summary refs log tree commit diff
diff options
context:
space:
mode:
authorMatthew Hodgson <matthew@matrix.org>2018-05-03 02:47:55 +0100
committerMatthew Hodgson <matthew@matrix.org>2018-05-03 02:47:55 +0100
commit8a24c4eee515b21f3eb5572a62937ec1c04e677b (patch)
tree307a1778ec27b9c5a59314929710ff9cf025c652
parentMerge branch 'master' into dinsic (diff)
downloadsynapse-8a24c4eee515b21f3eb5572a62937ec1c04e677b.tar.xz
add option to disable changes to the 3PIDs for an account.
This only considers the /account/3pid API, which should be sufficient
as currently we can't change emails associated with push notifs
(which are provisioned at registration), and we can't directly create
mappings for accounts in an IS other than by answering an invite
Diffstat
-rw-r--r--synapse/config/registration.py8
-rw-r--r--synapse/rest/client/v2_alpha/account.py6
2 files changed, 14 insertions, 0 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py

index 34326718ad..070b7f0d93 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -37,6 +37,9 @@ class RegistrationConfig(Config):
             "check_is_for_allowed_local_3pids", None
         )
         self.allow_invited_3pids = config.get("allow_invited_3pids", False)
+
+        self.disable_3pid_changes = config.get("disable_3pid_changes", False)
+
         self.registration_shared_secret = config.get("registration_shared_secret")
 
         self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
@@ -89,6 +92,11 @@ class RegistrationConfig(Config):
         #     - medium: msisdn
         #       pattern: "\\+44"
 
+        # If true, stop users from trying to change the 3PIDs associated with
+        # their accounts.
+        #
+        # disable_3pid_changes: True
+
         # If set, allows registration by anyone who also has the shared
         # secret, even if registration is otherwise disabled.
         registration_shared_secret: "%(registration_shared_secret)s"
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py

index 7d43a33615..3738ad437e 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -314,6 +314,9 @@ class ThreepidRestServlet(RestServlet):
     def on_POST(self, request):
         yield run_on_reactor()
 
+        if self.hs.config.disable_3pid_changes:
+            raise SynapseError(400, "3PID changes disabled on this server")
+
         body = parse_json_object_from_request(request)
 
         threePidCreds = body.get('threePidCreds')
@@ -367,6 +370,9 @@ class ThreepidDeleteRestServlet(RestServlet):
     def on_POST(self, request):
         yield run_on_reactor()
 
+        if self.hs.config.disable_3pid_changes:
+            raise SynapseError(400, "3PID changes disabled on this server")
+
         body = parse_json_object_from_request(request)
 
         required = ['medium', 'address']
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-08-07 04:30:22 +0000