From 5e5725d35e437b4b89749b20dbf564b1edd6c45b Mon Sep 17 00:00:00 2001 From: Jeyachandran Rathnam Date: Thu, 15 Dec 2022 23:44:44 -0500 Subject: [PATCH 1/4] Fixes #12277 :Disable sending confirmation email when 3pid is disabled --- synapse/rest/client/account.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/synapse/rest/client/account.py b/synapse/rest/client/account.py index b4b92f0c9920..4373c7366262 100644 --- a/synapse/rest/client/account.py +++ b/synapse/rest/client/account.py @@ -338,6 +338,11 @@ def __init__(self, hs: "HomeServer"): ) async def on_POST(self, request: SynapseRequest) -> Tuple[int, JsonDict]: + if not self.hs.config.registration.enable_3pid_changes: + raise SynapseError( + 400, "3PID changes are disabled on this server", Codes.FORBIDDEN + ) + if not self.config.email.can_verify_email: logger.warning( "Adding emails have been disabled due to lack of an email config" From 60de1969d37ceb44aca835101f79aefdc7f613c2 Mon Sep 17 00:00:00 2001 From: Jeyachandran Rathnam Date: Fri, 16 Dec 2022 18:26:44 -0500 Subject: [PATCH 2/4] Fix test_add_email_if_disabled test case to reflect changes to enable_3pid_changes flag --- tests/rest/client/test_account.py | 30 +++++------------------------- 1 file changed, 5 insertions(+), 25 deletions(-) diff --git a/tests/rest/client/test_account.py b/tests/rest/client/test_account.py index c1a7fb2f8a10..88f255c9eea9 100644 --- a/tests/rest/client/test_account.py +++ b/tests/rest/client/test_account.py @@ -690,41 +690,21 @@ def test_add_email_if_disabled(self) -> None: self.hs.config.registration.enable_3pid_changes = False client_secret = "foobar" - session_id = self._request_token(self.email, client_secret) - - self.assertEqual(len(self.email_attempts), 1) - link = self._get_link_from_email() - - self._validate_token(link) - channel = self.make_request( "POST", - b"/_matrix/client/unstable/account/3pid/add", + b"/_matrix/client/unstable/account/3pid/email/requestToken", { "client_secret": client_secret, - "sid": session_id, - "auth": { - "type": "m.login.password", - "user": self.user_id, - "password": "test", - }, + "email": "test@example.com", + "send_attempt": 1, }, - access_token=self.user_id_tok, ) + self.assertEqual( HTTPStatus.BAD_REQUEST, channel.code, msg=channel.result["body"] ) - self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"]) - # Get user - channel = self.make_request( - "GET", - self.url_3pid, - access_token=self.user_id_tok, - ) - - self.assertEqual(HTTPStatus.OK, channel.code, msg=channel.result["body"]) - self.assertFalse(channel.json_body["threepids"]) + self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"]) def test_delete_email(self) -> None: """Test deleting an email from profile""" From e70bef31aadfe696dd2f88ee0c5e5ca7513390a8 Mon Sep 17 00:00:00 2001 From: Jeyachandran Rathnam Date: Fri, 16 Dec 2022 18:29:17 -0500 Subject: [PATCH 3/4] Add changelog file --- changelog.d/14682.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/14682.misc diff --git a/changelog.d/14682.misc b/changelog.d/14682.misc new file mode 100644 index 000000000000..8e52d8262dfe --- /dev/null +++ b/changelog.d/14682.misc @@ -0,0 +1 @@ +Disable sending confirmation email when 3pid is disabled. \ No newline at end of file From 41532f0d6e10f8194de5d42f943149e00b8806d7 Mon Sep 17 00:00:00 2001 From: Patrick Cloke Date: Thu, 5 Jan 2023 07:24:14 -0500 Subject: [PATCH 4/4] Rename newsfragment. --- changelog.d/14682.misc | 1 - changelog.d/14725.misc | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) delete mode 100644 changelog.d/14682.misc create mode 100644 changelog.d/14725.misc diff --git a/changelog.d/14682.misc b/changelog.d/14682.misc deleted file mode 100644 index 8e52d8262dfe..000000000000 --- a/changelog.d/14682.misc +++ /dev/null @@ -1 +0,0 @@ -Disable sending confirmation email when 3pid is disabled. \ No newline at end of file diff --git a/changelog.d/14725.misc b/changelog.d/14725.misc new file mode 100644 index 000000000000..a86c4f8c0527 --- /dev/null +++ b/changelog.d/14725.misc @@ -0,0 +1 @@ +Disable sending confirmation email when 3pid is disabled.