HACK: Bind email to identity server when using it for 3pid delegation

2020-04-24 11:16:05 +01:00
parent 00831b2323
commit ef8e78c1e6
2 changed files with 38 additions and 1 deletions
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -619,7 +619,13 @@ class RegistrationHandler(BaseHandler):
        return (device_id, access_token)

    @defer.inlineCallbacks
-    def post_registration_actions(self, user_id, auth_result, access_token):
+    def post_registration_actions(
+        self,
+        user_id,
+        auth_result,
+        access_token,
+        bind_threepid_creds=None,
+    ):
        """A user has completed registration

        Args:
@@ -628,6 +634,10 @@ class RegistrationHandler(BaseHandler):
                registered user.
            access_token (str|None): The access token of the newly logged in
                device, or None if `inhibit_login` enabled.
+            bind_threepid_creds (dict|None): A dictionary containing validated
+                client_secret, sid, and possibly an id_access_token. If set,
+                will attempt to bind the matching 3pid to the identity server
+                specified by self.config.account_threepid_delegate_email
        """
        if self.hs.config.worker_app:
            yield self._post_registration_client(
@@ -646,6 +656,22 @@ class RegistrationHandler(BaseHandler):

            yield self.register_email_threepid(user_id, threepid, access_token)

+            if bind_threepid_creds:
+                # We've been requested to bind a threepid to an identity server
+                # This should only be set if we're using an identity server as an
+                # account_threepid_delegate for email
+                logger.debug(
+                    "Binding email to %s on id_server %s",
+                    user_id, self.hs.config.account_threepid_delegate_email,
+                )
+                yield self.identity_handler.bind_threepid(
+                    bind_threepid_creds["client_secret"],
+                    bind_threepid_creds["sid"],
+                    user_id,
+                    self.hs.config.account_threepid_delegate_email,
+                    bind_threepid_creds.get("id_access_token"),
+                )
+
        if auth_result and LoginType.MSISDN in auth_result:
            threepid = auth_result[LoginType.MSISDN]
            yield self._register_msisdn_threepid(user_id, threepid)
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -697,10 +697,21 @@ class RegisterRestServlet(RestServlet):
        )

        if registered:
+            # If we're delegating email sending to a separate server,
+            # bind the new user's email address (if provided) to it
+            threepid_creds = None
+            if (
+                self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE
+                and LoginType.EMAIL_IDENTITY in auth_result
+            ):
+                logger.debug("Extracting 'threepid_creds' dict from %s", params)
+                threepid_creds = params["threepid_creds"]
+
            await self.registration_handler.post_registration_actions(
                user_id=registered_user_id,
                auth_result=auth_result,
                access_token=return_dict.get("access_token"),
+                threepid_creds=threepid_creds,
            )

        return 200, return_dict