From 5e0888076fea8c70ab84114e1c261dd46330c1d6 Mon Sep 17 00:00:00 2001
From: Jeyachandran Rathnam <jai.rathnem@gmail.com>
Date: Mon, 9 Jan 2023 06:12:03 -0500
Subject: [PATCH] Disable sending confirmation email when 3pid is disabled
 #14682 (#14725)

* Fixes #12277 :Disable sending confirmation email when 3pid is disabled

* Fix test_add_email_if_disabled test case to reflect changes to enable_3pid_changes flag

* Add changelog file

* Rename newsfragment.

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
---
 changelog.d/14725.misc            |  1 +
 synapse/rest/client/account.py    |  5 +++++
 tests/rest/client/test_account.py | 30 +++++-------------------------
 3 files changed, 11 insertions(+), 25 deletions(-)
 create mode 100644 changelog.d/14725.misc

diff --git a/changelog.d/14725.misc b/changelog.d/14725.misc
new file mode 100644
index 000000000..a86c4f8c0
--- /dev/null
+++ b/changelog.d/14725.misc
@@ -0,0 +1 @@
+Disable sending confirmation email when 3pid is disabled.
diff --git a/synapse/rest/client/account.py b/synapse/rest/client/account.py
index b4b92f0c9..4373c7366 100644
--- a/synapse/rest/client/account.py
+++ b/synapse/rest/client/account.py
@@ -338,6 +338,11 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
             )
 
     async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
+        if not self.hs.config.registration.enable_3pid_changes:
+            raise SynapseError(
+                400, "3PID changes are disabled on this server", Codes.FORBIDDEN
+            )
+
         if not self.config.email.can_verify_email:
             logger.warning(
                 "Adding emails have been disabled due to lack of an email config"
diff --git a/tests/rest/client/test_account.py b/tests/rest/client/test_account.py
index c1a7fb2f8..88f255c9e 100644
--- a/tests/rest/client/test_account.py
+++ b/tests/rest/client/test_account.py
@@ -690,42 +690,22 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
         self.hs.config.registration.enable_3pid_changes = False
 
         client_secret = "foobar"
-        session_id = self._request_token(self.email, client_secret)
-
-        self.assertEqual(len(self.email_attempts), 1)
-        link = self._get_link_from_email()
-
-        self._validate_token(link)
-
         channel = self.make_request(
             "POST",
-            b"/_matrix/client/unstable/account/3pid/add",
+            b"/_matrix/client/unstable/account/3pid/email/requestToken",
             {
                 "client_secret": client_secret,
-                "sid": session_id,
-                "auth": {
-                    "type": "m.login.password",
-                    "user": self.user_id,
-                    "password": "test",
-                },
+                "email": "test@example.com",
+                "send_attempt": 1,
             },
-            access_token=self.user_id_tok,
         )
+
         self.assertEqual(
             HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
         )
+
         self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
 
-        # Get user
-        channel = self.make_request(
-            "GET",
-            self.url_3pid,
-            access_token=self.user_id_tok,
-        )
-
-        self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
-        self.assertFalse(channel.json_body["threepids"])
-
     def test_delete_email(self) -> None:
         """Test deleting an email from profile"""
         # Add a threepid