust version cap to 1.7.0 (#16277) (diff) | |
| download | synapse-69b74d9330e42fc91a9c7423d00a06cd6d3732bf.tar.xz | |
Avoid temporary storage of sensitive information. (#16272)
During the UI auth process, avoid storing sensitive information into the database.
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/rest/client/account.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/synapse/rest/client/account.py b/synapse/rest/client/account.py index 196b292890..49cd0805fd 100644 --- a/synapse/rest/client/account.py +++ b/synapse/rest/client/account.py @@ -186,7 +186,7 @@ class PasswordRestServlet(RestServlet): params, session_id = await self.auth_handler.validate_user_via_ui_auth( requester, request, - body.dict(exclude_unset=True), + body.dict(exclude_unset=True, exclude={"new_password"}), "modify your account password", ) user_id = requester.user.to_string() @@ -194,7 +194,7 @@ class PasswordRestServlet(RestServlet): result, params, session_id = await self.auth_handler.check_ui_auth( [[LoginType.EMAIL_IDENTITY]], request, - body.dict(exclude_unset=True), + body.dict(exclude_unset=True, exclude={"new_password"}), "modify your account password", ) |