mirror of
https://mau.dev/maunium/synapse.git
synced 2025-01-05 00:23:58 +01:00
Remove ultimately unused feature of saving params from the first call in the session: it's probably too open to abuse.
This commit is contained in:
parent
a2c10d37d7
commit
0eb61a3d16
1 changed files with 10 additions and 2 deletions
|
@ -78,8 +78,16 @@ class AuthHandler(BaseHandler):
|
||||||
sess = self._get_session_info(sid)
|
sess = self._get_session_info(sid)
|
||||||
|
|
||||||
if len(clientdict) > 0:
|
if len(clientdict) > 0:
|
||||||
sess['clientdict'] = clientdict
|
# This was designed to allow the client to omit the parameters
|
||||||
self._save_session(sess)
|
# and just supply the session in subsequent calls so it split
|
||||||
|
# auth between devices by just sharing the session, (eg. so you
|
||||||
|
# could continue registration from your phone having clicked the
|
||||||
|
# email auth link on there). It's probably too open to abuse
|
||||||
|
# because it lets unauthenticated clients store arbitrary objects
|
||||||
|
# on a home server.
|
||||||
|
#sess['clientdict'] = clientdict
|
||||||
|
#self._save_session(sess)
|
||||||
|
pass
|
||||||
elif 'clientdict' in sess:
|
elif 'clientdict' in sess:
|
||||||
clientdict = sess['clientdict']
|
clientdict = sess['clientdict']
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue