mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-10-01 11:49:51 -04:00
Work around email-spamming Riot bug
5d9546f9
introduced a change to synapse behaviour, in that failures in the
interactive-auth process would return the flows and params data as well as an
error code (as specced in https://github.com/matrix-org/matrix-doc/pull/397).
That change exposed a bug in Riot which would make it request a new validation
token (and send a new email) each time it got a 401 with a `flows` parameter
(see https://github.com/vector-im/vector-web/issues/2447 and the fix at
https://github.com/matrix-org/matrix-react-sdk/pull/510).
To preserve compatibility with broken versions of Riot, grandfather in the old
behaviour for the email validation stage.
This commit is contained in:
parent
8681aff4f1
commit
fa74fcf512
@ -150,14 +150,25 @@ class AuthHandler(BaseHandler):
|
|||||||
# check auth type currently being presented
|
# check auth type currently being presented
|
||||||
errordict = {}
|
errordict = {}
|
||||||
if 'type' in authdict:
|
if 'type' in authdict:
|
||||||
if authdict['type'] not in self.checkers:
|
login_type = authdict['type']
|
||||||
|
if login_type not in self.checkers:
|
||||||
raise LoginError(400, "", Codes.UNRECOGNIZED)
|
raise LoginError(400, "", Codes.UNRECOGNIZED)
|
||||||
try:
|
try:
|
||||||
result = yield self.checkers[authdict['type']](authdict, clientip)
|
result = yield self.checkers[login_type](authdict, clientip)
|
||||||
if result:
|
if result:
|
||||||
creds[authdict['type']] = result
|
creds[login_type] = result
|
||||||
self._save_session(session)
|
self._save_session(session)
|
||||||
except LoginError, e:
|
except LoginError, e:
|
||||||
|
if login_type == LoginType.EMAIL_IDENTITY:
|
||||||
|
# riot used to have a bug where it would request a new
|
||||||
|
# validation token (thus sending a new email) each time it
|
||||||
|
# got a 401 with a 'flows' field.
|
||||||
|
# (https://github.com/vector-im/vector-web/issues/2447).
|
||||||
|
#
|
||||||
|
# Grandfather in the old behaviour for now to avoid
|
||||||
|
# breaking old riot deployments.
|
||||||
|
raise e
|
||||||
|
|
||||||
# this step failed. Merge the error dict into the response
|
# this step failed. Merge the error dict into the response
|
||||||
# so that the client can have another go.
|
# so that the client can have another go.
|
||||||
errordict = e.error_dict()
|
errordict = e.error_dict()
|
||||||
|
Loading…
Reference in New Issue
Block a user