diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 34326718ad..070b7f0d93 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -37,6 +37,9 @@ class RegistrationConfig(Config): "check_is_for_allowed_local_3pids", None ) self.allow_invited_3pids = config.get("allow_invited_3pids", False) + + self.disable_3pid_changes = config.get("disable_3pid_changes", False) + self.registration_shared_secret = config.get("registration_shared_secret") self.bcrypt_rounds = config.get("bcrypt_rounds", 12) @@ -89,6 +92,11 @@ class RegistrationConfig(Config): # - medium: msisdn # pattern: "\\+44" + # If true, stop users from trying to change the 3PIDs associated with + # their accounts. + # + # disable_3pid_changes: True + # If set, allows registration by anyone who also has the shared # secret, even if registration is otherwise disabled. registration_shared_secret: "%(registration_shared_secret)s" diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py index 7d43a33615..3738ad437e 100644 --- a/synapse/rest/client/v2_alpha/account.py +++ b/synapse/rest/client/v2_alpha/account.py @@ -314,6 +314,9 @@ class ThreepidRestServlet(RestServlet): def on_POST(self, request): yield run_on_reactor() + if self.hs.config.disable_3pid_changes: + raise SynapseError(400, "3PID changes disabled on this server") + body = parse_json_object_from_request(request) threePidCreds = body.get('threePidCreds') @@ -367,6 +370,9 @@ class ThreepidDeleteRestServlet(RestServlet): def on_POST(self, request): yield run_on_reactor() + if self.hs.config.disable_3pid_changes: + raise SynapseError(400, "3PID changes disabled on this server") + body = parse_json_object_from_request(request) required = ['medium', 'address']