From ed4d18f516385c2d367388aed00d13879273e99c Mon Sep 17 00:00:00 2001
From: Christoph Witzany <christoph@web.crofting.com>
Date: Wed, 6 Apr 2016 18:30:11 +0200
Subject: [PATCH] fix check for failed authentication

---
 synapse/handlers/auth.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 7c62f833ae..7a13a8b11c 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -230,7 +230,9 @@ class AuthHandler(BaseHandler):
         if not user_id.startswith('@'):
             user_id = UserID.create(user_id, self.hs.hostname).to_string()
 
-        self._check_password(user_id, password)
+        if not (yield self._check_password(user_id, password)):
+            logger.warn("Failed password login for user %s", user_id)
+            raise LoginError(403, "", errcode=Codes.FORBIDDEN)
 
         defer.returnValue(user_id)
 
@@ -356,7 +358,7 @@ class AuthHandler(BaseHandler):
             LoginError if there was an authentication problem.
         """
 
-        if not self._check_password(user_id, password):
+        if not (yield self._check_password(user_id, password)):
             logger.warn("Failed password login for user %s", user_id)
             raise LoginError(403, "", errcode=Codes.FORBIDDEN)
 
-- 
GitLab