Merge pull request #641 from matrix-org/dbkr/fix_change_password

Fix logout on password change
This commit is contained in:
Erik Johnston 2016-03-11 14:48:20 +00:00
commit b5afe6bc38
4 changed files with 32 additions and 30 deletions

View File

@ -432,13 +432,18 @@ class AuthHandler(BaseHandler):
) )
@defer.inlineCallbacks @defer.inlineCallbacks
def set_password(self, user_id, newpassword): def set_password(self, user_id, newpassword, requester=None):
password_hash = self.hash(newpassword) password_hash = self.hash(newpassword)
except_access_token_ids = [requester.access_token_id] if requester else []
yield self.store.user_set_password_hash(user_id, password_hash) yield self.store.user_set_password_hash(user_id, password_hash)
yield self.store.user_delete_access_tokens(user_id) yield self.store.user_delete_access_tokens(
yield self.hs.get_pusherpool().remove_pushers_by_user(user_id) user_id, except_access_token_ids
yield self.store.flush_user(user_id) )
yield self.hs.get_pusherpool().remove_pushers_by_user(
user_id, except_access_token_ids
)
@defer.inlineCallbacks @defer.inlineCallbacks
def add_threepid(self, user_id, medium, address, validated_at): def add_threepid(self, user_id, medium, address, validated_at):

View File

@ -92,14 +92,14 @@ class PusherPool:
yield self.remove_pusher(p['app_id'], p['pushkey'], p['user_name']) yield self.remove_pusher(p['app_id'], p['pushkey'], p['user_name'])
@defer.inlineCallbacks @defer.inlineCallbacks
def remove_pushers_by_user(self, user_id): def remove_pushers_by_user(self, user_id, except_token_ids=[]):
all = yield self.store.get_all_pushers() all = yield self.store.get_all_pushers()
logger.info( logger.info(
"Removing all pushers for user %s", "Removing all pushers for user %s except access tokens ids %r",
user_id, user_id, except_token_ids
) )
for p in all: for p in all:
if p['user_name'] == user_id: if p['user_name'] == user_id and p['access_token'] not in except_token_ids:
logger.info( logger.info(
"Removing pusher for app id %s, pushkey %s, user %s", "Removing pusher for app id %s, pushkey %s, user %s",
p['app_id'], p['pushkey'], p['user_name'] p['app_id'], p['pushkey'], p['user_name']

View File

@ -79,7 +79,7 @@ class PasswordRestServlet(RestServlet):
new_password = params['new_password'] new_password = params['new_password']
yield self.auth_handler.set_password( yield self.auth_handler.set_password(
user_id, new_password user_id, new_password, requester
) )
defer.returnValue((200, {})) defer.returnValue((200, {}))

View File

@ -195,27 +195,24 @@ class RegistrationStore(SQLBaseStore):
}) })
@defer.inlineCallbacks @defer.inlineCallbacks
def user_delete_access_tokens(self, user_id): def user_delete_access_tokens(self, user_id, except_token_ids):
yield self.runInteraction( def f(txn):
"user_delete_access_tokens",
self._user_delete_access_tokens, user_id
)
def _user_delete_access_tokens(self, txn, user_id):
txn.execute( txn.execute(
"DELETE FROM access_tokens WHERE user_id = ?", "SELECT id, token FROM access_tokens "
(user_id, ) "WHERE user_id = ? AND id not in LIMIT 50",
) (user_id, except_token_ids)
@defer.inlineCallbacks
def flush_user(self, user_id):
rows = yield self._execute(
'flush_user', None,
"SELECT token FROM access_tokens WHERE user_id = ?",
user_id
) )
rows = txn.fetchall()
for r in rows: for r in rows:
self.get_user_by_access_token.invalidate((r,)) txn.call_after(self.get_user_by_access_token.invalidate, (r[1],))
txn.execute(
"DELETE FROM access_tokens WHERE id in (%s)" % ",".join(
["?" for _ in rows]
), [r[0] for r in rows]
)
return len(rows) == 50
while (yield self.runInteraction("user_delete_access_tokens", f)):
pass
@cached() @cached()
def get_user_by_access_token(self, token): def get_user_by_access_token(self, token):