Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Return a different error from Invalid Password when a user is deactivated #5674

Merged
merged 4 commits into from
Jul 15, 2019
Merged

Return a different error from Invalid Password when a user is deactivated #5674

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1527ef5
Return a different error from Invalid Password when a user is deactiv…
anoadragon453 Jul 12, 2019
be093b6
Add changelog
anoadragon453 Jul 12, 2019
ba5a909
lint
anoadragon453 Jul 12, 2019
4111739
Remove redundant error_dict
anoadragon453 Jul 15, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/5674.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Return "This account has been deactivated" when a deactivated user tries to login.
16 changes: 16 additions & 0 deletions synapse/api/errors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,22 @@ def error_dict(self):
return cs_error(self.msg, self.errcode, consent_uri=self._consent_uri)


class UserDeactivatedError(SynapseError):
"""The error returned to the client when the user attempted to access an
authenticated endpoint, but the account has been deactivated.
"""

def __init__(self, msg):
"""Constructs a UserDeactivatedError

Args:
msg (str): The human-readable error message
"""
super(UserDeactivatedError, self).__init__(
code=http_client.FORBIDDEN, msg=msg, errcode=Codes.UNKNOWN
)


class RegistrationError(SynapseError):
"""An error raised when a registration event fails."""

Expand Down
9 changes: 9 additions & 0 deletions synapse/handlers/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
LoginError,
StoreError,
SynapseError,
UserDeactivatedError,
)
from synapse.api.ratelimiting import Ratelimiter
from synapse.logging.context import defer_to_thread
Expand Down Expand Up @@ -610,6 +611,7 @@ def check_user_exists(self, user_id):
Raises:
LimitExceededError if the ratelimiter's login requests count for this
user is too high too proceed.
UserDeactivatedError if a user is found but is deactivated.
"""
self.ratelimit_login_per_account(user_id)
res = yield self._find_user_id_and_pwd_hash(user_id)
Expand Down Expand Up @@ -825,6 +827,13 @@ def _check_local_password(self, user_id, password):
if not lookupres:
defer.returnValue(None)
(user_id, password_hash) = lookupres

# If the password hash is None, the account has likely been deactivated
if not password_hash:
deactivated = yield self.store.get_user_deactivated_status(user_id)
if deactivated:
raise UserDeactivatedError("This account has been deactivated")

result = yield self.validate_hash(password, password_hash)
if not result:
logger.warn("Failed password login for user %s", user_id)
Expand Down