From fcd8703508ce5bfe481fc2f1510b05731477ce32 Mon Sep 17 00:00:00 2001
From: Jan Christian Grünhage <jan.christian@gruenhage.xyz>
Date: Mon, 6 Jun 2022 13:10:13 +0200
Subject: Allow updating passwords using the admin api without logging out
 devices (#12952)

---
 synapse/rest/admin/users.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'synapse')

diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
index 8e29ada8a0..f0614a2897 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -226,6 +226,13 @@ class UserRestServletV2(RestServlet):
             if not isinstance(password, str) or len(password) > 512:
                 raise SynapseError(HTTPStatus.BAD_REQUEST, "Invalid password")
 
+        logout_devices = body.get("logout_devices", True)
+        if not isinstance(logout_devices, bool):
+            raise SynapseError(
+                HTTPStatus.BAD_REQUEST,
+                "'logout_devices' parameter is not of type boolean",
+            )
+
         deactivate = body.get("deactivated", False)
         if not isinstance(deactivate, bool):
             raise SynapseError(
@@ -305,7 +312,6 @@ class UserRestServletV2(RestServlet):
                     await self.store.set_server_admin(target_user, set_admin_to)
 
             if password is not None:
-                logout_devices = True
                 new_password_hash = await self.auth_handler.hash(password)
 
                 await self.set_password_handler.set_password(
-- 
cgit 1.4.1