@@ -228,24 +228,32 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
228228 # they're not required to provide the password again.
229229 #
230230 # If a password is available now, hash the provided password and
231- # store it for later.
232- if new_password :
233- new_password_hash = await self .auth_handler .hash (new_password )
234- await self .auth_handler .set_session_data (
235- e .session_id ,
236- UIAuthSessionDataConstants .PASSWORD_HASH ,
237- new_password_hash ,
238- )
231+ # store it for later. We only do this if we don't already have the
232+ # password hash stored, to avoid repeatedly hashing the password.
233+
234+ if not new_password :
235+ raise
236+
237+ existing_session_password_hash = await self .auth_handler .get_session_data (
238+ e .session_id , UIAuthSessionDataConstants .PASSWORD_HASH , None
239+ )
240+ if existing_session_password_hash :
241+ raise
242+
243+ new_password_hash = await self .auth_handler .hash (new_password )
244+ await self .auth_handler .set_session_data (
245+ e .session_id ,
246+ UIAuthSessionDataConstants .PASSWORD_HASH ,
247+ new_password_hash ,
248+ )
239249 raise
240250
241251 # If we have a password in this request, prefer it. Otherwise, use the
242252 # password hash from an earlier request.
243253 if new_password :
244254 password_hash : Optional [str ] = await self .auth_handler .hash (new_password )
245255 elif session_id is not None :
246- password_hash = await self .auth_handler .get_session_data (
247- session_id , UIAuthSessionDataConstants .PASSWORD_HASH , None
248- )
256+ password_hash = existing_session_password_hash
249257 else :
250258 # UI validation was skipped, but the request did not include a new
251259 # password.
0 commit comments