Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-05-03 00:54:47 -04:00
Code Issues Projects Releases Packages Wiki Activity

Always require users to re-authenticate for dangerous operations. (#10184)

Browse source 
Dangerous actions means deactivating an account, modifying an account
password, or adding a 3PID.

Other actions (deleting devices, uploading keys) can re-use the same UI
auth session if ui_auth.session_timeout is configured.
This commit is contained in:
Patrick Cloke 2021-06-16 11:07:28 -04:00 committed by GitHub
parent b8b282aa32
commit 76f9c701c3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 24 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
synapse/rest/client/v2_alpha/keys.py
View file

@ -277,6 +277,9 @@ class SigningKeyUploadServlet(RestServlet):
request,
body,
"add a device signing key to your account",
# Allow skipping of UI auth since this is frequently called directly
# after login and it is silly to ask users to re-auth immediately.
can_skip_ui_auth=True,
)
result = await self.e2e_keys_handler.upload_signing_keys_for_user(user_id, body)