mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-14 11:43:51 +01:00
Don't warn user about password reset disabling through config code (#5387)
Moves the warning about password resets being disabled to the point where a user actually tries to reset their password. Is this an appropriate place for it to happen? Also removed the disabling of msisdn password resets when you don't have an email config, as that just doesn't make sense. Also change the error a user receives upon disabled passwords to specify that only email-based password reset is disabled.
This commit is contained in:
parent
94dac0f3e5
commit
2ddc13577c
3 changed files with 21 additions and 10 deletions
1
changelog.d/5387.bugfix
Normal file
1
changelog.d/5387.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Warn about disabling email-based password resets when a reset occurs, and remove warning when someone attempts a phone-based reset.
|
|
@ -19,15 +19,12 @@ from __future__ import print_function
|
||||||
|
|
||||||
# This file can't be called email.py because if it is, we cannot:
|
# This file can't be called email.py because if it is, we cannot:
|
||||||
import email.utils
|
import email.utils
|
||||||
import logging
|
|
||||||
import os
|
import os
|
||||||
|
|
||||||
import pkg_resources
|
import pkg_resources
|
||||||
|
|
||||||
from ._base import Config, ConfigError
|
from ._base import Config, ConfigError
|
||||||
|
|
||||||
logger = logging.getLogger(__name__)
|
|
||||||
|
|
||||||
|
|
||||||
class EmailConfig(Config):
|
class EmailConfig(Config):
|
||||||
def read_config(self, config):
|
def read_config(self, config):
|
||||||
|
@ -85,10 +82,12 @@ class EmailConfig(Config):
|
||||||
self.email_password_reset_behaviour = (
|
self.email_password_reset_behaviour = (
|
||||||
"remote" if email_trust_identity_server_for_password_resets else "local"
|
"remote" if email_trust_identity_server_for_password_resets else "local"
|
||||||
)
|
)
|
||||||
|
self.password_resets_were_disabled_due_to_email_config = False
|
||||||
if self.email_password_reset_behaviour == "local" and email_config == {}:
|
if self.email_password_reset_behaviour == "local" and email_config == {}:
|
||||||
logger.warn(
|
# We cannot warn the user this has happened here
|
||||||
"User password resets have been disabled due to lack of email config"
|
# Instead do so when a user attempts to reset their password
|
||||||
)
|
self.password_resets_were_disabled_due_to_email_config = True
|
||||||
|
|
||||||
self.email_password_reset_behaviour = "off"
|
self.email_password_reset_behaviour = "off"
|
||||||
|
|
||||||
# Get lifetime of a validation token in milliseconds
|
# Get lifetime of a validation token in milliseconds
|
||||||
|
|
|
@ -68,7 +68,13 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_POST(self, request):
|
def on_POST(self, request):
|
||||||
if self.config.email_password_reset_behaviour == "off":
|
if self.config.email_password_reset_behaviour == "off":
|
||||||
raise SynapseError(400, "Password resets have been disabled on this server")
|
if self.config.password_resets_were_disabled_due_to_email_config:
|
||||||
|
logger.warn(
|
||||||
|
"User password resets have been disabled due to lack of email config"
|
||||||
|
)
|
||||||
|
raise SynapseError(
|
||||||
|
400, "Email-based password resets have been disabled on this server",
|
||||||
|
)
|
||||||
|
|
||||||
body = parse_json_object_from_request(request)
|
body = parse_json_object_from_request(request)
|
||||||
|
|
||||||
|
@ -196,9 +202,6 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_POST(self, request):
|
def on_POST(self, request):
|
||||||
if not self.config.email_password_reset_behaviour == "off":
|
|
||||||
raise SynapseError(400, "Password resets have been disabled on this server")
|
|
||||||
|
|
||||||
body = parse_json_object_from_request(request)
|
body = parse_json_object_from_request(request)
|
||||||
|
|
||||||
assert_params_in_dict(body, [
|
assert_params_in_dict(body, [
|
||||||
|
@ -251,6 +254,14 @@ class PasswordResetSubmitTokenServlet(RestServlet):
|
||||||
400,
|
400,
|
||||||
"This medium is currently not supported for password resets",
|
"This medium is currently not supported for password resets",
|
||||||
)
|
)
|
||||||
|
if self.config.email_password_reset_behaviour == "off":
|
||||||
|
if self.config.password_resets_were_disabled_due_to_email_config:
|
||||||
|
logger.warn(
|
||||||
|
"User password resets have been disabled due to lack of email config"
|
||||||
|
)
|
||||||
|
raise SynapseError(
|
||||||
|
400, "Email-based password resets have been disabled on this server",
|
||||||
|
)
|
||||||
|
|
||||||
sid = parse_string(request, "sid")
|
sid = parse_string(request, "sid")
|
||||||
client_secret = parse_string(request, "client_secret")
|
client_secret = parse_string(request, "client_secret")
|
||||||
|
|
Loading…
Reference in a new issue