Password reset, finally.

This commit is contained in:
David Baker 2015-04-17 19:53:47 +01:00
parent 117f35ac4a
commit 8db6832db8
3 changed files with 38 additions and 7 deletions

View File

@ -195,12 +195,18 @@ class AuthHandler(BaseHandler):
def _check_email_identity(self, authdict, _): def _check_email_identity(self, authdict, _):
yield run_on_reactor() yield run_on_reactor()
if 'threepidCreds' not in authdict:
raise LoginError(400, "Missing threepidCreds", Codes.MISSING_PARAM)
threepidCreds = authdict['threepidCreds'] threepidCreds = authdict['threepidCreds']
identity_handler = self.hs.get_handlers().identity_handler identity_handler = self.hs.get_handlers().identity_handler
logger.debug("Getting validated threepid. threepidcreds: %r" % (threepidCreds,)) logger.info("Getting validated threepid. threepidcreds: %r" % (threepidCreds,))
threepid = yield identity_handler.threepid_from_creds(threepidCreds) threepid = yield identity_handler.threepid_from_creds(threepidCreds)
if not threepid:
raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)
threepid['threepidCreds'] = authdict['threepidCreds'] threepid['threepidCreds'] = authdict['threepidCreds']
defer.returnValue(threepid) defer.returnValue(threepid)

View File

@ -45,31 +45,42 @@ class PasswordRestServlet(RestServlet):
body = parse_json_dict_from_request(request) body = parse_json_dict_from_request(request)
authed, result, params = yield self.auth_handler.check_auth([ authed, result, params = yield self.auth_handler.check_auth([
[LoginType.PASSWORD] [LoginType.PASSWORD],
[LoginType.EMAIL_IDENTITY]
], body) ], body)
if not authed: if not authed:
defer.returnValue((401, result)) defer.returnValue((401, result))
auth_user = None user_id = None
if LoginType.PASSWORD in result: if LoginType.PASSWORD in result:
# if using password, they should also be logged in # if using password, they should also be logged in
auth_user, client = yield self.auth.get_user_by_req(request) auth_user, client = yield self.auth.get_user_by_req(request)
if auth_user.to_string() != result[LoginType.PASSWORD]: if auth_user.to_string() != result[LoginType.PASSWORD]:
raise LoginError(400, "", Codes.UNKNOWN) raise LoginError(400, "", Codes.UNKNOWN)
user_id = auth_user.to_string()
elif LoginType.EMAIL_IDENTITY in result:
threepid = result[LoginType.EMAIL_IDENTITY]
if 'medium' not in threepid or 'address' not in threepid:
raise SynapseError(500, "Malformed threepid")
# if using email, we must know about the email they're authing with!
threepid_user = yield self.hs.get_datastore().get_user_by_threepid(
threepid['medium'], threepid['address']
)
if not threepid_user:
raise SynapseError(404, "Email address not found", Codes.NOT_FOUND)
user_id = threepid_user
else: else:
logger.error("Auth succeeded but no known type!", result.keys()) logger.error("Auth succeeded but no known type!", result.keys())
raise SynapseError(500, "", Codes.UNKNOWN) raise SynapseError(500, "", Codes.UNKNOWN)
user_id = auth_user.to_string()
if 'new_password' not in params: if 'new_password' not in params:
raise SynapseError(400, "", Codes.MISSING_PARAM) raise SynapseError(400, "", Codes.MISSING_PARAM)
new_password = params['new_password'] new_password = params['new_password']
yield self.login_handler.set_password( yield self.login_handler.set_password(
user_id, new_password, client.token_id user_id, new_password, None
) )
defer.returnValue((200, {})) defer.returnValue((200, {}))

View File

@ -196,4 +196,18 @@ class RegistrationStore(SQLBaseStore):
['medium', 'address', 'validated_at', 'added_at'], ['medium', 'address', 'validated_at', 'added_at'],
'user_get_threepids' 'user_get_threepids'
) )
defer.returnValue(ret) defer.returnValue(ret)
@defer.inlineCallbacks
def get_user_by_threepid(self, medium, address):
ret = yield self._simple_select_one(
"user_threepids",
{
"medium": medium,
"address": address
},
['user'], True, 'get_user_by_threepid'
)
if ret:
defer.returnValue(ret['user'])
defer.returnValue(None)