Minor fixes to user admin api (#6761)

* don't insist on a password (this is valid if you have an SSO login) * fix reference to undefined `requester`
5 years ago · 5bd3cb7260
parent 04345338e1
commit 5bd3cb7260
2 changed files with 6 additions and 9 deletions
--- a/changelog.d/6761.bugfix
+++ b/changelog.d/6761.bugfix
@ -0,0 +1 @@
+Minor fixes to `PUT /_synapse/admin/v2/users` admin api.
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@ -153,7 +153,8 @@ class UserRestServletV2(RestServlet):
        return 200, ret

    async def on_PUT(self, request, user_id):
-        await assert_requester_is_admin(self.auth, request)
+        requester = await self.auth.get_user_by_req(request)
+        await assert_user_is_admin(self.auth, requester.user)

        target_user = UserID.from_string(user_id)
        body = parse_json_object_from_request(request)
@ -164,8 +165,6 @@ class UserRestServletV2(RestServlet):
        user = await self.admin_handler.get_user(target_user)

        if user:  # modify user
-            requester = await self.auth.get_user_by_req(request)
-
            if "displayname" in body:
                await self.profile_handler.set_displayname(
                    target_user, requester, body["displayname"], True
@ -212,11 +211,8 @@ class UserRestServletV2(RestServlet):
            return 200, user

        else:  # create user
-            if "password" not in body:
-                raise SynapseError(
-                    400, "password must be specified", errcode=Codes.BAD_JSON
-                )
-            elif (
+            password = body.get("password")
+            if password is not None and (
                not isinstance(body["password"], text_type)
                or len(body["password"]) > 512
            ):
@ -231,7 +227,7 @@ class UserRestServletV2(RestServlet):

            user_id = await self.registration_handler.register_user(
                localpart=target_user.localpart,
-                password=body["password"],
+                password=password,
                admin=bool(admin),
                default_display_name=displayname,
                user_type=user_type,
				`@ -0,0 +1 @@`
				Minor fixes to `PUT /_synapse/admin/v2/users` admin api.