From 8a24c4eee515b21f3eb5572a62937ec1c04e677b Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Thu, 3 May 2018 02:47:55 +0100 Subject: [PATCH 1/2] add option to disable changes to the 3PIDs for an account. This only considers the /account/3pid API, which should be sufficient as currently we can't change emails associated with push notifs (which are provisioned at registration), and we can't directly create mappings for accounts in an IS other than by answering an invite --- synapse/config/registration.py | 8 ++++++++ synapse/rest/client/v2_alpha/account.py | 6 ++++++ 2 files changed, 14 insertions(+) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 34326718a..070b7f0d9 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -37,6 +37,9 @@ class RegistrationConfig(Config): "check_is_for_allowed_local_3pids", None ) self.allow_invited_3pids = config.get("allow_invited_3pids", False) + + self.disable_3pid_changes = config.get("disable_3pid_changes", False) + self.registration_shared_secret = config.get("registration_shared_secret") self.bcrypt_rounds = config.get("bcrypt_rounds", 12) @@ -89,6 +92,11 @@ class RegistrationConfig(Config): # - medium: msisdn # pattern: "\\+44" + # If true, stop users from trying to change the 3PIDs associated with + # their accounts. + # + # disable_3pid_changes: True + # If set, allows registration by anyone who also has the shared # secret, even if registration is otherwise disabled. registration_shared_secret: "%(registration_shared_secret)s" diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index 7d43a3361..3738ad437 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -314,6 +314,9 @@ class ThreepidRestServlet(RestServlet): def on_POST(self, request): yield run_on_reactor() + if self.hs.config.disable_3pid_changes: + raise SynapseError(400, "3PID changes disabled on this server") + body = parse_json_object_from_request(request) threePidCreds = body.get('threePidCreds') @@ -367,6 +370,9 @@ class ThreepidDeleteRestServlet(RestServlet): def on_POST(self, request): yield run_on_reactor() + if self.hs.config.disable_3pid_changes: + raise SynapseError(400, "3PID changes disabled on this server") + body = parse_json_object_from_request(request) required = ['medium', 'address'] From 25e471dac3c9f4e8b593c9e23b1e917a10305481 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Thu, 3 May 2018 11:46:56 +0100 Subject: [PATCH 2/2] fix defaults in config example --- synapse/config/registration.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 070b7f0d9..c87bea736 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -95,7 +95,7 @@ class RegistrationConfig(Config): # If true, stop users from trying to change the 3PIDs associated with # their accounts. # - # disable_3pid_changes: True + # disable_3pid_changes: False # If set, allows registration by anyone who also has the shared # secret, even if registration is otherwise disabled.