summary refs log tree commit diff
path: root/synapse/handlers/identity.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/handlers/identity.py')
-rw-r--r--synapse/handlers/identity.py14
1 files changed, 13 insertions, 1 deletions
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py

index 6066018275..f39803629e 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -350,6 +350,12 @@ class IdentityHandler(BaseHandler):
             https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
             for details
         """
+        if not self._should_trust_id_server(id_server):
+            raise SynapseError(
+                400, "Untrusted ID server '%s'" % id_server,
+                Codes.SERVER_NOT_TRUSTED
+            )
+
         if not self._enable_lookup:
             raise AuthError(
                 403, "Looking up third-party identifiers is denied from this server",
@@ -382,7 +388,7 @@ class IdentityHandler(BaseHandler):
 
     @defer.inlineCallbacks
     def bulk_lookup_3pid(self, id_server, threepids):
-        """Looks up a 3pid in the passed identity server.
+        """Looks up given 3pids in the passed identity server.
 
         Args:
             id_server (str): The server name (including port, if required)
@@ -395,6 +401,12 @@ class IdentityHandler(BaseHandler):
             https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
             for details
         """
+        if not self._should_trust_id_server(id_server):
+            raise SynapseError(
+                400, "Untrusted ID server '%s'" % id_server,
+                Codes.SERVER_NOT_TRUSTED
+            )
+
         if not self._enable_lookup:
             raise AuthError(
                 403, "Looking up third-party identifiers is denied from this server",
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-30 19:45:54 +0000