Use internal-info for identity server. Block reg on fields

2024-12-22 12:44:30 +03:00 · 2019-02-18 12:19:43 +00:00 · 2019-02-18 12:19:43 +00:00 · 70e039c7ae
commit 70e039c7ae
parent 2712a9ef8f
3 changed files with 13 additions and 5 deletions
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@ -55,7 +55,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
        if not (yield check_3pid_allowed(self.hs, "email", body['email'])):
            raise SynapseError(
                403,
-                "Your email domain is not authorized on this server",
+                "Your email is not authorized on this server",
                Codes.THREEPID_DENIED,
            )

@ -271,7 +271,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
        if not (yield check_3pid_allowed(self.hs, "email", body['email'])):
            raise SynapseError(
                403,
-                "Your email domain is not authorized on this server",
+                "Your email is not authorized on this server",
                Codes.THREEPID_DENIED,
            )

--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@ -78,7 +78,7 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
        if not (yield check_3pid_allowed(self.hs, "email", body['email'])):
            raise SynapseError(
                403,
-                "Your email domain is not authorized to register on this server",
+                "Your email is not authorized to register on this server",
                Codes.THREEPID_DENIED,
            )

--- a/synapse/util/threepids.py
+++ b/synapse/util/threepids.py
@ -23,7 +23,7 @@ logger = logging.getLogger(__name__)

@defer.inlineCallbacks
 def check_3pid_allowed(hs, medium, address):
-    """Checks whether a given format of 3PID is allowed to be used on this HS
+    """Checks whether a given 3PID is allowed to be used on this HS

    Args:
        hs (synapse.server.HomeServer): server
@ -38,10 +38,18 @@ def check_3pid_allowed(hs, medium, address):
        data = yield hs.get_simple_http_client().get_json(
            "https://%s%s" % (
                hs.config.check_is_for_allowed_local_3pids,
-                "/_matrix/identity/api/v1/info"
+                "/_matrix/identity/api/v1/internal-info"
            ),
            {'medium': medium, 'address': address}
        )
+
+        # Assume false if invalid response
+        if 'hs' not in data:
+            defer.returnValue(False)
+
+        if data.get('requires_invite', False) and data.get('invited', False) == False:
+            # Requires an invite but hasn't been invited
+            defer.returnValue(False)
        if hs.config.allow_invited_3pids and data.get('invited'):
            defer.returnValue(True)
        else: