Support SAML in the user interactive authentication workflow. (#7102)

2025-05-02 10:56:06 -04:00 · 2020-04-01 08:48:00 -04:00 · 2020-04-01 08:48:00 -04:00 · b9930d24a0
commit b9930d24a0
parent 468dcc767b
11 changed files with 227 additions and 44 deletions
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@ -234,7 +234,11 @@ class PasswordRestServlet(RestServlet):
        if self.auth.has_access_token(request):
            requester = await self.auth.get_user_by_req(request)
            params = await self.auth_handler.validate_user_via_ui_auth(
-                requester, request, body, self.hs.get_ip_from_request(request),
+                requester,
+                request,
+                body,
+                self.hs.get_ip_from_request(request),
+                "modify your account password",
            )
            user_id = requester.user.to_string()
        else:
@ -244,6 +248,7 @@ class PasswordRestServlet(RestServlet):
                request,
                body,
                self.hs.get_ip_from_request(request),
+                "modify your account password",
            )

            if LoginType.EMAIL_IDENTITY in result:
@ -311,7 +316,11 @@ class DeactivateAccountRestServlet(RestServlet):
            return 200, {}

        await self.auth_handler.validate_user_via_ui_auth(
-            requester, request, body, self.hs.get_ip_from_request(request),
+            requester,
+            request,
+            body,
+            self.hs.get_ip_from_request(request),
+            "deactivate your account",
        )
        result = await self._deactivate_account_handler.deactivate_account(
            requester.user.to_string(), erase, id_server=body.get("id_server")
@ -669,7 +678,11 @@ class ThreepidAddRestServlet(RestServlet):
        assert_valid_client_secret(client_secret)

        await self.auth_handler.validate_user_via_ui_auth(
-            requester, request, body, self.hs.get_ip_from_request(request),
+            requester,
+            request,
+            body,
+            self.hs.get_ip_from_request(request),
+            "add a third-party identifier to your account",
        )

        validation_session = await self.identity_handler.validate_threepid_session(