Merge pull request #4681 from matrix-org/dinsic_anoa/info_split dinsic_2019-03-06

[DINSIC] Use internal-info for identity server

3 files changed, 19 insertions, 9 deletions

diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py

index d085951b23..e1745fad2d 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -55,7 +55,7 @@ class EmailPasswordRequestTokenRestServlet(RestServlet):
         if not (yield check_3pid_allowed(self.hs, "email", body['email'])):
             raise SynapseError(
                 403,
-                "Your email domain is not authorized on this server",
+                "Your email is not authorized on this server",
                 Codes.THREEPID_DENIED,
             )
 
@@ -271,7 +271,7 @@ class EmailThreepidRequestTokenRestServlet(RestServlet):
         if not (yield check_3pid_allowed(self.hs, "email", body['email'])):
             raise SynapseError(
                 403,
-                "Your email domain is not authorized on this server",
+                "Your email is not authorized on this server",
                 Codes.THREEPID_DENIED,
             )
 
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py

index fb9441a87a..cf1b70e39e 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -78,7 +78,7 @@ class EmailRegisterRequestTokenRestServlet(RestServlet):
         if not (yield check_3pid_allowed(self.hs, "email", body['email'])):
             raise SynapseError(
                 403,
-                "Your email domain is not authorized to register on this server",
+                "Your email is not authorized to register on this server",
                 Codes.THREEPID_DENIED,
             )
 
diff --git a/synapse/util/threepids.py b/synapse/util/threepids.py

index 353d220bad..84c56109ca 100644
--- a/synapse/util/threepids.py
+++ b/synapse/util/threepids.py
@@ -23,7 +23,7 @@ logger = logging.getLogger(__name__)
 
 @defer.inlineCallbacks
 def check_3pid_allowed(hs, medium, address):
-    """Checks whether a given format of 3PID is allowed to be used on this HS
+    """Checks whether a given 3PID is allowed to be used on this HS
 
     Args:
         hs (synapse.server.HomeServer): server
@@ -38,14 +38,24 @@ def check_3pid_allowed(hs, medium, address):
         data = yield hs.get_simple_http_client().get_json(
             "https://%s%s" % (
                 hs.config.check_is_for_allowed_local_3pids,
-                "/_matrix/identity/api/v1/info"
+                "/_matrix/identity/api/v1/internal-info"
             ),
             {'medium': medium, 'address': address}
         )
-        if hs.config.allow_invited_3pids and data.get('invited'):
-            defer.returnValue(True)
-        else:
-            defer.returnValue(data['hs'] == hs.config.server_name)
+
+        # Check for invalid response
+        if 'hs' not in data and 'shadow_hs' not in data:
+            defer.returnValue(False)
+
+        # Check if this user is intended to register for this homeserver
+        if data['hs'] != hs.config.server_name and data['shadow_hs'] != hs.config.server_name:
+            defer.returnValue(False)
+
+        if data.get('requires_invite', False) and not data.get('invited', False):
+            # Requires an invite but hasn't been invited
+            defer.returnValue(False)
+
+        defer.returnValue(True)
 
     if hs.config.allowed_local_3pids:
         for constraint in hs.config.allowed_local_3pids: