Return m.change_password.enabled=false if local database is disabled (#9588)

Instead of if the user does not have a password hash. This allows a SSO user to add a password to their account, but only if the local password database is configured.
2025-07-24 02:40:35 -04:00 · 2021-03-16 16:44:25 +01:00 · 2021-03-16 16:44:25 +01:00 · 8000cf1315
commit 8000cf1315
parent e3bc0e6f7c
4 changed files with 58 additions and 15 deletions
--- a/tests/rest/client/v2_alpha/test_capabilities.py
+++ b/tests/rest/client/v2_alpha/test_capabilities.py
@ -18,6 +18,7 @@ from synapse.rest.client.v1 import login
 from synapse.rest.client.v2_alpha import capabilities

 from tests import unittest
+from tests.unittest import override_config


 class CapabilitiesTestCase(unittest.HomeserverTestCase):
@ -33,6 +34,7 @@ class CapabilitiesTestCase(unittest.HomeserverTestCase):
        hs = self.setup_test_homeserver()
        self.store = hs.get_datastore()
        self.config = hs.config
+        self.auth_handler = hs.get_auth_handler()
        return hs

    def test_check_auth_required(self):
@ -56,7 +58,7 @@ class CapabilitiesTestCase(unittest.HomeserverTestCase):
            capabilities["m.room_versions"]["default"],
        )

-    def test_get_change_password_capabilities(self):
+    def test_get_change_password_capabilities_password_login(self):
        localpart = "user"
        password = "pass"
        user = self.register_user(localpart, password)
@ -66,10 +68,36 @@ class CapabilitiesTestCase(unittest.HomeserverTestCase):
        capabilities = channel.json_body["capabilities"]

        self.assertEqual(channel.code, 200)
-
-        # Test case where password is handled outside of Synapse
        self.assertTrue(capabilities["m.change_password"]["enabled"])
-        self.get_success(self.store.user_set_password_hash(user, None))
+
+    @override_config({"password_config": {"localdb_enabled": False}})
+    def test_get_change_password_capabilities_localdb_disabled(self):
+        localpart = "user"
+        password = "pass"
+        user = self.register_user(localpart, password)
+        access_token = self.get_success(
+            self.auth_handler.get_access_token_for_user_id(
+                user, device_id=None, valid_until_ms=None
+            )
+        )
+
+        channel = self.make_request("GET", self.url, access_token=access_token)
+        capabilities = channel.json_body["capabilities"]
+
+        self.assertEqual(channel.code, 200)
+        self.assertFalse(capabilities["m.change_password"]["enabled"])
+
+    @override_config({"password_config": {"enabled": False}})
+    def test_get_change_password_capabilities_password_disabled(self):
+        localpart = "user"
+        password = "pass"
+        user = self.register_user(localpart, password)
+        access_token = self.get_success(
+            self.auth_handler.get_access_token_for_user_id(
+                user, device_id=None, valid_until_ms=None
+            )
+        )
+
        channel = self.make_request("GET", self.url, access_token=access_token)
        capabilities = channel.json_body["capabilities"]