Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Require a password for asking password auth providers about 3pids
Browse files Browse the repository at this point in the history
  • Loading branch information
anoadragon453 committed Jun 11, 2020
1 parent 1dde622 commit cc2576f
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 18 deletions.
28 changes: 11 additions & 17 deletions synapse/handlers/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -74,13 +74,6 @@ def client_dict_convert_legacy_fields_to_identifier(
del submission["user"]

if "medium" in submission and "address" in submission:
# "email" is the only accepted medium type
# TODO: This doesn't break UIA does it? Should this check be login-specific
if submission["medium"] != "email":
raise SynapseError(
400, "'medium' parameter must be 'email'", errcode=Codes.INVALID_PARAM
)

submission["identifier"] = {
"type": "m.id.thirdparty",
"medium": submission["medium"],
Expand Down Expand Up @@ -623,7 +616,7 @@ async def _check_auth_dict(
client_dict_convert_legacy_fields_to_identifier(authdict)

# Extract a user ID from the values in the identifier
username = await self.username_from_identifier(authdict["identifier"],)
username = await self.username_from_identifier(authdict["identifier"], password)

if username is None:
raise SynapseError(400, "Valid username not found")
Expand All @@ -634,7 +627,7 @@ async def _check_auth_dict(
return canonical_id

async def username_from_identifier(
self, identifier: Dict[str, str]
self, identifier: Dict[str, str], password: Optional[str] = None
) -> Optional[str]:
"""Given a dictionary containing an identifier from a client, extract the
possibly unqualified username of the user that it identifies. Does *not*
Expand All @@ -646,6 +639,8 @@ async def username_from_identifier(
Args:
identifier: The identifier dictionary provided by the client
password: The user provided password if one exists. Used for asking
password auth providers for usernames from 3pid+password combos.
Returns:
A username if one was found, or None otherwise
Expand Down Expand Up @@ -679,14 +674,13 @@ async def username_from_identifier(
address = address.lower()

# Check for auth providers that support 3pid login types
canonical_user_id, _ = await self.check_password_provider_3pid(
medium,
address,
identifier["password"], # TODO: Wait, we don't have a password...
)
if canonical_user_id:
# Authentication through password provider and 3pid succeeded
return canonical_user_id
if password is not None:
canonical_user_id, _ = await self.check_password_provider_3pid(
medium, address, password,
)
if canonical_user_id:
# Authentication through password provider and 3pid succeeded
return canonical_user_id

# Check local store
user_id = await self.hs.get_datastore().get_user_id_by_threepid(
Expand Down
2 changes: 1 addition & 1 deletion synapse/rest/client/v1/login.py
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,7 @@ async def _do_other_login(self, login_submission):

# Extract a localpart or user ID from the values in the identifier
username = await self.auth_handler.username_from_identifier(
login_submission["identifier"],
login_submission["identifier"], login_submission.get("password")
)

if not username:
Expand Down

0 comments on commit cc2576f

Please sign in to comment.