diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index 6066018275..f39803629e 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -350,6 +350,12 @@ class IdentityHandler(BaseHandler):
https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
for details
"""
+ if not self._should_trust_id_server(id_server):
+ raise SynapseError(
+ 400, "Untrusted ID server '%s'" % id_server,
+ Codes.SERVER_NOT_TRUSTED
+ )
+
if not self._enable_lookup:
raise AuthError(
403, "Looking up third-party identifiers is denied from this server",
@@ -382,7 +388,7 @@ class IdentityHandler(BaseHandler):
@defer.inlineCallbacks
def bulk_lookup_3pid(self, id_server, threepids):
- """Looks up a 3pid in the passed identity server.
+ """Looks up given 3pids in the passed identity server.
Args:
id_server (str): The server name (including port, if required)
@@ -395,6 +401,12 @@ class IdentityHandler(BaseHandler):
https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
for details
"""
+ if not self._should_trust_id_server(id_server):
+ raise SynapseError(
+ 400, "Untrusted ID server '%s'" % id_server,
+ Codes.SERVER_NOT_TRUSTED
+ )
+
if not self._enable_lookup:
raise AuthError(
403, "Looking up third-party identifiers is denied from this server",
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
index f1037ce115..08079a9bc6 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -15,6 +15,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import logging
+import re
from six.moves import http_client
@@ -482,11 +483,10 @@ class ThreepidDeleteRestServlet(RestServlet):
class ThreepidLookupRestServlet(RestServlet):
- PATTERNS = client_v2_patterns("/account/3pid/lookup$")
+ PATTERNS = [re.compile("^/_matrix/client/unstable/account/3pid/lookup$")]
def __init__(self, hs):
super(ThreepidLookupRestServlet, self).__init__()
- self.config = hs.config
self.auth = hs.get_auth()
self.identity_handler = hs.get_handlers().identity_handler
@@ -514,11 +514,10 @@ class ThreepidLookupRestServlet(RestServlet):
class ThreepidBulkLookupRestServlet(RestServlet):
- PATTERNS = client_v2_patterns("/account/3pid/bulk_lookup$")
+ PATTERNS = [re.compile("^/_matrix/client/unstable/account/3pid/bulk_lookup$")]
def __init__(self, hs):
super(ThreepidBulkLookupRestServlet, self).__init__()
- self.config = hs.config
self.auth = hs.get_auth()
self.identity_handler = hs.get_handlers().identity_handler
diff --git a/tests/rest/client/test_identity.py b/tests/rest/client/test_identity.py
index ed149f3600..b942f1ffe6 100644
--- a/tests/rest/client/test_identity.py
+++ b/tests/rest/client/test_identity.py
@@ -26,6 +26,7 @@ from tests import unittest
class IdentityDisabledTestCase(unittest.HomeserverTestCase):
+ """Tests that 3PID lookup attempts fail when the HS's config disallows them."""
servlets = [
account.register_servlets,
@@ -38,6 +39,10 @@ class IdentityDisabledTestCase(unittest.HomeserverTestCase):
config = self.default_config()
config.enable_3pid_lookup = False
+ config.trusted_third_party_id_servers = [
+ "testis"
+ ]
+
self.hs = self.setup_test_homeserver(config=config)
return self.hs
@@ -100,6 +105,7 @@ class IdentityDisabledTestCase(unittest.HomeserverTestCase):
class IdentityEnabledTestCase(unittest.HomeserverTestCase):
+ """Tests that 3PID lookup attempts succeed when the HS's config allows them."""
servlets = [
account.register_servlets,
@@ -112,6 +118,9 @@ class IdentityEnabledTestCase(unittest.HomeserverTestCase):
config = self.default_config()
config.enable_3pid_lookup = True
+ config.trusted_third_party_id_servers = [
+ "testis"
+ ]
mock_http_client = Mock(spec=[
"get_json",
|
