From d37d442376616d5084d412bb2d6c08cb495d89ac Mon Sep 17 00:00:00 2001
From: Olivier 'reivilibre <oliverw@matrix.org>
Date: Thu, 5 Jun 2025 13:01:32 +0100
Subject: [PATCH] User /login Admin API: check if user exists first

---
 synapse/rest/admin/users.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
index d6725eed8e..50ea52b865 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -1068,6 +1068,7 @@ class UserTokenRestServlet(RestServlet):
         self.store = hs.get_datastores().main
         self.auth = hs.get_auth()
         self.auth_handler = hs.get_auth_handler()
+        self.admin_handler = hs.get_admin_handler()
         self.is_mine_id = hs.is_mine_id
 
     async def on_POST(
@@ -1082,6 +1083,10 @@ class UserTokenRestServlet(RestServlet):
                 HTTPStatus.BAD_REQUEST, "Only local users can be logged in as"
             )
 
+        _user_info_dict = await self.admin_handler.get_user(UserID.from_string(user_id))
+        if not _user_info_dict:
+            raise NotFoundError("User not found")
+
         body = parse_json_object_from_request(request, allow_empty_body=True)
 
         valid_until_ms = body.get("valid_until_ms")