Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-01-06 18:07:54 -05:00
Code Issues Packages Projects Releases Wiki Activity

Added possibilty to disable local password authentication (#5092)

Browse Source 
Signed-off-by: Daniel Hoffend <dh@dotlan.net>
This commit is contained in:
Daniel Hoffend 2019-06-27 19:37:29 +02:00 committed by Richard van der Hoff
parent 457b8e4c4d
commit 9646a593ac
5 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/5092.feature Normal file
View File

@ -0,0 +1 @@
Added possibilty to disable local password authentication. Contributed by Daniel Hoffend.

6
docs/sample_config.yaml
View File

@ -1046,6 +1046,12 @@ password_config:
# #
#enabled: false #enabled: false
# Uncomment to disable authentication against the local password
# database. This is ignored if `enabled` is false, and is only useful
# if you have other password_providers.
#
#localdb_enabled: false
# Uncomment and change to a secret random string for extra security. # Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP! # DO NOT CHANGE THIS AFTER INITIAL SETUP!
# #

7
synapse/config/password.py
View File

@ -26,6 +26,7 @@ class PasswordConfig(Config):
password_config = {} password_config = {}
self.password_enabled = password_config.get("enabled", True) self.password_enabled = password_config.get("enabled", True)
self.password_localdb_enabled = password_config.get("localdb_enabled", True)
self.password_pepper = password_config.get("pepper", "") self.password_pepper = password_config.get("pepper", "")
def generate_config_section(self, config_dir_path, server_name, **kwargs): def generate_config_section(self, config_dir_path, server_name, **kwargs):
@ -35,6 +36,12 @@ class PasswordConfig(Config):
# #
#enabled: false #enabled: false
# Uncomment to disable authentication against the local password
# database. This is ignored if `enabled` is false, and is only useful
# if you have other password_providers.
#
#localdb_enabled: false
# Uncomment and change to a secret random string for extra security. # Uncomment and change to a secret random string for extra security.
# DO NOT CHANGE THIS AFTER INITIAL SETUP! # DO NOT CHANGE THIS AFTER INITIAL SETUP!
# #

2
synapse/handlers/auth.py
View File

@ -743,7 +743,7 @@ class AuthHandler(BaseHandler):
result = (result, None) result = (result, None)
defer.returnValue(result) defer.returnValue(result)
if login_type == LoginType.PASSWORD: if login_type == LoginType.PASSWORD and self.hs.config.password_localdb_enabled:
known_login_type = True known_login_type = True
canonical_user_id = yield self._check_local_password( canonical_user_id = yield self._check_local_password(

3
synapse/handlers/set_password.py
View File

@ -33,6 +33,9 @@ class SetPasswordHandler(BaseHandler):
@defer.inlineCallbacks @defer.inlineCallbacks
def set_password(self, user_id, newpassword, requester=None): def set_password(self, user_id, newpassword, requester=None):
if not self.hs.config.password_localdb_enabled:
raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)
password_hash = yield self._auth_handler.hash(newpassword) password_hash = yield self._auth_handler.hash(newpassword)
except_device_id = requester.device_id if requester else None except_device_id = requester.device_id if requester else None