Consistently check whether a password may be set for a user. (#9636)

Author: dklimpel

changelog.d/9636.bugfix

@@ -0,0 +1 @@
+Checks if passwords are allowed before setting it for the user.

synapse/handlers/set_password.py

@@ -41,7 +41,7 @@ async def set_password(
         logout_devices: bool,
         requester: Optional[Requester] = None,
     ) -> None:
-        if not self.hs.config.password_localdb_enabled:
+        if not self._auth_handler.can_change_password():
             raise SynapseError(403, "Password change disabled", errcode=Codes.FORBIDDEN)
 
         try:

synapse/rest/admin/users.py

@@ -271,7 +271,7 @@ async def on_PUT(
                 elif not deactivate and user["deactivated"]:
                     if (
                         "password" not in body
-                        and self.hs.config.password_localdb_enabled
+                        and self.auth_handler.can_change_password()
                     ):
                         raise SynapseError(
                             400, "Must provide a password to re-activate an account."

synapse/storage/databases/main/registration.py

@@ -1210,6 +1210,7 @@ def set_user_deactivated_status_txn(self, txn, user_id: str, deactivated: bool):
         self._invalidate_cache_and_stream(
             txn, self.get_user_deactivated_status, (user_id,)
         )
+        self._invalidate_cache_and_stream(txn, self.get_user_by_id, (user_id,))
         txn.call_after(self.is_guest.invalidate, (user_id,))
 
     @cached()