add registrations_require_3pid

lets homeservers specify a whitelist for 3PIDs that users are allowed to associate with. Typically useful for stopping people from registering with non-work emails
2025-05-03 01:04:49 -04:00 · 2018-01-19 00:19:58 +00:00 · 2018-01-19 00:19:58 +00:00 · 28a6ccb49c
commit 28a6ccb49c
parent 36da256cc6
5 changed files with 110 additions and 13 deletions
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@ -26,7 +26,7 @@ from synapse.http.servlet import (
 )
 from synapse.util.async import run_on_reactor
 from synapse.util.msisdn import phone_number_to_msisdn
-from ._base import client_v2_patterns, interactive_auth_handler
+from ._base import client_v2_patterns, interactive_auth_handler, check_3pid_allowed

 logger = logging.getLogger(__name__)

@ -47,6 +47,9 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
            'id_server', 'client_secret', 'email', 'send_attempt'
        ])

+        if not check_3pid_allowed(self.hs, "email", body['email']):
+            raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
+
        existingUid = yield self.hs.get_datastore().get_user_id_by_threepid(
            'email', body['email']
        )
@ -78,6 +81,9 @@ class MsisdnPasswordRequestTokenRestServlet(RestServlet):

        msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])

+        if not check_3pid_allowed(self.hs, "msisdn", msisdn):
+            raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
+
        existingUid = yield self.datastore.get_user_id_by_threepid(
            'msisdn', msisdn
        )
@ -217,6 +223,9 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
        if absent:
            raise SynapseError(400, "Missing params: %r" % absent, Codes.MISSING_PARAM)

+        if not check_3pid_allowed(self.hs, "email", body['email']):
+            raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
+
        existingUid = yield self.datastore.get_user_id_by_threepid(
            'email', body['email']
        )
@ -255,6 +264,9 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):

        msisdn = phone_number_to_msisdn(body['country'], body['phone_number'])

+        if not check_3pid_allowed(self.hs, "msisdn", msisdn):
+            raise SynapseError(403, "3PID denied", Codes.THREEPID_DENIED)
+
        existingUid = yield self.datastore.get_user_id_by_threepid(
            'msisdn', msisdn
        )