forked from MirrorHub/synapse
Make deleting other access tokens when you change your password actually work
This commit is contained in:
parent
78adccfaf4
commit
d19e79ecc9
2 changed files with 15 additions and 6 deletions
|
@ -65,12 +65,15 @@ class PasswordRestServlet(RestServlet):
|
||||||
raise SynapseError(400, "", Codes.MISSING_PARAM)
|
raise SynapseError(400, "", Codes.MISSING_PARAM)
|
||||||
new_password = body['new_password']
|
new_password = body['new_password']
|
||||||
|
|
||||||
self.login_handler.set_password(
|
yield self.login_handler.set_password(
|
||||||
user_id, new_password, client.token_id
|
user_id, new_password, client.token_id
|
||||||
)
|
)
|
||||||
|
|
||||||
defer.returnValue((200, {}))
|
defer.returnValue((200, {}))
|
||||||
|
|
||||||
|
def on_OPTIONS(self, _):
|
||||||
|
return 200, {}
|
||||||
|
|
||||||
|
|
||||||
def register_servlets(hs, http_server):
|
def register_servlets(hs, http_server):
|
||||||
PasswordRestServlet(hs).register(http_server)
|
PasswordRestServlet(hs).register(http_server)
|
||||||
|
|
|
@ -89,35 +89,41 @@ class RegistrationStore(SQLBaseStore):
|
||||||
"VALUES (?,?)", [txn.lastrowid, token])
|
"VALUES (?,?)", [txn.lastrowid, token])
|
||||||
|
|
||||||
def get_user_by_id(self, user_id):
|
def get_user_by_id(self, user_id):
|
||||||
query = ("SELECT users.name, users.password_hash FROM users"
|
query = ("SELECT users.id, users.name, users.password_hash FROM users"
|
||||||
" WHERE users.name = ?")
|
" WHERE users.name = ?")
|
||||||
return self._execute(
|
return self._execute(
|
||||||
"get_user_by_id", self.cursor_to_dict, query, user_id
|
"get_user_by_id", self.cursor_to_dict, query, user_id
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
def user_set_password_hash(self, user_id, password_hash):
|
def user_set_password_hash(self, user_id, password_hash):
|
||||||
"""
|
"""
|
||||||
NB. This does *not* evict any cache because the one use for this
|
NB. This does *not* evict any cache because the one use for this
|
||||||
removes most of the entries subsequently anyway so it would be
|
removes most of the entries subsequently anyway so it would be
|
||||||
pointless. Use flush_user separately.
|
pointless. Use flush_user separately.
|
||||||
"""
|
"""
|
||||||
return self._simple_update_one('users', {
|
yield self._simple_update_one('users', {
|
||||||
'name': user_id
|
'name': user_id
|
||||||
}, {
|
}, {
|
||||||
'password_hash': password_hash
|
'password_hash': password_hash
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
def user_delete_access_tokens_apart_from(self, user_id, token_id):
|
def user_delete_access_tokens_apart_from(self, user_id, token_id):
|
||||||
return self._execute(
|
rows = yield self.get_user_by_id(user_id)
|
||||||
|
if len(rows) == 0:
|
||||||
|
raise Exception("No such user!")
|
||||||
|
|
||||||
|
yield self._execute(
|
||||||
"delete_access_tokens_apart_from", None,
|
"delete_access_tokens_apart_from", None,
|
||||||
"DELETE FROM access_tokens WHERE user_id = ? AND id != ?",
|
"DELETE FROM access_tokens WHERE user_id = ? AND id != ?",
|
||||||
user_id, token_id
|
rows[0]['id'], token_id
|
||||||
)
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def flush_user(self, user_id):
|
def flush_user(self, user_id):
|
||||||
rows = yield self._execute(
|
rows = yield self._execute(
|
||||||
'user_delete_access_tokens_apart_from', None,
|
'flush_user', None,
|
||||||
"SELECT token FROM access_tokens WHERE user_id = ?",
|
"SELECT token FROM access_tokens WHERE user_id = ?",
|
||||||
user_id
|
user_id
|
||||||
)
|
)
|
||||||
|
|
Loading…
Add table
Reference in a new issue