Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge branch 'anoa/reg_email' into anoa/reg_email_account_threepid_de…
Browse files Browse the repository at this point in the history
…legate

* anoa/reg_email:
  Remove trusted_third_party_id_servers functionality (#5875)
  • Loading branch information
anoadragon453 committed Aug 19, 2019
2 parents cfe7309 + 8a3175f commit e65faf5
Show file tree
Hide file tree
Showing 5 changed files with 22 additions and 27 deletions.
1 change: 1 addition & 0 deletions changelog.d/5875.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Deprecate the `trusted_third_party_id_servers` option.
2 changes: 2 additions & 0 deletions contrib/cmdclient/console.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,8 @@

CONFIG_JSON = "cmdclient_config.json"

# TODO: The concept of trusted identity servers has been deprecated. This option and checks
# should be removed
TRUSTED_ID_SERVERS = ["localhost:8001"]


Expand Down
8 changes: 8 additions & 0 deletions docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -890,6 +890,14 @@ uploads_path: "DATADIR/uploads"
# Also defines the ID server which will be called when an account is
# deactivated (one will be picked arbitrarily).
#
# Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity
# server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a
# background migration script, informing itself that the identity server all of its
# 3PIDs have been bound to is likely one of the below.
#
# As of Synapse v1.4.0, all other functionality of this option has been deprecated, and
# it is now solely used for the purposes of the background migration script, and can be
# removed once it has run.
#trusted_third_party_id_servers:
# - matrix.org
# - vector.im
Expand Down
8 changes: 8 additions & 0 deletions synapse/config/registration.py
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,14 @@ def generate_config_section(self, generate_secrets=False, **kwargs):
# Also defines the ID server which will be called when an account is
# deactivated (one will be picked arbitrarily).
#
# Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity
# server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a
# background migration script, informing itself that the identity server all of its
# 3PIDs have been bound to is likely one of the below.
#
# As of Synapse v1.4.0, all other functionality of this option has been deprecated, and
# it is now solely used for the purposes of the background migration script, and can be
# removed once it has run.
#trusted_third_party_id_servers:
# - matrix.org
# - vector.im
Expand Down
30 changes: 3 additions & 27 deletions synapse/handlers/identity.py
Original file line number Diff line number Diff line change
Expand Up @@ -37,25 +37,6 @@ def __init__(self, hs):
self.http_client = hs.get_simple_http_client()
self.federation_http_client = hs.get_http_client()

self.trusted_id_servers = set(hs.config.trusted_third_party_id_servers)
self.trust_any_id_server_just_for_testing_do_not_use = (
hs.config.use_insecure_ssl_client_just_for_testing_do_not_use
)

def _should_trust_id_server(self, id_server):
if id_server not in self.trusted_id_servers:
if self.trust_any_id_server_just_for_testing_do_not_use:
logger.warn(
"Trusting untrustworthy ID server %r even though it isn't"
" in the trusted id list for testing because"
" 'use_insecure_ssl_client_just_for_testing_do_not_use'"
" is set in the config",
id_server,
)
else:
return False
return True

@defer.inlineCallbacks
def threepid_from_creds(self, creds):
if "id_server" in creds:
Expand All @@ -72,13 +53,6 @@ def threepid_from_creds(self, creds):
else:
raise SynapseError(400, "No client_secret in creds")

if not self._should_trust_id_server(id_server):
logger.warn(
"%s is not a trusted ID server: rejecting 3pid " + "credentials",
id_server,
)
return None

try:
data = yield self.http_client.get_json(
"https://%s%s"
Expand Down Expand Up @@ -222,7 +196,9 @@ def try_unbind_threepid_with_id_server(self, mxid, threepid, id_server):
return changed

@defer.inlineCallbacks
def requestEmailToken(self, email, client_secret, send_attempt, next_link=None, **kwargs):
def requestEmailToken(
self, email, client_secret, send_attempt, next_link=None, **kwargs
):
"""
Request an external server send an email on our behalf for the purposes of threepid
validation.
Expand Down

0 comments on commit e65faf5

Please sign in to comment.