Make deleting other access tokens when you change your password actually work

This commit is contained in:
David Baker 2015-03-24 15:33:48 +00:00
parent 78adccfaf4
commit d19e79ecc9
2 changed files with 15 additions and 6 deletions

View File

@ -65,12 +65,15 @@ class PasswordRestServlet(RestServlet):
raise SynapseError(400, "", Codes.MISSING_PARAM)
new_password = body['new_password']
self.login_handler.set_password(
yield self.login_handler.set_password(
user_id, new_password, client.token_id
)
defer.returnValue((200, {}))
def on_OPTIONS(self, _):
return 200, {}
def register_servlets(hs, http_server):
PasswordRestServlet(hs).register(http_server)

View File

@ -89,35 +89,41 @@ class RegistrationStore(SQLBaseStore):
"VALUES (?,?)", [txn.lastrowid, token])
def get_user_by_id(self, user_id):
query = ("SELECT users.name, users.password_hash FROM users"
query = ("SELECT users.id, users.name, users.password_hash FROM users"
" WHERE users.name = ?")
return self._execute(
"get_user_by_id", self.cursor_to_dict, query, user_id
)
@defer.inlineCallbacks
def user_set_password_hash(self, user_id, password_hash):
"""
NB. This does *not* evict any cache because the one use for this
removes most of the entries subsequently anyway so it would be
pointless. Use flush_user separately.
"""
return self._simple_update_one('users', {
yield self._simple_update_one('users', {
'name': user_id
}, {
'password_hash': password_hash
})
@defer.inlineCallbacks
def user_delete_access_tokens_apart_from(self, user_id, token_id):
return self._execute(
rows = yield self.get_user_by_id(user_id)
if len(rows) == 0:
raise Exception("No such user!")
yield self._execute(
"delete_access_tokens_apart_from", None,
"DELETE FROM access_tokens WHERE user_id = ? AND id != ?",
user_id, token_id
rows[0]['id'], token_id
)
@defer.inlineCallbacks
def flush_user(self, user_id):
rows = yield self._execute(
'user_delete_access_tokens_apart_from', None,
'flush_user', None,
"SELECT token FROM access_tokens WHERE user_id = ?",
user_id
)