Merge pull request #539 from matrix-org/markjh/3pid

Fix up the /account/3pid API
2024-10-01 08:25:44 -04:00 · 2016-01-29 16:34:13 +01:00 · 2016-01-29 16:34:13 +01:00 · b91baae09d
commit b91baae09d
parent ebc5f00efe 6927d0e091
4 changed files with 29 additions and 10 deletions
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@ -34,6 +34,7 @@ class RegistrationConfig(Config):
        self.registration_shared_secret = config.get("registration_shared_secret")
        self.macaroon_secret_key = config.get("macaroon_secret_key")
        self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
+        self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
        self.allow_guest_access = config.get("allow_guest_access", False)

    def default_config(self, **kwargs):
@ -60,6 +61,12 @@ class RegistrationConfig(Config):
        # participate in rooms hosted on this server which have been made
        # accessible to anonymous users.
        allow_guest_access: False
+
+        # The list of identity servers trusted to verify third party
+        # identifiers by this server.
+        trusted_third_party_id_servers:
+            - matrix.org
+            - vector.im
        """ % locals()

    def add_arguments(self, parser):
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@ -36,14 +36,15 @@ class IdentityHandler(BaseHandler):

        self.http_client = hs.get_simple_http_client()

+        self.trusted_id_servers = set(hs.config.trusted_third_party_id_servers)
+        self.trust_any_id_server_just_for_testing_do_not_use = (
+            hs.config.use_insecure_ssl_client_just_for_testing_do_not_use
+        )
+
    @defer.inlineCallbacks
    def threepid_from_creds(self, creds):
        yield run_on_reactor()

-        # XXX: make this configurable!
-        # trustedIdServers = ['matrix.org', 'localhost:8090']
-        trustedIdServers = ['matrix.org', 'vector.im']
-
        if 'id_server' in creds:
            id_server = creds['id_server']
        elif 'idServer' in creds:
@ -58,7 +59,16 @@ class IdentityHandler(BaseHandler):
        else:
            raise SynapseError(400, "No client_secret in creds")

-        if id_server not in trustedIdServers:
+        if id_server not in self.trusted_id_servers:
+            if self.trust_any_id_server_just_for_testing_do_not_use:
+                logger.warn(
+                    "Trusting untrustworthy ID server %r even though it isn't"
+                    " in the trusted id list for testing because"
+                    " 'use_insecure_ssl_client_just_for_testing_do_not_use'"
+                    " is set in the config",
+                    id_server,
+                )
+            else:
                logger.warn('%s is not a trusted ID server: rejecting 3pid ' +
                            'credentials', id_server)
                defer.returnValue(None)
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@ -116,9 +116,10 @@ class ThreepidRestServlet(RestServlet):

        body = parse_json_dict_from_request(request)

-        if 'threePidCreds' not in body:
+        threePidCreds = body.get('threePidCreds')
+        threePidCreds = body.get('three_pid_creds', threePidCreds)
+        if threePidCreds is None:
            raise SynapseError(400, "Missing param", Codes.MISSING_PARAM)
-        threePidCreds = body['threePidCreds']

        requester = yield self.auth.get_user_by_req(request)
        user_id = requester.user.to_string()
--- a/tests/utils.py
+++ b/tests/utils.py
@ -49,6 +49,7 @@ def setup_test_homeserver(name="test", datastore=None, config=None, **kargs):
        config.disable_registration = False
        config.macaroon_secret_key = "not even a little secret"
        config.server_name = "server.under.test"
+        config.trusted_third_party_id_servers = []

    if "clock" not in kargs:
        kargs["clock"] = MockClock()