Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Allow users to rebind 3pids they own (MSC2229) #5996

Closed
wants to merge 5 commits into from
Closed

Allow users to rebind 3pids they own (MSC2229) #5996

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3b666c1
Implement MSC2229 - allow homeservers to rebind 3pids
anoadragon453 Sep 6, 2019
d29e4a3
Add changelog
anoadragon453 Sep 6, 2019
2f9d8dc
Address review comments
anoadragon453 Sep 9, 2019
dac83b7
lint
anoadragon453 Sep 9, 2019
ccbd9dc
clearer logic
anoadragon453 Sep 9, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/5996.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Allow users to rebind 3pids they own (MSC2229).
12 changes: 9 additions & 3 deletions synapse/rest/client/v2_alpha/account.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -412,12 +412,14 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
def __init__(self, hs):
super(EmailThreepidRequestTokenRestServlet, self).__init__()
self.hs = hs
self.auth = hs.get_auth()
self.config = hs.config
self.identity_handler = hs.get_handlers().identity_handler
self.store = self.hs.get_datastore()

@defer.inlineCallbacks
def on_POST(self, request):
requester = yield self.auth.get_user_by_req(request)
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
body = parse_json_object_from_request(request)
assert_params_in_dict(
body, ["id_server", "client_secret", "email", "send_attempt"]
Expand All @@ -439,7 +441,8 @@ def on_POST(self, request):
"email", body["email"]
)

if existing_user_id is not None:
# Allow this MSISDN to be rebound if the requester owns it
if existing_user_id != requester.user.to_string():
anoadragon453 marked this conversation as resolved.
Show resolved Hide resolved
raise SynapseError(400, "Email is already in use", Codes.THREEPID_IN_USE)

ret = yield self.identity_handler.requestEmailToken(
Expand All @@ -452,13 +455,15 @@ class MsisdnThreepidRequestTokenRestServlet(RestServlet):
PATTERNS = client_patterns("/account/3pid/msisdn/requestToken$")

def __init__(self, hs):
self.hs = hs
super(MsisdnThreepidRequestTokenRestServlet, self).__init__()
self.hs = hs
self.auth = hs.get_auth()
self.store = self.hs.get_datastore()
self.identity_handler = hs.get_handlers().identity_handler

@defer.inlineCallbacks
def on_POST(self, request):
requester = self.auth.get_user_by_req(request)
body = parse_json_object_from_request(request)
assert_params_in_dict(
body,
Expand All @@ -482,7 +487,8 @@ def on_POST(self, request):

existing_user_id = yield self.store.get_user_id_by_threepid("msisdn", msisdn)

if existing_user_id is not None:
# Allow this MSISDN to be rebound if the requester owns it
if existing_user_id != requester.user.to_string():
raise SynapseError(400, "MSISDN is already in use", Codes.THREEPID_IN_USE)

ret = yield self.identity_handler.requestMsisdnToken(
Expand Down