Hit the 3pid unbind endpoint on deactivation

2025-05-03 18:14:48 -04:00 · 2018-05-23 14:38:56 +01:00 · 2018-05-23 14:38:56 +01:00 · 2c7866d664
commit 2c7866d664
parent 0a078026ea
4 changed files with 63 additions and 12 deletions
--- a/synapse/handlers/deactivate_account.py
+++ b/synapse/handlers/deactivate_account.py
@ -17,6 +17,7 @@ from twisted.internet import defer, reactor
 from ._base import BaseHandler
 from synapse.types import UserID, create_requester
 from synapse.util.logcontext import run_in_background
+from synapse.api.errors import SynapseError

 import logging

@ -30,6 +31,7 @@ class DeactivateAccountHandler(BaseHandler):
        self._auth_handler = hs.get_auth_handler()
        self._device_handler = hs.get_device_handler()
        self._room_member_handler = hs.get_room_member_handler()
+        self._identity_handler = hs.get_handlers().identity_handler

        # Flag that indicates whether the process to part users from rooms is running
        self._user_parter_running = False
@ -51,6 +53,25 @@ class DeactivateAccountHandler(BaseHandler):
        # FIXME: Theoretically there is a race here wherein user resets
        # password using threepid.

+        # delete threepids first. We remove these from the IS so if this fails,
+        # leave the user still active so they can try again.
+        # Ideally we would prevent password resets and then do this in the
+        # background thread.
+        threepids = yield self.store.user_get_threepids(user_id)
+        for threepid in threepids:
+            try:
+                yield self._identity_handler.unbind_threepid(user_id,
+                    {
+                        'medium': threepid['medium'],
+                        'address': threepid['address'],
+                    },
+                )
+            except:
+                # Do we want this to be a fatal error or should we carry on?
+                logger.exception("Failed to remove threepid from ID server")
+                raise SynapseError(400, "Failed to remove threepid from ID server")
+            yield self.store.user_delete_threepid(user_id, threepid['medium'], threepid['address'])
+
        # first delete any devices belonging to the user, which will also
        # delete corresponding access tokens.
        yield self._device_handler.delete_all_devices_for_user(user_id)
@ -58,7 +79,6 @@ class DeactivateAccountHandler(BaseHandler):
        # a device.
        yield self._auth_handler.delete_access_tokens_for_user(user_id)

-        yield self.store.user_delete_threepids(user_id)
        yield self.store.user_set_password_hash(user_id, None)

        # Add the user to a table of users pending deactivation (ie.