Consistently check whether a password may be set for a user. (#9636)

2025-11-13 08:00:49 -05:00 · 2021-03-18 17:54:08 +01:00 · 2021-03-18 17:54:08 +01:00 · 8dd2ea65a9
commit 8dd2ea65a9
parent dd71eb0f8a
5 changed files with 133 additions and 68 deletions
--- a/synapse/handlers/set_password.py
+++ b/synapse/handlers/set_password.py
@ -41,7 +41,7 @@ class SetPasswordHandler(BaseHandler):
        logout_devices: bool,
        requester: Optional[Requester] = None,
    ) -> None:
-        if not self.hs.config.password_localdb_enabled:
+        if not self._auth_handler.can_change_password():
            raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)

        try:
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@ -271,7 +271,7 @@ class UserRestServletV2(RestServlet):
                elif not deactivate and user["deactivated"]:
                    if (
                        "password" not in body
-                        and self.hs.config.password_localdb_enabled
+                        and self.auth_handler.can_change_password()
                    ):
                        raise SynapseError(
                            400, "Must provide a password to re-activate an account."
--- a/synapse/storage/databases/main/registration.py
+++ b/synapse/storage/databases/main/registration.py
@ -1210,6 +1210,7 @@ class RegistrationBackgroundUpdateStore(RegistrationWorkerStore):
        self._invalidate_cache_and_stream(
            txn, self.get_user_deactivated_status, (user_id,)
        )
+        self._invalidate_cache_and_stream(txn, self.get_user_by_id, (user_id,))
        txn.call_after(self.is_guest.invalidate, (user_id,))

    @cached()