From 2fc34cbdafe5d264a0bd0f846df0ebf8f5ef6cbe Mon Sep 17 00:00:00 2001 From: dklimpel <5740567+dklimpel@users.noreply.github.com> Date: Fri, 8 Dec 2023 09:38:58 +0100 Subject: [PATCH] Allow reactivate a user without password --- synapse/rest/admin/users.py | 9 -------- tests/rest/admin/test_user.py | 41 ++++++++++++++++++++++++----------- 2 files changed, 28 insertions(+), 22 deletions(-) diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py index 77446970cb..cb24ffdd1b 100644 --- a/synapse/rest/admin/users.py +++ b/synapse/rest/admin/users.py @@ -406,15 +406,6 @@ class UserRestServletV2(RestServlet): target_user.to_string(), False, requester, by_admin=True ) elif not deactivate and user["deactivated"]: - if ( - "password" not in body - and self.auth_handler.can_change_password() - ): - raise SynapseError( - HTTPStatus.BAD_REQUEST, - "Must provide a password to re-activate an account.", - ) - await self.deactivate_account_handler.activate_account( target_user.to_string() ) diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py index cf71bbb461..fe23e77fd5 100644 --- a/tests/rest/admin/test_user.py +++ b/tests/rest/admin/test_user.py @@ -2741,7 +2741,7 @@ class UserRestTestCase(unittest.HomeserverTestCase): profile = self.get_success(self.store._get_user_in_directory(self.other_user)) self.assertIsNone(profile) - def test_reactivate_user(self) -> None: + def test_reactivate_user_with_password(self) -> None: """ Test reactivating another user. """ @@ -2749,16 +2749,7 @@ class UserRestTestCase(unittest.HomeserverTestCase): # Deactivate the user. self._deactivate_user("@user:test") - # Attempt to reactivate the user (without a password). - channel = self.make_request( - "PUT", - self.url_other_user, - access_token=self.admin_user_tok, - content={"deactivated": False}, - ) - self.assertEqual(400, channel.code, msg=channel.json_body) - - # Reactivate the user. + # Reactivate the user with password. channel = self.make_request( "PUT", self.url_other_user, @@ -2773,6 +2764,30 @@ class UserRestTestCase(unittest.HomeserverTestCase): # This key was removed intentionally. Ensure it is not accidentally re-included. self.assertNotIn("password_hash", channel.json_body) + def test_reactivate_user_without_password(self) -> None: + """ + Test reactivating another user without a password. + This can be using some local users and some user with SSO (password = `null`). + """ + + # Deactivate the user. + self._deactivate_user("@user:test") + + # Reactivate the user without a password. + channel = self.make_request( + "PUT", + self.url_other_user, + access_token=self.admin_user_tok, + content={"deactivated": False}, + ) + self.assertEqual(200, channel.code, msg=channel.json_body) + self.assertEqual("@user:test", channel.json_body["name"]) + self.assertFalse(channel.json_body["deactivated"]) + self._is_erased("@user:test", False) + + # This key was removed intentionally. Ensure it is not accidentally re-included. + self.assertNotIn("password_hash", channel.json_body) + @override_config({"password_config": {"localdb_enabled": False}}) def test_reactivate_user_localdb_disabled(self) -> None: """ @@ -2782,7 +2797,7 @@ class UserRestTestCase(unittest.HomeserverTestCase): # Deactivate the user. self._deactivate_user("@user:test") - # Reactivate the user with a password + # Reactivate the user with a password. channel = self.make_request( "PUT", self.url_other_user, @@ -2816,7 +2831,7 @@ class UserRestTestCase(unittest.HomeserverTestCase): # Deactivate the user. self._deactivate_user("@user:test") - # Reactivate the user with a password + # Reactivate the user with a password. channel = self.make_request( "PUT", self.url_other_user,