Minor fixes to user admin api (#6761)

* don't insist on a password (this is valid if you have an SSO login)
* fix reference to undefined `requester`
This commit is contained in:
Richard van der Hoff 2020-01-23 12:03:58 +00:00 committed by GitHub
parent 04345338e1
commit 5bd3cb7260
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 9 deletions

1
changelog.d/6761.bugfix Normal file
View File

@ -0,0 +1 @@
Minor fixes to `PUT /_synapse/admin/v2/users` admin api.

View File

@ -153,7 +153,8 @@ class UserRestServletV2(RestServlet):
return 200, ret return 200, ret
async def on_PUT(self, request, user_id): async def on_PUT(self, request, user_id):
await assert_requester_is_admin(self.auth, request) requester = await self.auth.get_user_by_req(request)
await assert_user_is_admin(self.auth, requester.user)
target_user = UserID.from_string(user_id) target_user = UserID.from_string(user_id)
body = parse_json_object_from_request(request) body = parse_json_object_from_request(request)
@ -164,8 +165,6 @@ class UserRestServletV2(RestServlet):
user = await self.admin_handler.get_user(target_user) user = await self.admin_handler.get_user(target_user)
if user: # modify user if user: # modify user
requester = await self.auth.get_user_by_req(request)
if "displayname" in body: if "displayname" in body:
await self.profile_handler.set_displayname( await self.profile_handler.set_displayname(
target_user, requester, body["displayname"], True target_user, requester, body["displayname"], True
@ -212,11 +211,8 @@ class UserRestServletV2(RestServlet):
return 200, user return 200, user
else: # create user else: # create user
if "password" not in body: password = body.get("password")
raise SynapseError( if password is not None and (
400, "password must be specified", errcode=Codes.BAD_JSON
)
elif (
not isinstance(body["password"], text_type) not isinstance(body["password"], text_type)
or len(body["password"]) > 512 or len(body["password"]) > 512
): ):
@ -231,7 +227,7 @@ class UserRestServletV2(RestServlet):
user_id = await self.registration_handler.register_user( user_id = await self.registration_handler.register_user(
localpart=target_user.localpart, localpart=target_user.localpart,
password=body["password"], password=password,
admin=bool(admin), admin=bool(admin),
default_display_name=displayname, default_display_name=displayname,
user_type=user_type, user_type=user_type,