From 4f23183cd69d3fd263e146d64555acc6ac1a1e8e Mon Sep 17 00:00:00 2001 From: Denis Kasak Date: Wed, 31 Mar 2021 12:31:16 +0200 Subject: [PATCH 1/2] Make sample config allowed_local_3pids regex stricter. The regex should be terminated so that subdomain matches of another domain are not accepted. Just ensuring that someone doesn't shoot themselves in the foot by copying our example. Signed-off-by: Denis Kasak --- changelog.d/9719.doc | 1 + docs/sample_config.yaml | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 changelog.d/9719.doc diff --git a/changelog.d/9719.doc b/changelog.d/9719.doc new file mode 100644 index 000000000000..f018606dd6e1 --- /dev/null +++ b/changelog.d/9719.doc @@ -0,0 +1 @@ +Make the allowed_local_3pids regex example in the sample config stricter. diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index c73ea6b1611d..b0bf9877403e 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -1246,9 +1246,9 @@ account_validity: # #allowed_local_3pids: # - medium: email -# pattern: '.*@matrix\.org' +# pattern: '^[^@]+@matrix\.org$' # - medium: email -# pattern: '.*@vector\.im' +# pattern: '^[^@]+@vector\.im$' # - medium: msisdn # pattern: '\+44' From 2e0d15c0fcfe612520ef1ea5f9672943fe318a6a Mon Sep 17 00:00:00 2001 From: Denis Kasak Date: Wed, 31 Mar 2021 13:08:36 +0200 Subject: [PATCH 2/2] Also make the change in the appropriate config module. --- synapse/config/registration.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index ead007ba5afb..f27d1e14acba 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -298,9 +298,9 @@ def generate_config_section(self, generate_secrets=False, **kwargs): # #allowed_local_3pids: # - medium: email - # pattern: '.*@matrix\\.org' + # pattern: '^[^@]+@matrix\\.org$' # - medium: email - # pattern: '.*@vector\\.im' + # pattern: '^[^@]+@vector\\.im$' # - medium: msisdn # pattern: '\\+44'