kaslo/synapse
1
0
Fork 0
Code Wiki Activity

Merge remote-tracking branch 'origin/anoa/3pid_check_invite_exemption' into bbz/info-mainline-1.20.1

Browse Source
This commit is contained in:
Ben Banfield-Zanin
2020-09-29 17:16:55 +01:00
parent cc71678425 60784d81ef
commit 2506e36cf5
2 changed files with 28 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
synapse/rest/client/v2_alpha/register.py
View File

@@ -117,7 +117,7 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
send_attempt = body["send_attempt"]
next_link = body.get("next_link") # Optional param
if not await check_3pid_allowed(self.hs, "email", email):
if not await check_3pid_allowed(self.hs, "email", email, during_registration=True):
raise SynapseError(
403,
"You currently can't create an account with this email address",
@@ -192,7 +192,7 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):
msisdn = phone_number_to_msisdn(country, phone_number)
if not await check_3pid_allowed(self.hs, "msisdn", msisdn):
if not await check_3pid_allowed(self.hs, "msisdn", msisdn, during_registration=True):
raise SynapseError(
403,
"Phone numbers are not authorized to register on this server",
@@ -535,7 +535,9 @@ class RegisterRestServlet(RestServlet):
medium = auth_result[login_type]["medium"]
address = auth_result[login_type]["address"]
if not await check_3pid_allowed(self.hs, medium, address):
if not await check_3pid_allowed(
self.hs, medium, address, during_registration=True
):
raise SynapseError(
403,
"Third party identifiers (email/phone numbers)"

25
synapse/util/threepids.py
View File

@@ -19,7 +19,7 @@ import re
logger = logging.getLogger(__name__)
async def check_3pid_allowed(hs, medium, address):
async def check_3pid_allowed(hs, medium, address, during_registration: bool = False):
"""Checks whether a given format of 3PID is allowed to be used on this HS
Args:
@@ -27,11 +27,19 @@ async def check_3pid_allowed(hs, medium, address):
medium (str): 3pid medium - e.g. email, msisdn
address (str): address within that medium (e.g. "wotan@matrix.org")
msisdns need to first have been canonicalised
during_registration: Whether this request has been made while registering a new
user.
Returns:
bool: whether the 3PID medium/address is allowed to be added to this HS
"""
if hs.config.check_is_for_allowed_local_3pids:
if hs.config.check_is_for_allowed_local_3pids and during_registration:
# If this 3pid is being approved as part of registering a new user,
# we'll want to make sure the 3pid has been invited by someone already.
#
# We condition on registration so that user 3pids do not require an invite while
# doing tasks other than registration, such as resetting their password or adding a
# second email to their account.
data = await hs.get_simple_http_client().get_json(
"https://%s%s" % (
hs.config.check_is_for_allowed_local_3pids,
@@ -39,6 +47,10 @@ async def check_3pid_allowed(hs, medium, address):
),
{'medium': medium, 'address': address}
)
logger.info(
"Received internal-info data for medium '%s', address '%s': %s",
medium, address, data,
)
# Check for invalid response
if 'hs' not in data and 'shadow_hs' not in data:
@@ -49,10 +61,19 @@ async def check_3pid_allowed(hs, medium, address):
data.get('hs') != hs.config.server_name
and data.get('shadow_hs') != hs.config.server_name
):
logger.info(
"%s did not match %s or %s did not match %s",
data.get("hs"), hs.config.server_name,
data.get("shadow_hs"), hs.config.server_name,
)
return False
if data.get('requires_invite', False) and not data.get('invited', False):
# Requires an invite but hasn't been invited
logger.info(
"3PID check failed due to 'required_invite' = '%s' and 'invited' = '%s'",
data.get('required_invite'), data.get("invited"),
)
return False
return True