Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-06-25 01:30:27 -04:00
Code Issues Projects Releases Packages Wiki Activity

Hash passwords earlier in the password reset process (#7538)

Browse source 
This now matches the logic of the registration process as modified in
56db0b1365 / #7523.
This commit is contained in:
Patrick Cloke 2020-05-20 09:48:03 -04:00 committed by GitHub
parent 4fa74c7606
commit 9dc6f3075a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 33 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

4
synapse/rest/client/v2_alpha/register.py
View file

@ -431,8 +431,8 @@ class RegisterRestServlet(RestServlet):
raise SynapseError(400, "Invalid password")
self.password_policy_handler.validate_password(password)
# If the password is valid, hash it and store it back on the request.
# This ensures the hashed password is handled everywhere.
# If the password is valid, hash it and store it back on the body.
# This ensures that only the hashed password is handled everywhere.
if "password_hash" in body:
raise SynapseError(400, "Unexpected property: password_hash")
body["password_hash"] = await self.auth_handler.hash(password)