Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Don't warn user about password reset disabling through config code (#…
Browse files Browse the repository at this point in the history
…5387)

Moves the warning about password resets being disabled to the point where a user actually tries to reset their password. Is this an appropriate place for it to happen?

Also removed the disabling of msisdn password resets when you don't have an email config, as that just doesn't make sense.

Also change the error a user receives upon disabled passwords to specify that only email-based password reset is disabled.
  • Loading branch information
anoadragon453 authored Jun 10, 2019
1 parent 94dac0f commit 2ddc135
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 10 deletions.
1 change: 1 addition & 0 deletions changelog.d/5387.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Warn about disabling email-based password resets when a reset occurs, and remove warning when someone attempts a phone-based reset.
11 changes: 5 additions & 6 deletions synapse/config/emailconfig.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,12 @@

# This file can't be called email.py because if it is, we cannot:
import email.utils
import logging
import os

import pkg_resources

from ._base import Config, ConfigError

logger = logging.getLogger(__name__)


class EmailConfig(Config):
def read_config(self, config):
Expand Down Expand Up @@ -85,10 +82,12 @@ def read_config(self, config):
self.email_password_reset_behaviour = (
"remote" if email_trust_identity_server_for_password_resets else "local"
)
self.password_resets_were_disabled_due_to_email_config = False
if self.email_password_reset_behaviour == "local" and email_config == {}:
logger.warn(
"User password resets have been disabled due to lack of email config"
)
# We cannot warn the user this has happened here
# Instead do so when a user attempts to reset their password
self.password_resets_were_disabled_due_to_email_config = True

self.email_password_reset_behaviour = "off"

# Get lifetime of a validation token in milliseconds
Expand Down
19 changes: 15 additions & 4 deletions synapse/rest/client/v2_alpha/account.py
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,13 @@ def __init__(self, hs):
@defer.inlineCallbacks
def on_POST(self, request):
if self.config.email_password_reset_behaviour == "off":
raise SynapseError(400, "Password resets have been disabled on this server")
if self.config.password_resets_were_disabled_due_to_email_config:
logger.warn(
"User password resets have been disabled due to lack of email config"
)
raise SynapseError(
400, "Email-based password resets have been disabled on this server",
)

body = parse_json_object_from_request(request)

Expand Down Expand Up @@ -196,9 +202,6 @@ def __init__(self, hs):

@defer.inlineCallbacks
def on_POST(self, request):
if not self.config.email_password_reset_behaviour == "off":
raise SynapseError(400, "Password resets have been disabled on this server")

body = parse_json_object_from_request(request)

assert_params_in_dict(body, [
Expand Down Expand Up @@ -251,6 +254,14 @@ def on_GET(self, request, medium):
400,
"This medium is currently not supported for password resets",
)
if self.config.email_password_reset_behaviour == "off":
if self.config.password_resets_were_disabled_due_to_email_config:
logger.warn(
"User password resets have been disabled due to lack of email config"
)
raise SynapseError(
400, "Email-based password resets have been disabled on this server",
)

sid = parse_string(request, "sid")
client_secret = parse_string(request, "client_secret")
Expand Down

0 comments on commit 2ddc135

Please sign in to comment.