search

matrix-org / synapse

Synapse: Matrix homeserver written in Python/Twisted.
https://matrix-org.github.io/synapse
Apache License 2.0
11.82k stars 2.13k forks source link

Reduce CPU overhead of change password endpoint #16264

Closed erikjohnston closed 1 year ago

erikjohnston commented 1 year ago

Due UIA it is valid for a client to sit hitting the endpoint repeatedly (if e.g. waiting for the user to click a link in an email). Currently, if the request includes the new password then we'll hash it each and every time we the request, which is expensive.

Instead, we only calculate and store the password hash if we haven't done it previously. When the request finally succeeds and includes password again, we will still hash and use that.

Reviewable commit-by-commit.

The first commit is simply a refactor.

clokep commented 1 year ago

(I should also note that this is a spot that has broken clients in the past.)