Make deleting other access tokens when you change your password actually work

This commit is contained in:
David Baker 2015-03-24 15:33:48 +00:00
parent 78adccfaf4
commit d19e79ecc9
2 changed files with 15 additions and 6 deletions

View file

@ -65,12 +65,15 @@ class PasswordRestServlet(RestServlet):
raise SynapseError(400, "", Codes.MISSING_PARAM) raise SynapseError(400, "", Codes.MISSING_PARAM)
new_password = body['new_password'] new_password = body['new_password']
self.login_handler.set_password( yield self.login_handler.set_password(
user_id, new_password, client.token_id user_id, new_password, client.token_id
) )
defer.returnValue((200, {})) defer.returnValue((200, {}))
def on_OPTIONS(self, _):
return 200, {}
def register_servlets(hs, http_server): def register_servlets(hs, http_server):
PasswordRestServlet(hs).register(http_server) PasswordRestServlet(hs).register(http_server)

View file

@ -89,35 +89,41 @@ class RegistrationStore(SQLBaseStore):
"VALUES (?,?)", [txn.lastrowid, token]) "VALUES (?,?)", [txn.lastrowid, token])
def get_user_by_id(self, user_id): def get_user_by_id(self, user_id):
query = ("SELECT users.name, users.password_hash FROM users" query = ("SELECT users.id, users.name, users.password_hash FROM users"
" WHERE users.name = ?") " WHERE users.name = ?")
return self._execute( return self._execute(
"get_user_by_id", self.cursor_to_dict, query, user_id "get_user_by_id", self.cursor_to_dict, query, user_id
) )
@defer.inlineCallbacks
def user_set_password_hash(self, user_id, password_hash): def user_set_password_hash(self, user_id, password_hash):
""" """
NB. This does *not* evict any cache because the one use for this NB. This does *not* evict any cache because the one use for this
removes most of the entries subsequently anyway so it would be removes most of the entries subsequently anyway so it would be
pointless. Use flush_user separately. pointless. Use flush_user separately.
""" """
return self._simple_update_one('users', { yield self._simple_update_one('users', {
'name': user_id 'name': user_id
}, { }, {
'password_hash': password_hash 'password_hash': password_hash
}) })
@defer.inlineCallbacks
def user_delete_access_tokens_apart_from(self, user_id, token_id): def user_delete_access_tokens_apart_from(self, user_id, token_id):
return self._execute( rows = yield self.get_user_by_id(user_id)
if len(rows) == 0:
raise Exception("No such user!")
yield self._execute(
"delete_access_tokens_apart_from", None, "delete_access_tokens_apart_from", None,
"DELETE FROM access_tokens WHERE user_id = ? AND id != ?", "DELETE FROM access_tokens WHERE user_id = ? AND id != ?",
user_id, token_id rows[0]['id'], token_id
) )
@defer.inlineCallbacks @defer.inlineCallbacks
def flush_user(self, user_id): def flush_user(self, user_id):
rows = yield self._execute( rows = yield self._execute(
'user_delete_access_tokens_apart_from', None, 'flush_user', None,
"SELECT token FROM access_tokens WHERE user_id = ?", "SELECT token FROM access_tokens WHERE user_id = ?",
user_id user_id
) )