|
@@ -13,10 +13,12 @@
|
|
|
# See the License for the specific language governing permissions and
|
|
|
# limitations under the License.
|
|
|
import logging
|
|
|
+from typing import Optional
|
|
|
|
|
|
from twisted.internet import defer
|
|
|
|
|
|
from synapse.api.errors import Codes, StoreError, SynapseError
|
|
|
+from synapse.types import Requester
|
|
|
|
|
|
from ._base import BaseHandler
|
|
|
|
|
@@ -32,14 +34,17 @@ class SetPasswordHandler(BaseHandler):
|
|
|
self._device_handler = hs.get_device_handler()
|
|
|
|
|
|
@defer.inlineCallbacks
|
|
|
- def set_password(self, user_id, newpassword, requester=None):
|
|
|
+ def set_password(
|
|
|
+ self,
|
|
|
+ user_id: str,
|
|
|
+ new_password: str,
|
|
|
+ logout_devices: bool,
|
|
|
+ requester: Optional[Requester] = None,
|
|
|
+ ):
|
|
|
if not self.hs.config.password_localdb_enabled:
|
|
|
raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)
|
|
|
|
|
|
- password_hash = yield self._auth_handler.hash(newpassword)
|
|
|
-
|
|
|
- except_device_id = requester.device_id if requester else None
|
|
|
- except_access_token_id = requester.access_token_id if requester else None
|
|
|
+ password_hash = yield self._auth_handler.hash(new_password)
|
|
|
|
|
|
try:
|
|
|
yield self.store.user_set_password_hash(user_id, password_hash)
|
|
@@ -48,14 +53,18 @@ class SetPasswordHandler(BaseHandler):
|
|
|
raise SynapseError(404, "Unknown user", Codes.NOT_FOUND)
|
|
|
raise e
|
|
|
|
|
|
- # we want to log out all of the user's other sessions. First delete
|
|
|
- # all his other devices.
|
|
|
- yield self._device_handler.delete_all_devices_for_user(
|
|
|
- user_id, except_device_id=except_device_id
|
|
|
- )
|
|
|
-
|
|
|
- # and now delete any access tokens which weren't associated with
|
|
|
- # devices (or were associated with this device).
|
|
|
- yield self._auth_handler.delete_access_tokens_for_user(
|
|
|
- user_id, except_token_id=except_access_token_id
|
|
|
- )
|
|
|
+ # Optionally, log out all of the user's other sessions.
|
|
|
+ if logout_devices:
|
|
|
+ except_device_id = requester.device_id if requester else None
|
|
|
+ except_access_token_id = requester.access_token_id if requester else None
|
|
|
+
|
|
|
+ # First delete all of their other devices.
|
|
|
+ yield self._device_handler.delete_all_devices_for_user(
|
|
|
+ user_id, except_device_id=except_device_id
|
|
|
+ )
|
|
|
+
|
|
|
+ # and now delete any access tokens which weren't associated with
|
|
|
+ # devices (or were associated with this device).
|
|
|
+ yield self._auth_handler.delete_access_tokens_for_user(
|
|
|
+ user_id, except_token_id=except_access_token_id
|
|
|
+ )
|