[1/2] Allow homeservers to send registration emails | Sending the email

UPGRADE.rst

@@ -49,6 +49,42 @@ returned by the Client-Server API:
     # configured on port 443.
     curl -kv https://<host.name>/_matrix/client/versions 2>&1 | grep "Server:"
 
+Upgrading to v1.4.0
+===================
+
+Config options
+--------------
+
+Synapse v1.4.0 deprecates the ``email.trust_identity_server_for_password_resets`` option and
+replaces it with ``account_threepid_delegate``. These options define whether the homeserver
+should use an external server (typically an `identity server
+<https://matrix.org/docs/spec/identity_service/r0.2.1>`_) to handle sending password reset
+tokens and (as of this Synapse release) registration via a third-party address (email or phone
+number).
+
+If ``email.trust_identity_server_for_password_resets`` was changed from its default to
+``true``, and ``account_threepid_delegate`` is not set to an identity server domain, then the
+server handling password resets and registration via third-party address will be set to the
+first entry in your config's ``trusted_third_party_id_servers`` entry. If no domains are
+configured, Synapse will throw an error on startup.
+
+If ``email.trust_identity_server_for_password_resets`` is not set to ``true`` and
+``account_threepid_delegate`` is not set to a domain, then Synapse will attempt to send
+password reset and registration tokens itself. Currently Synapse only supports sending emails,
+and does not have support for phone-based password reset or account registration. If Synapse is
+configured to handle these on its own, the ``email`` block of the config must be configured. If
+not, then password resets and registration via third-party IDs will be disabled.
+
+Email templates
+---------------
+
+If you have configured a custom email template directory with the ``email.template_dir``
+option, be aware that templates ``registration.html`` and ``registration.txt`` have been
+added, and Synapse will expect them to exist inside the configured template directory.
+
+To view the default email templates, see `synapse/res/templates
+<https://github.com/matrix-org/synapse/tree/master/synapse/res/templates>`_.
+
 Upgrading to v1.2.0
 ===================
 

changelog.d/5835.feature

@@ -1 +1 @@
-Ability to send registration emails from the homeserver.
+Add the ability to send registration emails from the homeserver rather than delegating to an Identity Server.

docs/sample_config.yaml

@@ -1208,6 +1208,11 @@ password_config:
 #   #password_reset_template_html: password_reset.html
 #   #password_reset_template_text: password_reset.txt
 #
+#   # Templates for registration emails sent by the homeserver
+#   #
+#   #registration_template_html: registration.html
+#   #registration_template_text: registration.txt
+#
 #   # Templates for password reset success and failure pages that a user
 #   # will see after attempting to reset their password
 #   #

synapse/config/emailconfig.py

@@ -87,7 +87,10 @@ def read_config(self, config, **kwargs):
         # if they have this set and tell them to use the updated option, while using a default
         # identity server in the process.
         self.using_identity_server_from_trusted_list = False
-        if config.get("trust_identity_server_for_password_resets", False) is True:
+        if (
+            not self.account_threepid_delegate
+            and config.get("trust_identity_server_for_password_resets", False) is True
+        ):
             # Use the first entry in self.trusted_third_party_id_servers instead
             if self.trusted_third_party_id_servers:
                 self.account_threepid_delegate = self.trusted_third_party_id_servers[0]
@@ -98,11 +101,11 @@ def read_config(self, config, **kwargs):
                     '"trusted_third_party_id_servers" but it is empty.'
                 )
 
-        self.local_threepid_emails_disabled_due_to_config = False
+        self.local_threepid_handling_disabled_due_to_email_config = False
         if self.threepid_behaviour == ThreepidBehaviour.LOCAL and email_config == {}:
             # We cannot warn the user this has happened here
             # Instead do so when a user attempts to reset their password
-            self.local_threepid_emails_disabled_due_to_config = True
+            self.local_threepid_handling_disabled_due_to_email_config = True
 
             self.threepid_behaviour = ThreepidBehaviour.OFF
 
@@ -197,7 +200,7 @@ def read_config(self, config, **kwargs):
             filepath = os.path.join(
                 self.email_template_dir, email_registration_template_success_html
             )
-            self.email_registration_template_success_html = self.read_file(
+            self.email_registration_template_success_html_content = self.read_file(
                 filepath, "email.registration_template_success_html"
             )
 
@@ -311,6 +314,11 @@ def generate_config_section(self, config_dir_path, server_name, **kwargs):
         #   #password_reset_template_html: password_reset.html
         #   #password_reset_template_text: password_reset.txt
         #
+        #   # Templates for registration emails sent by the homeserver
+        #   #
+        #   #registration_template_html: registration.html
+        #   #registration_template_text: registration.txt
+        #
         #   # Templates for password reset success and failure pages that a user
         #   # will see after attempting to reset their password
         #   #

synapse/handlers/identity.py

@@ -24,6 +24,7 @@
 from twisted.internet import defer
 
 from synapse.api.errors import CodeMessageException, HttpResponseException, SynapseError
+from synapse.util.stringutils import random_string
 
 from ._base import BaseHandler
 
@@ -196,6 +197,84 @@ def try_unbind_threepid_with_id_server(self, mxid, threepid, id_server):
 
         return changed
 
+    @defer.inlineCallbacks
+    def send_threepid_validation(
+        self,
+        email_address,
+        client_secret,
+        send_attempt,
+        send_email_func,
+        next_link=None,
+    ):
+        """Send a threepid validation email for password reset or
+        registration purposes
+
+        Args:
+            email_address (str): The user's email address
+            client_secret (str): The provided client secret
+            send_attempt (int): Which send attempt this is
+            send_email_func (func): A function that takes an email address, token,
+                                    client_secret and session_id, sends an email
+                                    and returns a Deferred.
+            next_link (str|None): The URL to redirect the user to after validation
+
+        Returns:
+            The new session_id upon success
+
+        Raises:
+            SynapseError is an error occurred when sending the email
+        """
+        # Check that this email/client_secret/send_attempt combo is new or
+        # greater than what we've seen previously
+        session = yield self.store.get_threepid_validation_session(
+            "email", client_secret, address=email_address, validated=False
+        )
+
+        # Check to see if a session already exists and that it is not yet
+        # marked as validated
+        if session and session.get("validated_at") is None:
+            session_id = session["session_id"]
+            last_send_attempt = session["last_send_attempt"]
+
+            # Check that the send_attempt is higher than previous attempts
+            if send_attempt <= last_send_attempt:
+                # If not, just return a success without sending an email
+                return session_id
+        else:
+            # An non-validated session does not exist yet.
+            # Generate a session id
+            session_id = random_string(16)
+
+        # Generate a new validation token
+        token = random_string(32)
+
+        # Send the mail with the link containing the token, client_secret
+        # and session_id
+        try:
+            yield send_email_func(email_address, token, client_secret, session_id)
+        except Exception:
+            logger.exception(
+                "Error sending threepid validation email to %s", email_address
+            )
+            raise SynapseError(500, "An error was encountered when sending the email")
+
+        token_expires = (
+            self.hs.clock.time_msec() + self.hs.config.email_validation_token_lifetime
+        )
+
+        yield self.store.start_or_continue_validation_session(
+            "email",
+            email_address,
+            session_id,
+            client_secret,
+            send_attempt,
+            next_link,
+            token,
+            token_expires,
+        )
+
+        return session_id
+
     @defer.inlineCallbacks
     def requestEmailToken(
         self, id_server, email, client_secret, send_attempt, next_link=None

synapse/push/mailer.py

@@ -28,7 +28,7 @@
 from twisted.internet import defer
 
 from synapse.api.constants import EventTypes
-from synapse.api.errors import StoreError, SynapseError
+from synapse.api.errors import StoreError
 from synapse.logging.context import make_deferred_yieldable
 from synapse.push.presentable_names import (
     calculate_room_name,
@@ -37,7 +37,6 @@
 )
 from synapse.types import UserID
 from synapse.util.async_helpers import concurrently_execute
-from synapse.util.stringutils import random_string
 from synapse.visibility import filter_events_for_client
 
 logger = logging.getLogger(__name__)
@@ -124,84 +123,6 @@ def __init__(self, hs, app_name, template_html, template_text):
 
         logger.info("Created Mailer for app_name %s" % app_name)
 
-    @defer.inlineCallbacks
-    def send_threepid_validation(
-        self,
-        email_address,
-        client_secret,
-        send_attempt,
-        send_email_func,
-        next_link=None,
-    ):
-        """Send a threepid validation email for password reset or
-        registration purposes
-
-        Args:
-            email_address (str): The user's email address
-            client_secret (str): The provided client secret
-            send_attempt (int): Which send attempt this is
-            send_email_func (func): A function that takes an email address, token,
-                                    client_secret and session_id, sends an email
-                                    and returns a Deferred.
-            next_link (str|None): The URL to redirect the user to after validation
-
-        Returns:
-            The new session_id upon success
-
-        Raises:
-            SynapseError is an error occurred when sending the email
-        """
-        # Check that this email/client_secret/send_attempt combo is new or
-        # greater than what we've seen previously
-        session = yield self.store.get_threepid_validation_session(
-            "email", client_secret, address=email_address, validated=False
-        )
-
-        # Check to see if a session already exists and that it is not yet
-        # marked as validated
-        if session and session.get("validated_at") is None:
-            session_id = session["session_id"]
-            last_send_attempt = session["last_send_attempt"]
-
-            # Check that the send_attempt is higher than previous attempts
-            if send_attempt <= last_send_attempt:
-                # If not, just return a success without sending an email
-                return session_id
-        else:
-            # An non-validated session does not exist yet.
-            # Generate a session id
-            session_id = random_string(16)
-
-        # Generate a new validation token
-        token = random_string(32)
-
-        # Send the mail with the link containing the token, client_secret
-        # and session_id
-        try:
-            yield send_email_func(email_address, token, client_secret, session_id)
-        except Exception:
-            logger.exception(
-                "Error sending threepid validation email to %s", email_address
-            )
-            raise SynapseError(500, "An error was encountered when sending the email")
-
-        token_expires = (
-            self.hs.clock.time_msec() + self.hs.config.email_validation_token_lifetime
-        )
-
-        yield self.store.start_or_continue_validation_session(
-            "email",
-            email_address,
-            session_id,
-            client_secret,
-            send_attempt,
-            next_link,
-            token,
-            token_expires,
-        )
-
-        return session_id
-
     @defer.inlineCallbacks
     def send_password_reset_mail(self, email_address, token, client_secret, sid):
         """Send an email with a password reset link to a user