Add a callback to allow modules to deny 3PID (#11854)

Part of the Tchap Synapse mainlining. This allows modules to implement extra logic to figure out whether a given 3PID can be added to the local homeserver. In the Tchap use case, this will allow a Synapse module to interface with the custom endpoint /internal_info.
2025-08-14 19:25:23 -04:00 · 2022-02-08 11:20:32 +01:00 · 2022-02-08 11:20:32 +01:00 · 0640f8ebaa
commit 0640f8ebaa
parent fef2e792be
8 changed files with 161 additions and 7 deletions
--- a/synapse/rest/client/register.py
+++ b/synapse/rest/client/register.py
@ -112,7 +112,7 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
        send_attempt = body["send_attempt"]
        next_link = body.get("next_link")  # Optional param

-        if not check_3pid_allowed(self.hs, "email", email):
+        if not await check_3pid_allowed(self.hs, "email", email, registration=True):
            raise SynapseError(
                403,
                "Your email domain is not authorized to register on this server",
@ -192,7 +192,7 @@ class MsisdnRegisterRequestTokenRestServlet(RestServlet):

        msisdn = phone_number_to_msisdn(country, phone_number)

-        if not check_3pid_allowed(self.hs, "msisdn", msisdn):
+        if not await check_3pid_allowed(self.hs, "msisdn", msisdn, registration=True):
            raise SynapseError(
                403,
                "Phone numbers are not authorized to register on this server",
@ -616,7 +616,9 @@ class RegisterRestServlet(RestServlet):
                    medium = auth_result[login_type]["medium"]
                    address = auth_result[login_type]["address"]

-                    if not check_3pid_allowed(self.hs, medium, address):
+                    if not await check_3pid_allowed(
+                        self.hs, medium, address, registration=True
+                    ):
                        raise SynapseError(
                            403,
                            "Third party identifiers (email/phone numbers)"