Disable sending confirmation email when 3pid is disabled #14682 (#14725)

* Fixes #12277 :Disable sending confirmation email when 3pid is disabled

* Fix test_add_email_if_disabled test case to reflect changes to enable_3pid_changes flag

* Add changelog file

* Rename newsfragment.

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
This commit is contained in:
Jeyachandran Rathnam 2023-01-09 06:12:03 -05:00 committed by GitHub
parent b4de0c63df
commit 5e0888076f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 25 deletions

1
changelog.d/14725.misc Normal file
View File

@ -0,0 +1 @@
Disable sending confirmation email when 3pid is disabled.

View File

@ -338,6 +338,11 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
) )
async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
if not self.hs.config.registration.enable_3pid_changes:
raise SynapseError(
400, "3PID changes are disabled on this server", Codes.FORBIDDEN
)
if not self.config.email.can_verify_email: if not self.config.email.can_verify_email:
logger.warning( logger.warning(
"Adding emails have been disabled due to lack of an email config" "Adding emails have been disabled due to lack of an email config"

View File

@ -690,42 +690,22 @@ class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
self.hs.config.registration.enable_3pid_changes = False self.hs.config.registration.enable_3pid_changes = False
client_secret = "foobar" client_secret = "foobar"
session_id = self._request_token(self.email, client_secret)
self.assertEqual(len(self.email_attempts), 1)
link = self._get_link_from_email()
self._validate_token(link)
channel = self.make_request( channel = self.make_request(
"POST", "POST",
b"/_matrix/client/unstable/account/3pid/add", b"/_matrix/client/unstable/account/3pid/email/requestToken",
{ {
"client_secret": client_secret, "client_secret": client_secret,
"sid": session_id, "email": "test@example.com",
"auth": { "send_attempt": 1,
"type": "m.login.password",
"user": self.user_id,
"password": "test",
},
}, },
access_token=self.user_id_tok,
) )
self.assertEqual( self.assertEqual(
HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"] HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"]
) )
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"]) self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
# Get user
channel = self.make_request(
"GET",
self.url_3pid,
access_token=self.user_id_tok,
)
self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"])
self.assertFalse(channel.json_body["threepids"])
def test_delete_email(self) -> None: def test_delete_email(self) -> None:
"""Test deleting an email from profile""" """Test deleting an email from profile"""
# Add a threepid # Add a threepid