Hit the 3pid unbind endpoint on deactivation

2025-05-02 13:46:02 -04:00 · 2018-05-23 14:38:56 +01:00 · 2018-05-23 14:38:56 +01:00 · 2c7866d664
commit 2c7866d664
parent 0a078026ea
4 changed files with 63 additions and 12 deletions
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@ -1,6 +1,7 @@
 # -*- coding: utf-8 -*-
 # Copyright 2015, 2016 OpenMarket Ltd
 # Copyright 2017 Vector Creations Ltd
+# Copyright 2018 New Vector Ltd
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@ -38,6 +39,7 @@ class IdentityHandler(BaseHandler):
        super(IdentityHandler, self).__init__(hs)

        self.http_client = hs.get_simple_http_client()
+        self.federation_http_client = hs.get_http_client()

        self.trusted_id_servers = set(hs.config.trusted_third_party_id_servers)
        self.trust_any_id_server_just_for_testing_do_not_use = (
@ -138,6 +140,39 @@ class IdentityHandler(BaseHandler):
            data = json.loads(e.msg)
        defer.returnValue(data)

+    @defer.inlineCallbacks
+    def unbind_threepid(self, mxid, threepid):
+        yield run_on_reactor()
+        logger.debug("unbinding threepid %r from %s", threepid, mxid)
+        if not self.trusted_id_servers:
+            logger.warn("Can't unbind threepid: no trusted ID servers set in config")
+            defer.returnValue(False)
+        id_server = next(iter(self.trusted_id_servers))
+
+        url = "https://%s/_matrix/identity/api/v1/3pid/unbind" % (id_server,)
+        content = {
+            "mxid": mxid,
+            "threepid": threepid,
+        }
+        headers = {}
+        # we abuse the federation http client to sign the request, but we have to send it
+        # using the normal http client since we don't want the SRV lookup and want normal
+        # 'browser-like' HTTPS.
+        self.federation_http_client.sign_request(
+            destination=None,
+            method='POST',
+            url_bytes='/_matrix/identity/api/v1/3pid/unbind'.encode('ascii'),
+            headers_dict=headers,
+            content=content,
+            destination_is=id_server,
+        )
+        yield self.http_client.post_json_get_json(
+            url,
+            content,
+            headers,
+        )
+        defer.returnValue(True)
+
    @defer.inlineCallbacks
    def requestEmailToken(self, id_server, email, client_secret, send_attempt, **kwargs):
        yield run_on_reactor()