diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index a1fab99f6b..d37324cc46 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -79,9 +79,7 @@ from synapse.storage.databases.main.registration import (
from synapse.types import JsonDict, Requester, UserID
from synapse.util import stringutils as stringutils
from synapse.util.async_helpers import delay_cancellation, maybe_awaitable
-from synapse.util.msisdn import phone_number_to_msisdn
from synapse.util.stringutils import base62_encode
-from synapse.util.threepids import canonicalise_email
if TYPE_CHECKING:
from synapse.module_api import ModuleApi
@@ -153,42 +151,9 @@ def convert_client_dict_legacy_fields_to_identifier(
return identifier
-def login_id_phone_to_thirdparty(identifier: JsonDict) -> Dict[str, str]:
- """
- Convert a phone login identifier type to a generic threepid identifier.
-
- Args:
- identifier: Login identifier dict of type 'm.id.phone'
-
- Returns:
- An equivalent m.id.thirdparty identifier dict
- """
- if "country" not in identifier or (
- # The specification requires a "phone" field, while Synapse used to require a "number"
- # field. Accept both for backwards compatibility.
- "phone" not in identifier
- and "number" not in identifier
- ):
- raise SynapseError(
- 400, "Invalid phone-type identifier", errcode=Codes.INVALID_PARAM
- )
-
- # Accept both "phone" and "number" as valid keys in m.id.phone
- phone_number = identifier.get("phone", identifier["number"])
-
- # Convert user-provided phone number to a consistent representation
- msisdn = phone_number_to_msisdn(identifier["country"], phone_number)
-
- return {
- "type": "m.id.thirdparty",
- "medium": "msisdn",
- "address": msisdn,
- }
-
-
@attr.s(slots=True, auto_attribs=True)
class SsoLoginExtraAttributes:
- """Data we track about SAML2 sessions"""
+ """Data we track about SAML2 sessions""" # Not other SSO types...?
# time the session was created, in milliseconds
creation_time: int
@@ -1195,70 +1160,11 @@ class AuthHandler:
# convert phone type identifiers to generic threepids
if identifier_dict["type"] == "m.id.phone":
- identifier_dict = login_id_phone_to_thirdparty(identifier_dict)
+ raise SynapseError(400, "Third party identifiers are not supported on this server.")
# convert threepid identifiers to user IDs
if identifier_dict["type"] == "m.id.thirdparty":
- address = identifier_dict.get("address")
- medium = identifier_dict.get("medium")
-
- if medium is None or address is None:
- raise SynapseError(400, "Invalid thirdparty identifier")
-
- # For emails, canonicalise the address.
- # We store all email addresses canonicalised in the DB.
- # (See add_threepid in synapse/handlers/auth.py)
- if medium == "email":
- try:
- address = canonicalise_email(address)
- except ValueError as e:
- raise SynapseError(400, str(e))
-
- # We also apply account rate limiting using the 3PID as a key, as
- # otherwise using 3PID bypasses the ratelimiting based on user ID.
- if ratelimit:
- await self._failed_login_attempts_ratelimiter.ratelimit(
- None, (medium, address), update=False
- )
-
- # Check for login providers that support 3pid login types
- if login_type == LoginType.PASSWORD:
- # we've already checked that there is a (valid) password field
- assert isinstance(password, str)
- (
- canonical_user_id,
- callback_3pid,
- ) = await self.check_password_provider_3pid(medium, address, password)
- if canonical_user_id:
- # Authentication through password provider and 3pid succeeded
- return canonical_user_id, callback_3pid
-
- # No password providers were able to handle this 3pid
- # Check local store
- user_id = await self.hs.get_datastores().main.get_user_id_by_threepid(
- medium, address
- )
- if not user_id:
- logger.warning(
- "unknown 3pid identifier medium %s, address %r", medium, address
- )
- # We mark that we've failed to log in here, as
- # `check_password_provider_3pid` might have returned `None` due
- # to an incorrect password, rather than the account not
- # existing.
- #
- # If it returned None but the 3PID was bound then we won't hit
- # this code path, which is fine as then the per-user ratelimit
- # will kick in below.
- if ratelimit:
- await self._failed_login_attempts_ratelimiter.can_do_action(
- None, (medium, address)
- )
- raise LoginError(
- 403, msg=INVALID_USERNAME_OR_PASSWORD, errcode=Codes.FORBIDDEN
- )
-
- identifier_dict = {"type": "m.id.user", "user": user_id}
+ raise SynapseError(400, "Third party identifiers are not supported on this server.")
# by this point, the identifier should be an m.id.user: if it's anything
# else, we haven't understood it.
@@ -1548,83 +1454,6 @@ class AuthHandler:
user_id, (token_id for _, token_id, _ in tokens_and_devices)
)
- async def add_threepid(
- self, user_id: str, medium: str, address: str, validated_at: int
- ) -> None:
- """
- Adds an association between a user's Matrix ID and a third-party ID (email,
- phone number).
-
- Args:
- user_id: The ID of the user to associate.
- medium: The medium of the third-party ID (email, msisdn).
- address: The address of the third-party ID (i.e. an email address).
- validated_at: The timestamp in ms of when the validation that the user owns
- this third-party ID occurred.
- """
- # check if medium has a valid value
- if medium not in ["email", "msisdn"]:
- raise SynapseError(
- code=400,
- msg=("'%s' is not a valid value for 'medium'" % (medium,)),
- errcode=Codes.INVALID_PARAM,
- )
-
- # 'Canonicalise' email addresses down to lower case.
- # We've now moving towards the homeserver being the entity that
- # is responsible for validating threepids used for resetting passwords
- # on accounts, so in future Synapse will gain knowledge of specific
- # types (mediums) of threepid. For now, we still use the existing
- # infrastructure, but this is the start of synapse gaining knowledge
- # of specific types of threepid (and fixes the fact that checking
- # for the presence of an email address during password reset was
- # case sensitive).
- if medium == "email":
- address = canonicalise_email(address)
-
- await self.store.user_add_threepid(
- user_id, medium, address, validated_at, self.hs.get_clock().time_msec()
- )
-
- # Inform Synapse modules that a 3PID association has been created.
- await self._third_party_rules.on_add_user_third_party_identifier(
- user_id, medium, address
- )
-
- # Deprecated method for informing Synapse modules that a 3PID association
- # has successfully been created.
- await self._third_party_rules.on_threepid_bind(user_id, medium, address)
-
- async def delete_local_threepid(
- self, user_id: str, medium: str, address: str
- ) -> None:
- """Deletes an association between a third-party ID and a user ID from the local
- database. This method does not unbind the association from any identity servers.
-
- If `medium` is 'email' and a pusher is associated with this third-party ID, the
- pusher will also be deleted.
-
- Args:
- user_id: ID of user to remove the 3pid from.
- medium: The medium of the 3pid being removed: "email" or "msisdn".
- address: The 3pid address to remove.
- """
- # 'Canonicalise' email addresses as per above
- if medium == "email":
- address = canonicalise_email(address)
-
- await self.store.user_delete_threepid(user_id, medium, address)
-
- # Inform Synapse modules that a 3PID association has been deleted.
- await self._third_party_rules.on_remove_user_third_party_identifier(
- user_id, medium, address
- )
-
- if medium == "email":
- await self.store.delete_pusher_by_app_id_pushkey_user_id(
- app_id="m.email", pushkey=address, user_id=user_id
- )
-
async def hash(self, password: str) -> str:
"""Computes a secure hash of password.
|
