Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

Added possibilty to disable local password authentication#3485

Closed
smhaller wants to merge 4 commits into
matrix-org:developfrom
smhaller:master
Closed

Added possibilty to disable local password authentication#3485
smhaller wants to merge 4 commits into
matrix-org:developfrom
smhaller:master

Conversation

@smhaller
Copy link
Copy Markdown

@smhaller smhaller commented Jul 5, 2018

Dear all,

this is a small patch which provides the possibility to

  • disable local database authentication and the possibility to change the local password

this is useful for e.g.: If someone uses a password_provider (e.g. ldap) and does not want:

  • that the users change the password outside the provider
  • that if the account is disable in the auth provider the user is not able to login anymore

@matrixbot
Copy link
Copy Markdown
Member

matrixbot commented Jul 5, 2018

Can one of the admins verify this patch?

1 similar comment
@matrixbot
Copy link
Copy Markdown
Member

matrixbot commented Jul 5, 2018

Can one of the admins verify this patch?

@richvdh
Copy link
Copy Markdown
Member

richvdh commented Jul 19, 2018

@matrixbot: test this please

@richvdh richvdh changed the base branch from master to develop July 19, 2018 09:28
richvdh
richvdh suggested changes Jul 19, 2018
View reviewed changes
Copy link
Copy Markdown
Member

@richvdh richvdh left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks for this. please also see CONTRIBUTING.rst, particularly regarding the request to sign off your PR.

Comment thread synapse/handlers/auth.py
if login_type == LoginType.PASSWORD:
known_login_type = True
if not self.hs.config.password_localdb:
raise LoginError(403, "Local DB Authentication Disabled",
Copy link
Copy Markdown
Member

@richvdh richvdh Jul 19, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd let this fall through to the "unknown login type"/"Invalid password" code below. I don't think "Local DB Authentication Disabled" is a helpful message for users.

In other words, just change line 681 to be:

if login_type == LoginType.PASSWORD and self.hs.config.password_localdb:

Comment thread synapse/config/password.py
def read_config(self, config):
password_config = config.get("password_config", {})
self.password_enabled = password_config.get("enabled", True)
self.password_localdb = password_config.get("localdb", True)
Copy link
Copy Markdown
Member

@richvdh richvdh Jul 19, 2018

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we call this password_localdb_enabled or something slightly more intuitive?

@richvdh
Copy link
Copy Markdown
Member

richvdh commented Jul 19, 2018

(oh and please can you update your branch from latest develop so that the tests pass)

@richvdh
Copy link
Copy Markdown
Member

richvdh commented Sep 18, 2018

closing this pending requested changes

@richvdh richvdh closed this Sep 18, 2018
@dhoffend dhoffend mentioned this pull request Apr 22, 2019
Merged
3 tasks
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@richvdh richvdh richvdh requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@smhaller @matrixbot @richvdh