add disable_3pid_changes

3 files changed, 21 insertions, 0 deletions

diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml

index a73e4498fe..d3ecffac7d 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1065,6 +1065,11 @@ account_threepid_delegates:
 #disable_set_displayname: false
 #disable_set_avatar_url: false
 
+# If true, stop users from trying to change the 3PIDs associated with
+# their accounts.
+#
+#disable_3pid_changes: false
+
 # Users who register on this homeserver will automatically be joined
 # to these rooms
 #
diff --git a/synapse/config/registration.py b/synapse/config/registration.py

index 0422c39451..1abc0a79af 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -131,6 +131,7 @@ class RegistrationConfig(Config):
 
         self.disable_set_displayname = config.get("disable_set_displayname", False)
         self.disable_set_avatar_url = config.get("disable_set_avatar_url", False)
+        self.disable_3pid_changes = config.get("disable_3pid_changes", False)
 
         self.disable_msisdn_registration = config.get(
             "disable_msisdn_registration", False
@@ -341,6 +342,11 @@ class RegistrationConfig(Config):
         #disable_set_displayname: false
         #disable_set_avatar_url: false
 
+        # If true, stop users from trying to change the 3PIDs associated with
+        # their accounts.
+        #
+        #disable_3pid_changes: false
+
         # Users who register on this homeserver will automatically be joined
         # to these rooms
         #
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py

index dc837d6c75..97bddf36d9 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -599,6 +599,9 @@ class ThreepidRestServlet(RestServlet):
         return 200, {"threepids": threepids}
 
     async def on_POST(self, request):
+        if self.hs.config.disable_3pid_changes:
+            raise SynapseError(400, "3PID changes disabled on this server")
+
         requester = await self.auth.get_user_by_req(request)
         user_id = requester.user.to_string()
         body = parse_json_object_from_request(request)
@@ -643,6 +646,9 @@ class ThreepidAddRestServlet(RestServlet):
 
     @interactive_auth_handler
     async def on_POST(self, request):
+        if self.hs.config.disable_3pid_changes:
+            raise SynapseError(400, "3PID changes disabled on this server")
+
         requester = await self.auth.get_user_by_req(request)
         user_id = requester.user.to_string()
         body = parse_json_object_from_request(request)
@@ -738,10 +744,14 @@ class ThreepidDeleteRestServlet(RestServlet):
 
     def __init__(self, hs):
         super(ThreepidDeleteRestServlet, self).__init__()
+        self.hs = hs
         self.auth = hs.get_auth()
         self.auth_handler = hs.get_auth_handler()
 
     async def on_POST(self, request):
+        if self.hs.config.disable_3pid_changes:
+            raise SynapseError(400, "3PID changes disabled on this server")
+
         body = parse_json_object_from_request(request)
         assert_params_in_dict(body, ["medium", "address"])