Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Minor fixes to user admin api
Browse files Browse the repository at this point in the history
* don't insist on a password (this is valid if you have an SSO login)
* fix reference to undefined `requester`
  • Loading branch information
richvdh committed Jan 22, 2020
1 parent 5d7a6ad commit f576e7b
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 9 deletions.
1 change: 1 addition & 0 deletions changelog.d/6761.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Minor fixes to `PUT /_synapse/admin/v2/users` admin api.
14 changes: 5 additions & 9 deletions synapse/rest/admin/users.py
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,8 @@ async def on_GET(self, request, user_id):
return 200, ret

async def on_PUT(self, request, user_id):
await assert_requester_is_admin(self.auth, request)
requester = await self.auth.get_user_by_req(request)
await assert_user_is_admin(self.auth, requester.user)

target_user = UserID.from_string(user_id)
body = parse_json_object_from_request(request)
Expand All @@ -162,8 +163,6 @@ async def on_PUT(self, request, user_id):
user = await self.admin_handler.get_user(target_user)

if user: # modify user
requester = await self.auth.get_user_by_req(request)

if "displayname" in body:
await self.profile_handler.set_displayname(
target_user, requester, body["displayname"], True
Expand Down Expand Up @@ -210,11 +209,8 @@ async def on_PUT(self, request, user_id):
return 200, user

else: # create user
if "password" not in body:
raise SynapseError(
400, "password must be specified", errcode=Codes.BAD_JSON
)
elif (
password = body.get("password")
if password is not None and (
not isinstance(body["password"], text_type)
or len(body["password"]) > 512
):
Expand All @@ -229,7 +225,7 @@ async def on_PUT(self, request, user_id):

user_id = await self.registration_handler.register_user(
localpart=target_user.localpart,
password=body["password"],
password=password,
admin=bool(admin),
default_display_name=displayname,
user_type=user_type,
Expand Down

0 comments on commit f576e7b

Please sign in to comment.