From 0fcf7e5c57571c8b98a26b0ddeac5e06cd575e22 Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <contact@brendanabolivier.com>
Date: Thu, 4 Apr 2019 17:25:47 +0100
Subject: Add config option to block users from looking up 3PIDs (#5010)

---
 synapse/config/registration.py  | 5 +++++
 synapse/handlers/room_member.py | 5 +++++
 2 files changed, 10 insertions(+)

(limited to 'synapse')

diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index e5c0ccb2af..8faf5b62e2 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -40,6 +40,7 @@ class RegistrationConfig(Config):
 
         self.disable_3pid_changes = config.get("disable_3pid_changes", False)
 
+        self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
         self.registration_shared_secret = config.get("registration_shared_secret")
         self.register_mxid_from_3pid = config.get("register_mxid_from_3pid")
         self.register_just_use_email_for_display_name = config.get(
@@ -146,6 +147,10 @@ class RegistrationConfig(Config):
         #
         #disable_3pid_changes: False
 
+        # Enable 3PIDs lookup requests to identity servers from this server.
+        #
+        #enable_3pid_lookup: true
+
         # If set, allows registration of standard or admin accounts by anyone who
         # has the shared secret, even if registration is otherwise disabled.
         #
diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py
index 382fe3a449..04ece8f4ce 100644
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@@ -71,6 +71,7 @@ class RoomMemberHandler(object):
         self.spam_checker = hs.get_spam_checker()
         self._server_notices_mxid = self.config.server_notices_mxid
         self.rewrite_identity_server_urls = self.config.rewrite_identity_server_urls
+        self._enable_lookup = hs.config.enable_3pid_lookup
 
     @abc.abstractmethod
     def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
@@ -808,6 +809,10 @@ class RoomMemberHandler(object):
         Returns:
             str: the matrix ID of the 3pid, or None if it is not recognized.
         """
+        if not self._enable_lookup:
+            raise SynapseError(
+                403, "Looking up third-party identifiers is denied from this server",
+            )
         try:
             target = self._get_id_server_target(id_server)
             data = yield self.simple_http_client.get_json(
-- 
cgit 1.5.1