Remove POST method from password reset submit_token endpoint (#6056)

2020-02-25 14:40:12 +00:00
parent 3d05c29909 62e3ff92fd
commit bd3a6f66a8
2 changed files with 1 additions and 19 deletions
--- a/changelog.d/6056.bugfix
+++ b/changelog.d/6056.bugfix
@@ -0,0 +1 @@
+Remove POST method from password reset submit_token endpoint until we implement submit_url functionality.
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -282,25 +282,6 @@ class PasswordResetSubmitTokenServlet(RestServlet):
        request.write(html.encode("utf-8"))
        finish_request(request)

-    @defer.inlineCallbacks
-    def on_POST(self, request, medium):
-        if medium != "email":
-            raise SynapseError(
-                400, "This medium is currently not supported for password resets"
-            )
-
-        body = parse_json_object_from_request(request)
-        assert_params_in_dict(body, ["sid", "client_secret", "token"])
-
-        assert_valid_client_secret(body["client_secret"])
-
-        valid, _ = yield self.store.validate_threepid_session(
-            body["sid"], body["client_secret"], body["token"], self.clock.time_msec()
-        )
-        response_code = 200 if valid else 400
-
-        return response_code, {"success": valid}
-

 class PasswordRestServlet(RestServlet):
    PATTERNS = client_patterns("/account/password$")
				`@@ -0,0 +1 @@`
				`Remove POST method from password reset submit_token endpoint until we implement submit_url functionality.`