Add User-Interactive Auth to /account/3pid/add (#6119)
This commit is contained in:
parent
1c3a61529f
commit
23ea572125
|
@ -0,0 +1 @@
|
||||||
|
Require User-Interactive Authentication for `/account/3pid/add`, meaning the user's password will be required to add a third-party ID to their account.
|
|
@ -642,6 +642,7 @@ class ThreepidAddRestServlet(RestServlet):
|
||||||
self.auth = hs.get_auth()
|
self.auth = hs.get_auth()
|
||||||
self.auth_handler = hs.get_auth_handler()
|
self.auth_handler = hs.get_auth_handler()
|
||||||
|
|
||||||
|
@interactive_auth_handler
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_POST(self, request):
|
def on_POST(self, request):
|
||||||
requester = yield self.auth.get_user_by_req(request)
|
requester = yield self.auth.get_user_by_req(request)
|
||||||
|
@ -652,6 +653,10 @@ class ThreepidAddRestServlet(RestServlet):
|
||||||
client_secret = body["client_secret"]
|
client_secret = body["client_secret"]
|
||||||
sid = body["sid"]
|
sid = body["sid"]
|
||||||
|
|
||||||
|
yield self.auth_handler.validate_user_via_ui_auth(
|
||||||
|
requester, body, self.hs.get_ip_from_request(request)
|
||||||
|
)
|
||||||
|
|
||||||
validation_session = yield self.identity_handler.validate_threepid_session(
|
validation_session = yield self.identity_handler.validate_threepid_session(
|
||||||
client_secret, sid
|
client_secret, sid
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in New Issue