Allow HS to send emails when adding an email to the HS

synapse/handlers/identity.py

@@ -114,10 +114,7 @@ def threepid_from_creds(self, id_server, creds):
 
         query_params = {"sid": session_id, "client_secret": client_secret}
 
-        url = "https://%s%s" % (
-            id_server,
-            "/_matrix/identity/api/v1/3pid/getValidated3pid",
-        )
+        url = "%s%s" % (id_server, "/_matrix/identity/api/v1/3pid/getValidated3pid")
 
         data = yield self.http_client.get_json(url, query_params)
         return data if "medium" in data else None

synapse/push/mailer.py

@@ -197,7 +197,7 @@ def send_add_threepid_mail(self, email_address, token, client_secret, sid):
         link = (
             self.hs.config.public_baseurl
             + "_matrix/client/unstable/add_threepid/email/submit_token?%s"
-            % urllib.parse.urlencode(params),
+            % urllib.parse.urlencode(params)
         )
 
         template_vars = {"link": link}

synapse/rest/client/v2_alpha/account.py

@@ -21,7 +21,12 @@
 from twisted.internet import defer
 
 from synapse.api.constants import LoginType
-from synapse.api.errors import Codes, SynapseError, ThreepidValidationError
+from synapse.api.errors import (
+    Codes,
+    HttpResponseException,
+    SynapseError,
+    ThreepidValidationError,
+)
 from synapse.config.emailconfig import ThreepidBehaviour
 from synapse.http.server import finish_request
 from synapse.http.servlet import (
@@ -193,7 +198,7 @@ class PasswordResetSubmitTokenServlet(RestServlet):
     """Handles 3PID validation token submission"""
 
     PATTERNS = client_patterns(
-        "/password_reset/(?P<medium>[^/]*)/submit_token$", releases=(), unstable=True
+        "/password_reset/(?P<medium>[^/]*)/submit_token/*$", releases=(), unstable=True
     )
 
     def __init__(self, hs):
@@ -524,7 +529,6 @@ def __init__(self, hs):
             hs (synapse.server.HomeServer): server
         """
         super().__init__()
-        self.auth = hs.get_auth()
         self.config = hs.config
         self.clock = hs.get_clock()
         self.store = hs.get_datastore()
@@ -535,7 +539,7 @@ def __init__(self, hs):
             )
 
     @defer.inlineCallbacks
-    def on_GET(self, request, medium):
+    def on_GET(self, request):
         if self.config.threepid_behaviour_email == ThreepidBehaviour.OFF:
             if self.config.local_threepid_handling_disabled_due_to_email_config:
                 logger.warn(
@@ -630,34 +634,43 @@ def on_POST(self, request):
         # Try to validate as email
         if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
             # Ask our delegated email identity server
-            validation_session = yield self.identity_handler.threepid_from_creds(
-                self.hs.config.account_threepid_delegate_email, threepid_creds
-            )
+            try:
+                validation_session = yield self.identity_handler.threepid_from_creds(
+                    self.hs.config.account_threepid_delegate_email, threepid_creds
+                )
+            except HttpResponseException:
+                pass
         elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
             # Get a validated session matching these details
             validation_session = yield self.datastore.get_threepid_validation_session(
                 "email", client_secret, sid=sid, validated=True
             )
 
-        if self._add_threepid_to_account(user_id, validation_session):
+        if validation_session and "error" not in validation_session:
+            yield self._add_threepid_to_account(user_id, validation_session)
             return 200, {}
 
         # Try to validate as msisdn
         if self.hs.config.account_threepid_delegate_msisdn:
             # Ask our delegated msisdn identity server
-            validation_session = yield self.identity_handler.threepid_from_creds(
-                self.hs.config.account_threepid_delegate_msisdn, threepid_creds
-            )
+            try:
+                validation_session = yield self.identity_handler.threepid_from_creds(
+                    self.hs.config.account_threepid_delegate_msisdn, threepid_creds
+                )
+            except HttpResponseException:
+                pass
 
-            if self._add_threepid_to_account(user_id, validation_session):
+            if validation_session and "error" not in validation_session:
+                yield self._add_threepid_to_account(user_id, validation_session)
                 return 200, {}
 
         raise SynapseError(
             400, "No validated 3pid session found", Codes.THREEPID_AUTH_FAILED
         )
 
+    @defer.inlineCallbacks
     def _add_threepid_to_account(self, user_id, validation_session):
-        """Attempt to add a threepid wrapped in a validation_session dict to an account
+        """Add a threepid wrapped in a validation_session dict to an account
 
         Args:
             user_id (str): The mxid of the user to add this 3PID to
@@ -668,22 +681,14 @@ def _add_threepid_to_account(self, user_id, validation_session):
                 * validated_at - timestamp of when the validation occurred
 
                 If validation_session is None, this method will return False
-
-        Returns:
-            A boolean stating whether adding the threepid was successful
         """
-        if not validation_session:
-            return False
-
         yield self.auth_handler.add_threepid(
             user_id,
             validation_session["medium"],
             validation_session["address"],
             validation_session["validated_at"],
         )
 
-        return True
-
 
 class ThreepidUnbindRestServlet(RestServlet):
     PATTERNS = client_patterns("/account/3pid/unbind$", releases=(), unstable=True)

sytest-blacklist

@@ -37,4 +37,4 @@ Can bind 3PID via home server
 Can bind and unbind 3PID via homeserver
 3PIDs are unbound after account deactivation
 Can bind and unbind 3PID via /unbind by specifying the identity server
-Can bind and unbind 3PID via /unbind without specifying the identity server
+Can bind and unbind 3PID via /unbind without specifying the identity server