From 89a23c940672944acd98db58085cdc38191515a8 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <clokep@users.noreply.github.com>
Date: Fri, 19 May 2023 08:06:54 -0400
Subject: Do not allow deactivated users to login with JWT. (#15624)

To improve the organization of this code it moves the JWT login
checks to a separate handler and then fixes the bug (and a
deprecation warning).
---
 synapse/server.py | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'synapse/server.py')

diff --git a/synapse/server.py b/synapse/server.py
index b307295789..aa90465047 100644
--- a/synapse/server.py
+++ b/synapse/server.py
@@ -147,6 +147,7 @@ logger = logging.getLogger(__name__)
 if TYPE_CHECKING:
     from txredisapi import ConnectionHandler
 
+    from synapse.handlers.jwt import JwtHandler
     from synapse.handlers.oidc import OidcHandler
     from synapse.handlers.saml import SamlHandler
 
@@ -533,6 +534,12 @@ class HomeServer(metaclass=abc.ABCMeta):
     def get_sso_handler(self) -> SsoHandler:
         return SsoHandler(self)
 
+    @cache_in_self
+    def get_jwt_handler(self) -> "JwtHandler":
+        from synapse.handlers.jwt import JwtHandler
+
+        return JwtHandler(self)
+
     @cache_in_self
     def get_sync_handler(self) -> SyncHandler:
         return SyncHandler(self)
-- 
cgit 1.4.1