Mirrors
/
synapse
mirror of https://github.com/element-hq/synapse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Threepid validity checks on msisdns should not be dependent on 'threepid_behaviour_email'. (#6104) 

Fixes #6103
This commit is contained in:
Neil Johnson 2019-09-25 12:29:35 +01:00 committed by Richard van der Hoff
parent 990928abde
commit 77dc7093a7
2 changed files with 36 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/6104.bugfix Normal file
View File

@ -0,0 +1 @@
Threepid validity checks on msisdns should not be dependent on 'threepid_behaviour_email'.

33
synapse/handlers/ui_auth/checkers.py
View File

@ -148,18 +148,24 @@ class _BaseThreepidAuthChecker:
identity_handler = self.hs.get_handlers().identity_handler identity_handler = self.hs.get_handlers().identity_handler
logger.info("Getting validated threepid. threepidcreds: %r", (threepid_creds,)) logger.info("Getting validated threepid. threepidcreds: %r", (threepid_creds,))
if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
if medium == "email": # msisdns are currently always ThreepidBehaviour.REMOTE
threepid = yield identity_handler.threepid_from_creds( if medium == "msisdn":
self.hs.config.account_threepid_delegate_email, threepid_creds if not self.hs.config.account_threepid_delegate_msisdn:
raise SynapseError(
400, "Phone number verification is not enabled on this homeserver"
) )
elif medium == "msisdn":
threepid = yield identity_handler.threepid_from_creds( threepid = yield identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds self.hs.config.account_threepid_delegate_msisdn, threepid_creds
) )
else: elif medium == "email":
raise SynapseError(400, "Unrecognized threepid medium: %s" % (medium,)) if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
assert self.hs.config.account_threepid_delegate_email
threepid = yield identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds
)
elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL: elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
threepid = None
row = yield self.store.get_threepid_validation_session( row = yield self.store.get_threepid_validation_session(
medium, medium,
threepid_creds["client_secret"], threepid_creds["client_secret"],
@ -167,23 +173,22 @@ class _BaseThreepidAuthChecker:
validated=True, validated=True,
) )
threepid = ( if row:
{ threepid = {
"medium": row["medium"], "medium": row["medium"],
"address": row["address"], "address": row["address"],
"validated_at": row["validated_at"], "validated_at": row["validated_at"],
} }
if row
else None
)
if row:
# Valid threepid returned, delete from the db # Valid threepid returned, delete from the db
yield self.store.delete_threepid_session(threepid_creds["sid"]) yield self.store.delete_threepid_session(threepid_creds["sid"])
else: else:
raise SynapseError( raise SynapseError(
400, "Password resets are not enabled on this homeserver" 400, "Email address verification is not enabled on this homeserver"
) )
else:
# this can't happen!
raise AssertionError("Unrecognized threepid medium: %s" % (medium,))
if not threepid: if not threepid:
raise LoginError(401, "", errcode=Codes.UNAUTHORIZED) raise LoginError(401, "", errcode=Codes.UNAUTHORIZED)