Allow accounts to be re-activated from the admin APIs. (#7847)
parent
f13061d515
commit
8c7d0f163d
|
@ -0,0 +1 @@
|
|||
Add the ability to re-activate an account from the admin API.
|
|
@ -91,10 +91,14 @@ Body parameters:
|
|||
|
||||
- ``admin``, optional, defaults to ``false``.
|
||||
|
||||
- ``deactivated``, optional, defaults to ``false``.
|
||||
- ``deactivated``, optional. If unspecified, deactivation state will be left
|
||||
unchanged on existing accounts and set to ``false`` for new accounts.
|
||||
|
||||
If the user already exists then optional parameters default to the current value.
|
||||
|
||||
In order to re-activate an account ``deactivated`` must be set to ``false``. If
|
||||
users do not login via single-sign-on, a new ``password`` must be provided.
|
||||
|
||||
List Accounts
|
||||
=============
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
import logging
|
||||
from typing import Optional
|
||||
|
||||
from synapse.api.errors import SynapseError
|
||||
from synapse.metrics.background_process_metrics import run_as_background_process
|
||||
|
@ -45,19 +46,20 @@ class DeactivateAccountHandler(BaseHandler):
|
|||
|
||||
self._account_validity_enabled = hs.config.account_validity.enabled
|
||||
|
||||
async def deactivate_account(self, user_id, erase_data, id_server=None):
|
||||
async def deactivate_account(
|
||||
self, user_id: str, erase_data: bool, id_server: Optional[str] = None
|
||||
) -> bool:
|
||||
"""Deactivate a user's account
|
||||
|
||||
Args:
|
||||
user_id (str): ID of user to be deactivated
|
||||
erase_data (bool): whether to GDPR-erase the user's data
|
||||
id_server (str|None): Use the given identity server when unbinding
|
||||
user_id: ID of user to be deactivated
|
||||
erase_data: whether to GDPR-erase the user's data
|
||||
id_server: Use the given identity server when unbinding
|
||||
any threepids. If None then will attempt to unbind using the
|
||||
identity server specified when binding (if known).
|
||||
|
||||
Returns:
|
||||
Deferred[bool]: True if identity server supports removing
|
||||
threepids, otherwise False.
|
||||
True if identity server supports removing threepids, otherwise False.
|
||||
"""
|
||||
# FIXME: Theoretically there is a race here wherein user resets
|
||||
# password using threepid.
|
||||
|
@ -134,11 +136,11 @@ class DeactivateAccountHandler(BaseHandler):
|
|||
|
||||
return identity_server_supports_unbinding
|
||||
|
||||
async def _reject_pending_invites_for_user(self, user_id):
|
||||
async def _reject_pending_invites_for_user(self, user_id: str):
|
||||
"""Reject pending invites addressed to a given user ID.
|
||||
|
||||
Args:
|
||||
user_id (str): The user ID to reject pending invites for.
|
||||
user_id: The user ID to reject pending invites for.
|
||||
"""
|
||||
user = UserID.from_string(user_id)
|
||||
pending_invites = await self.store.get_invited_rooms_for_local_user(user_id)
|
||||
|
@ -166,22 +168,16 @@ class DeactivateAccountHandler(BaseHandler):
|
|||
room.room_id,
|
||||
)
|
||||
|
||||
def _start_user_parting(self):
|
||||
def _start_user_parting(self) -> None:
|
||||
"""
|
||||
Start the process that goes through the table of users
|
||||
pending deactivation, if it isn't already running.
|
||||
|
||||
Returns:
|
||||
None
|
||||
"""
|
||||
if not self._user_parter_running:
|
||||
run_as_background_process("user_parter_loop", self._user_parter_loop)
|
||||
|
||||
async def _user_parter_loop(self):
|
||||
async def _user_parter_loop(self) -> None:
|
||||
"""Loop that parts deactivated users from rooms
|
||||
|
||||
Returns:
|
||||
None
|
||||
"""
|
||||
self._user_parter_running = True
|
||||
logger.info("Starting user parter")
|
||||
|
@ -198,11 +194,8 @@ class DeactivateAccountHandler(BaseHandler):
|
|||
finally:
|
||||
self._user_parter_running = False
|
||||
|
||||
async def _part_user(self, user_id):
|
||||
async def _part_user(self, user_id: str) -> None:
|
||||
"""Causes the given user_id to leave all the rooms they're joined to
|
||||
|
||||
Returns:
|
||||
None
|
||||
"""
|
||||
user = UserID.from_string(user_id)
|
||||
|
||||
|
@ -224,3 +217,18 @@ class DeactivateAccountHandler(BaseHandler):
|
|||
user_id,
|
||||
room_id,
|
||||
)
|
||||
|
||||
async def activate_account(self, user_id: str) -> None:
|
||||
"""
|
||||
Activate an account that was previously deactivated.
|
||||
|
||||
This simply marks the user as activate in the database and does not
|
||||
attempt to rejoin rooms, re-add threepids, etc.
|
||||
|
||||
The user will also need a password hash set to actually login.
|
||||
|
||||
Args:
|
||||
user_id: ID of user to be deactivated
|
||||
"""
|
||||
# Mark the user as activate.
|
||||
await self.store.set_user_deactivated_status(user_id, False)
|
||||
|
|
|
@ -239,6 +239,15 @@ class UserRestServletV2(RestServlet):
|
|||
await self.deactivate_account_handler.deactivate_account(
|
||||
target_user.to_string(), False
|
||||
)
|
||||
elif not deactivate and user["deactivated"]:
|
||||
if "password" not in body:
|
||||
raise SynapseError(
|
||||
400, "Must provide a password to re-activate an account."
|
||||
)
|
||||
|
||||
await self.deactivate_account_handler.activate_account(
|
||||
target_user.to_string()
|
||||
)
|
||||
|
||||
user = await self.admin_handler.get_user(target_user)
|
||||
return 200, user
|
||||
|
@ -254,7 +263,6 @@ class UserRestServletV2(RestServlet):
|
|||
admin = body.get("admin", None)
|
||||
user_type = body.get("user_type", None)
|
||||
displayname = body.get("displayname", None)
|
||||
threepids = body.get("threepids", None)
|
||||
|
||||
if user_type is not None and user_type not in UserTypes.ALL_USER_TYPES:
|
||||
raise SynapseError(400, "Invalid user type")
|
||||
|
|
|
@ -857,6 +857,53 @@ class UserRestTestCase(unittest.HomeserverTestCase):
|
|||
self.assertEqual("@user:test", channel.json_body["name"])
|
||||
self.assertEqual(True, channel.json_body["deactivated"])
|
||||
|
||||
def test_reactivate_user(self):
|
||||
"""
|
||||
Test reactivating another user.
|
||||
"""
|
||||
|
||||
# Deactivate the user.
|
||||
request, channel = self.make_request(
|
||||
"PUT",
|
||||
self.url_other_user,
|
||||
access_token=self.admin_user_tok,
|
||||
content=json.dumps({"deactivated": True}).encode(encoding="utf_8"),
|
||||
)
|
||||
self.render(request)
|
||||
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
|
||||
|
||||
# Attempt to reactivate the user (without a password).
|
||||
request, channel = self.make_request(
|
||||
"PUT",
|
||||
self.url_other_user,
|
||||
access_token=self.admin_user_tok,
|
||||
content=json.dumps({"deactivated": False}).encode(encoding="utf_8"),
|
||||
)
|
||||
self.render(request)
|
||||
self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
|
||||
|
||||
# Reactivate the user.
|
||||
request, channel = self.make_request(
|
||||
"PUT",
|
||||
self.url_other_user,
|
||||
access_token=self.admin_user_tok,
|
||||
content=json.dumps({"deactivated": False, "password": "foo"}).encode(
|
||||
encoding="utf_8"
|
||||
),
|
||||
)
|
||||
self.render(request)
|
||||
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
|
||||
|
||||
# Get user
|
||||
request, channel = self.make_request(
|
||||
"GET", self.url_other_user, access_token=self.admin_user_tok,
|
||||
)
|
||||
self.render(request)
|
||||
|
||||
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
|
||||
self.assertEqual("@user:test", channel.json_body["name"])
|
||||
self.assertEqual(False, channel.json_body["deactivated"])
|
||||
|
||||
def test_set_user_as_admin(self):
|
||||
"""
|
||||
Test setting the admin flag on a user.
|
||||
|
|
Loading…
Reference in New Issue