From 70b161deccdd9c116729d44d9fe38351f24ffe4f Mon Sep 17 00:00:00 2001
From: Andrew Morgan <andrew@amorgan.xyz>
Date: Wed, 5 Jun 2019 16:36:02 +0100
Subject: [PATCH] Move templates. New option to disable password resets

---
 res/templates/password_reset.html |  9 ---------
 res/templates/password_reset.txt  |  5 -----
 synapse/config/emailconfig.py     |  4 ++--
 synapse/config/password.py        | 14 ++++++++++++++
 tests/utils.py                    |  6 ------
 5 files changed, 16 insertions(+), 22 deletions(-)
 delete mode 100644 res/templates/password_reset.html
 delete mode 100644 res/templates/password_reset.txt

diff --git a/res/templates/password_reset.html b/res/templates/password_reset.html
deleted file mode 100644
index c58f61470c..0000000000
--- a/res/templates/password_reset.html
+++ /dev/null
@@ -1,9 +0,0 @@
-<html>
-<body>
-    <p>here's the link you forgetful person you!</p>
-
-    <a href="{{ link }}">Reset your password</a>
-
-    <p>now get on back to happy town!</p>
-</body>
-</html>
diff --git a/res/templates/password_reset.txt b/res/templates/password_reset.txt
deleted file mode 100644
index 0744747a7d..0000000000
--- a/res/templates/password_reset.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-here's the link you forgetful person you!
-
-{{ link }}
-
-now get on back to happy town!
diff --git a/synapse/config/emailconfig.py b/synapse/config/emailconfig.py
index df1384a7d6..299c24348e 100644
--- a/synapse/config/emailconfig.py
+++ b/synapse/config/emailconfig.py
@@ -64,7 +64,7 @@ class EmailConfig(Config):
         # work for the same reason.)
         if not template_dir:
             template_dir = pkg_resources.resource_filename(
-                'synapse', '../res/templates'
+                'synapse', 'res/templates'
             )
 
         self.email_template_dir = os.path.abspath(template_dir)
@@ -94,7 +94,7 @@ class EmailConfig(Config):
             jinja2
             bleach
 
-        if not self.email_enable_password_reset_from_is:
+        if self.allow_password_resets and not self.email_enable_password_reset_from_is:
             required = [
                 "smtp_host",
                 "smtp_port",
diff --git a/synapse/config/password.py b/synapse/config/password.py
index eea59e772b..1af75f00f8 100644
--- a/synapse/config/password.py
+++ b/synapse/config/password.py
@@ -21,6 +21,8 @@ class PasswordConfig(Config):
     """
 
     def read_config(self, config):
+        self.allow_password_resets = config.get("allow_password_resets", False)
+
         password_config = config.get("password_config", {})
         if password_config is None:
             password_config = {}
@@ -30,6 +32,18 @@ class PasswordConfig(Config):
 
     def default_config(self, config_dir_path, server_name, **kwargs):
         return """\
+        # Allow users to reset their password
+        #
+        # Resetting a user's password is done either by sending a token from
+        # Synapse, or asking an identity server to do so. In Synapse v1.0,
+        # sending a password reset token from an identity server was turned off
+        # by default for security reasons.
+        #
+        # If enable_password_reset_from_is is False, you must fill out the
+        # "email" section of the config before enabling password resets
+        #
+        #allow_password_resets: False
+
         password_config:
            # Uncomment to disable password login
            #
diff --git a/tests/utils.py b/tests/utils.py
index be282c31b7..c8c400cf0d 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -131,12 +131,6 @@ def default_config(name, parse=False):
         "password_providers": [],
         "worker_replication_url": "",
         "worker_app": None,
-        "email": {
-            "enable_notifs": False,
-            "smtp_host": "somehost",
-            "smtp_port": 25,
-            "notif_from": "someone <someone@example.com>",
-        },
         "block_non_admin_invites": False,
         "federation_domain_whitelist": None,
         "filter_timeline_limit": 5000,