Require a password for asking password auth providers about 3pids

matrix-org · Jun 11, 2020 · cc02e3c · cc02e3c
1 parent 1dde622
commit cc02e3c
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 11 deletions.
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
@@ -623,7 +623,7 @@ async def _check_auth_dict(
         client_dict_convert_legacy_fields_to_identifier(authdict)
 
         # Extract a user ID from the values in the identifier
-        username = await self.username_from_identifier(authdict["identifier"],)
+        username = await self.username_from_identifier(authdict["identifier"], password)
 
         if username is None:
             raise SynapseError(400, "Valid username not found")
@@ -634,7 +634,7 @@ async def _check_auth_dict(
         return canonical_id
 
     async def username_from_identifier(
-        self, identifier: Dict[str, str]
+        self, identifier: Dict[str, str], password: Optional[str] = None
     ) -> Optional[str]:
         """Given a dictionary containing an identifier from a client, extract the
         possibly unqualified username of the user that it identifies. Does *not*
@@ -646,6 +646,8 @@ async def username_from_identifier(
 
         Args:
             identifier: The identifier dictionary provided by the client
+            password: The user provided password if one exists. Used for asking
+                password auth providers for usernames from 3pid+password combos.
 
         Returns:
             A username if one was found, or None otherwise
@@ -679,14 +681,15 @@ async def username_from_identifier(
                 address = address.lower()
 
             # Check for auth providers that support 3pid login types
-            canonical_user_id, _ = await self.check_password_provider_3pid(
-                medium,
-                address,
-                identifier["password"],  # TODO: Wait, we don't have a password...
-            )
-            if canonical_user_id:
-                # Authentication through password provider and 3pid succeeded
-                return canonical_user_id
+            if password is not None:
+                canonical_user_id, _ = await self.check_password_provider_3pid(
+                    medium,
+                    address,
+                    password,
+                )
+                if canonical_user_id:
+                    # Authentication through password provider and 3pid succeeded
+                    return canonical_user_id
 
             # Check local store
             user_id = await self.hs.get_datastore().get_user_id_by_threepid(

diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py
@@ -156,7 +156,7 @@ async def _do_other_login(self, login_submission):
 
         # Extract a localpart or user ID from the values in the identifier
         username = await self.auth_handler.username_from_identifier(
-            login_submission["identifier"],
+            login_submission["identifier"], login_submission.get("password")
         )
 
         if not username: