Add a callback to allow modules to deny 3PID (#11854)

Part of the Tchap Synapse mainlining. This allows modules to implement extra logic to figure out whether a given 3PID can be added to the local homeserver. In the Tchap use case, this will allow a Synapse module to interface with the custom endpoint /internal_info.
2025-05-03 00:24:54 -04:00 · 2022-02-08 11:20:32 +01:00 · 2022-02-08 11:20:32 +01:00 · 0640f8ebaa
commit 0640f8ebaa
parent fef2e792be
8 changed files with 161 additions and 7 deletions
--- a/synapse/util/threepids.py
+++ b/synapse/util/threepids.py
@ -32,7 +32,12 @@ logger = logging.getLogger(__name__)
 MAX_EMAIL_ADDRESS_LENGTH = 500


-def check_3pid_allowed(hs: "HomeServer", medium: str, address: str) -> bool:
+async def check_3pid_allowed(
+    hs: "HomeServer",
+    medium: str,
+    address: str,
+    registration: bool = False,
+) -> bool:
    """Checks whether a given format of 3PID is allowed to be used on this HS

    Args:
@ -40,9 +45,15 @@ def check_3pid_allowed(hs: "HomeServer", medium: str, address: str) -> bool:
        medium: 3pid medium - e.g. email, msisdn
        address: address within that medium (e.g. "wotan@matrix.org")
            msisdns need to first have been canonicalised
+        registration: whether we want to bind the 3PID as part of registering a new user.
+
    Returns:
        bool: whether the 3PID medium/address is allowed to be added to this HS
    """
+    if not await hs.get_password_auth_provider().is_3pid_allowed(
+        medium, address, registration
+    ):
+        return False

    if hs.config.registration.allowed_local_3pids:
        for constraint in hs.config.registration.allowed_local_3pids: