From 10e3ed83e9a63208eee07ec933b6a26fd76b51d2 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Thu, 9 May 2019 12:53:24 +0100
Subject: Check if Synapse should check given ISs

---
 synapse/handlers/identity.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'synapse/handlers/identity.py')

diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index 6066018275..b4c6e94777 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -350,6 +350,12 @@ class IdentityHandler(BaseHandler):
             https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
             for details
         """
+        if not self._should_trust_id_server(id_server):
+            raise SynapseError(
+                400, "Untrusted ID server '%s'" % id_server,
+                Codes.SERVER_NOT_TRUSTED
+            )
+
         if not self._enable_lookup:
             raise AuthError(
                 403, "Looking up third-party identifiers is denied from this server",
@@ -395,6 +401,12 @@ class IdentityHandler(BaseHandler):
             https://matrix.org/docs/spec/identity_service/r0.1.0.html#association-lookup
             for details
         """
+        if not self._should_trust_id_server(id_server):
+            raise SynapseError(
+                400, "Untrusted ID server '%s'" % id_server,
+                Codes.SERVER_NOT_TRUSTED
+            )
+
         if not self._enable_lookup:
             raise AuthError(
                 403, "Looking up third-party identifiers is denied from this server",
-- 
cgit 1.5.1