forked-synapse/synapse/handlers/set_password.py

# Copyright 2017 New Vector Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
from typing import TYPE_CHECKING, Optional

from synapse.api.errors import Codes, StoreError, SynapseError
from synapse.handlers.device import DeviceHandler
from synapse.types import Requester

if TYPE_CHECKING:
    from synapse.server import HomeServer

logger = logging.getLogger(__name__)


class SetPasswordHandler:
    """Handler which deals with changing user account passwords"""

    def __init__(self, hs: "HomeServer"):
        self.store = hs.get_datastores().main
        self._auth_handler = hs.get_auth_handler()
        # This can only be instantiated on the main process.
        device_handler = hs.get_device_handler()
        assert isinstance(device_handler, DeviceHandler)
        self._device_handler = device_handler

    async def set_password(
        self,
        user_id: str,
        password_hash: str,
        logout_devices: bool,
        requester: Optional[Requester] = None,
    ) -> None:
        if not self._auth_handler.can_change_password():
            raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)

        try:
            await self.store.user_set_password_hash(user_id, password_hash)
        except StoreError as e:
            if e.code == 404:
                raise SynapseError(404, "Unknown user", Codes.NOT_FOUND)
            raise e

        # Optionally, log out all of the user's other sessions.
        if logout_devices:
            except_device_id = requester.device_id if requester else None
            except_access_token_id = requester.access_token_id if requester else None

            # First delete all of their other devices.
            await self._device_handler.delete_all_devices_for_user(
                user_id, except_device_id=except_device_id
            )

            # and now delete any access tokens which weren't associated with
            # devices (or were associated with this device).
            await self._auth_handler.delete_access_tokens_for_user(
                user_id, except_token_id=except_access_token_id
            )
Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00			`# Copyright 2017 New Vector Ltd`
			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`
			`import logging`
Add type hints to various handlers. (#9223) With this change all handlers except the e2e_* ones have type hints enabled. 2021-01-26 10:50:21 -05:00			`from typing import TYPE_CHECKING, Optional`
Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00
			`from synapse.api.errors import Codes, StoreError, SynapseError`
Add a type hint for `get_device_handler()` and fix incorrect types. (#14055) This was the last untyped handler from the HomeServer object. Since it was being treated as Any (and thus unchecked) it was being used incorrectly in a few places. 2022-11-22 14:08:04 -05:00			`from synapse.handlers.device import DeviceHandler`
Add an option to the set password API to choose whether to logout other devices. (#7085) 2020-03-18 07:50:00 -04:00			`from synapse.types import Requester`
run isort 2018-07-09 02:09:20 -04:00
Add type hints to various handlers. (#9223) With this change all handlers except the e2e_* ones have type hints enabled. 2021-01-26 10:50:21 -05:00			`if TYPE_CHECKING:`
Import HomeServer from the proper module. (#9665) 2021-03-23 07:12:48 -04:00			`from synapse.server import HomeServer`
Add type hints to various handlers. (#9223) With this change all handlers except the e2e_* ones have type hints enabled. 2021-01-26 10:50:21 -05:00
Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00			`logger = logging.getLogger(__name__)`


Remove the deprecated BaseHandler. (#11005) The shared ratelimit function was replaced with a dedicated RequestRatelimiter class (accessible from the HomeServer object). Other properties were copied to each sub-class that inherited from BaseHandler. 2021-10-08 07:44:43 -04:00			`class SetPasswordHandler:`
Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00			`"""Handler which deals with changing user account passwords"""`
Run Black. (#5482) 2019-06-20 05:32:02 -04:00
Add type hints to various handlers. (#9223) With this change all handlers except the e2e_* ones have type hints enabled. 2021-01-26 10:50:21 -05:00			`def __init__(self, hs: "HomeServer"):`
Remove `HomeServer.get_datastore()` (#12031) The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733 2022-02-23 06:04:02 -05:00			`self.store = hs.get_datastores().main`
Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00			`self._auth_handler = hs.get_auth_handler()`
Add a type hint for `get_device_handler()` and fix incorrect types. (#14055) This was the last untyped handler from the HomeServer object. Since it was being treated as Any (and thus unchecked) it was being used incorrectly in a few places. 2022-11-22 14:08:04 -05:00			`# This can only be instantiated on the main process.`
			`device_handler = hs.get_device_handler()`
			`assert isinstance(device_handler, DeviceHandler)`
			`self._device_handler = device_handler`
Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00
Convert auth handler to async/await (#7261) 2020-04-15 12:40:18 -04:00			`async def set_password(`
Add an option to the set password API to choose whether to logout other devices. (#7085) 2020-03-18 07:50:00 -04:00			`self,`
			`user_id: str,`
Hash passwords earlier in the password reset process (#7538) This now matches the logic of the registration process as modified in 56db0b1365965c02ff539193e26c333b7f70d101 / #7523. 2020-05-20 09:48:03 -04:00			`password_hash: str,`
Add an option to the set password API to choose whether to logout other devices. (#7085) 2020-03-18 07:50:00 -04:00			`logout_devices: bool,`
			`requester: Optional[Requester] = None,`
Add type hints to various handlers. (#9223) With this change all handlers except the e2e_* ones have type hints enabled. 2021-01-26 10:50:21 -05:00			`) -> None:`
Consistently check whether a password may be set for a user. (#9636) 2021-03-18 12:54:08 -04:00			`if not self._auth_handler.can_change_password():`
Added possibilty to disable local password authentication (#5092) Signed-off-by: Daniel Hoffend <dh@dotlan.net> 2019-06-27 13:37:29 -04:00			`raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)`

Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00			`try:`
Convert auth handler to async/await (#7261) 2020-04-15 12:40:18 -04:00			`await self.store.user_set_password_hash(user_id, password_hash)`
Move set_password into its own handler Non-functional refactoring to move set_password. This means that we'll be able to properly deactivate devices and access tokens without introducing a dependency loop. 2017-11-29 09:10:46 -05:00			`except StoreError as e:`
			`if e.code == 404:`
			`raise SynapseError(404, "Unknown user", Codes.NOT_FOUND)`
			`raise e`
Delete devices in various logout situations Make sure that we delete devices whenever a user is logged out due to any of the following situations: * /logout * /logout_all * change password * deactivate account (by the user or by an admin) * invalidate access token from a dynamic module Fixes #2672. 2017-11-29 10:44:59 -05:00
Add an option to the set password API to choose whether to logout other devices. (#7085) 2020-03-18 07:50:00 -04:00			`# Optionally, log out all of the user's other sessions.`
			`if logout_devices:`
			`except_device_id = requester.device_id if requester else None`
			`except_access_token_id = requester.access_token_id if requester else None`

			`# First delete all of their other devices.`
Convert auth handler to async/await (#7261) 2020-04-15 12:40:18 -04:00			`await self._device_handler.delete_all_devices_for_user(`
Add an option to the set password API to choose whether to logout other devices. (#7085) 2020-03-18 07:50:00 -04:00			`user_id, except_device_id=except_device_id`
			`)`

			`# and now delete any access tokens which weren't associated with`
			`# devices (or were associated with this device).`
Convert auth handler to async/await (#7261) 2020-04-15 12:40:18 -04:00			`await self._auth_handler.delete_access_tokens_for_user(`
Add an option to the set password API to choose whether to logout other devices. (#7085) 2020-03-18 07:50:00 -04:00			`user_id, except_token_id=except_access_token_id`
			`)`