Merge pull request #5187 from matrix-org/dbkr/only_check_threepid_not_in_use_if_actually_registering

Only check 3pids not in use when registering
This commit is contained in:
David Baker 2019-05-16 10:58:09 +01:00 committed by GitHub
commit fafb936de5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 18 deletions

1
changelog.d/5187.bugfix Normal file
View File

@ -0,0 +1 @@
Fix a bug where the register endpoint would fail with M_THREEPID_IN_USE instead of returning an account previously registered in the same session.

View File

@ -394,13 +394,6 @@ class RegisterRestServlet(RestServlet):
# the user-facing checks will probably already have happened in # the user-facing checks will probably already have happened in
# /register/email/requestToken when we requested a 3pid, but that's not # /register/email/requestToken when we requested a 3pid, but that's not
# guaranteed. # guaranteed.
#
# Also check that we're not trying to register a 3pid that's already
# been registered.
#
# This has probably happened in /register/email/requestToken as well,
# but if a user hits this endpoint twice then clicks on each link from
# the two activation emails, they would register the same 3pid twice.
if auth_result: if auth_result:
for login_type in [LoginType.EMAIL_IDENTITY, LoginType.MSISDN]: for login_type in [LoginType.EMAIL_IDENTITY, LoginType.MSISDN]:
@ -416,17 +409,6 @@ class RegisterRestServlet(RestServlet):
Codes.THREEPID_DENIED, Codes.THREEPID_DENIED,
) )
existingUid = yield self.store.get_user_id_by_threepid(
medium, address,
)
if existingUid is not None:
raise SynapseError(
400,
"%s is already in use" % medium,
Codes.THREEPID_IN_USE,
)
if registered_user_id is not None: if registered_user_id is not None:
logger.info( logger.info(
"Already registered user ID %r for this session", "Already registered user ID %r for this session",
@ -449,6 +431,28 @@ class RegisterRestServlet(RestServlet):
if auth_result: if auth_result:
threepid = auth_result.get(LoginType.EMAIL_IDENTITY) threepid = auth_result.get(LoginType.EMAIL_IDENTITY)
# Also check that we're not trying to register a 3pid that's already
# been registered.
#
# This has probably happened in /register/email/requestToken as well,
# but if a user hits this endpoint twice then clicks on each link from
# the two activation emails, they would register the same 3pid twice.
for login_type in [LoginType.EMAIL_IDENTITY, LoginType.MSISDN]:
if login_type in auth_result:
medium = auth_result[login_type]['medium']
address = auth_result[login_type]['address']
existingUid = yield self.store.get_user_id_by_threepid(
medium, address,
)
if existingUid is not None:
raise SynapseError(
400,
"%s is already in use" % medium,
Codes.THREEPID_IN_USE,
)
(registered_user_id, _) = yield self.registration_handler.register( (registered_user_id, _) = yield self.registration_handler.register(
localpart=desired_username, localpart=desired_username,
password=new_password, password=new_password,