Remove OPA-based password policy enforcement

matrix-org · Jun 26, 2024 · 27fd30e · 27fd30e
1 parent babce67
commit 27fd30e
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 23 deletions.
diff --git a/crates/handlers/src/graphql/mutations/user.rs b/crates/handlers/src/graphql/mutations/user.rs
@@ -466,11 +466,7 @@ impl UserMutations {
             return Err(async_graphql::Error::new("Unauthorized"));
         }
 
-        let mut policy = state.policy().await?;
-
-        let res = policy.evaluate_password(&input.new_password).await?;
-
-        if !res.valid() {
+        if input.new_password.is_empty() {
             // TODO Expose the reason for the policy violation
             // This involves redesigning the error handling
             // Idea would be to expose an errors array in the response,

diff --git a/crates/policy/src/lib.rs b/crates/policy/src/lib.rs
@@ -21,9 +21,7 @@ use thiserror::Error;
 use tokio::io::{AsyncRead, AsyncReadExt};
 use wasmtime::{Config, Engine, Module, Store};
 
-use self::model::{
-    AuthorizationGrantInput, ClientRegistrationInput, EmailInput, PasswordInput, RegisterInput,
-};
+use self::model::{AuthorizationGrantInput, ClientRegistrationInput, EmailInput, RegisterInput};
 pub use self::model::{EvaluationResult, Violation};
 use crate::model::GrantType;
 
@@ -193,21 +191,6 @@ impl Policy {
         Ok(res)
     }
 
-    #[tracing::instrument(name = "policy.evaluate_password", skip_all, err)]
-    pub async fn evaluate_password(
-        &mut self,
-        password: &str,
-    ) -> Result<EvaluationResult, EvaluationError> {
-        let input = PasswordInput { password };
-
-        let [res]: [EvaluationResult; 1] = self
-            .instance
-            .evaluate(&mut self.store, &self.entrypoints.password, &input)
-            .await?;
-
-        Ok(res)
-    }
-
     #[tracing::instrument(
         name = "policy.evaluate.register",
         skip_all,