From 574b4ffddf17006e8ec054703648e44b83042422 Mon Sep 17 00:00:00 2001 From: David Robertson Date: Tue, 1 Feb 2022 19:43:22 +0000 Subject: [PATCH] Printf-debugging around MSDIDN validation --- synapse/rest/client/account.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/synapse/rest/client/account.py b/synapse/rest/client/account.py index 6b272658fc3c..9c46aae6bd55 100644 --- a/synapse/rest/client/account.py +++ b/synapse/rest/client/account.py @@ -468,6 +468,12 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: msisdn = phone_number_to_msisdn(country, phone_number) + # Didn't like the sound of logging `client_secret`, but the spec says it is + # "A unique string generated by the client, and used to identify the validation + # attempt." I.e. something to facilitate deduplication. I don't think it's a + # sensitive secret per se. + logger.info("Request to verify ownership of %s: %s", msisdn, body) + if not check_3pid_allowed(self.hs, "msisdn", msisdn): raise SynapseError( 403, @@ -494,6 +500,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: await self.hs.get_clock().sleep(random.randint(1, 10) / 10) return 200, {"sid": random_string(16)} + logger.info("MSISDN %s is already in use by %s", msisdn, existing_user_id) raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE) if not self.hs.config.registration.account_threepid_delegate_msisdn: @@ -518,6 +525,7 @@ async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: threepid_send_requests.labels(type="msisdn", reason="add_threepid").observe( send_attempt ) + logger.info("MSISDN %s is already in use by %s", msisdn, existing_user_id) return 200, ret