diff options
| author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2022-07-12 19:18:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-12 19:18:53 +0100 |
| commit | fa71bb18b527d1a3e2629b48640ea67fff2f8c59 (patch) | |
| tree | c99e2552f4ce236edd52189ce29d5f47b81ce7b1 /synapse/config/registration.py | |
| parent | Log the stack when waiting for an entire room to be un-partial stated (#13257) (diff) | |
| download | synapse-fa71bb18b527d1a3e2629b48640ea67fff2f8c59.tar.xz | |
Drop support for delegating email validation (#13192)
* Drop support for delegating email validation Delegating email validation to an IS is insecure (since it allows the owner of the IS to do a password reset on your HS), and has long been deprecated. It will now cause a config error at startup. * Update unit test which checks for email verification Give it an `email` config instead of a threepid delegate * Remove unused method `requestEmailToken` * Simplify config handling for email verification Rather than an enum and a boolean, all we need here is a single bool, which says whether we are or are not doing email verification. * update docs * changelog * upgrade.md: fix typo * update version number this will be in 1.64, not 1.63 * update version number this one too
Diffstat (limited to 'synapse/config/registration.py')
| -rw-r--r-- | synapse/config/registration.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py index fcf99be092..685a0423c5 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -20,6 +20,13 @@ from synapse.config._base import Config, ConfigError from synapse.types import JsonDict, RoomAlias, UserID from synapse.util.stringutils import random_string_with_symbols, strtobool +NO_EMAIL_DELEGATE_ERROR = """\ +Delegation of email verification to an identity server is no longer supported. To +continue to allow users to add email addresses to their accounts, and use them for +password resets, configure Synapse with an SMTP server via the `email` setting, and +remove `account_threepid_delegates.email`. +""" + class RegistrationConfig(Config): section = "registration" @@ -51,7 +58,9 @@ class RegistrationConfig(Config): self.bcrypt_rounds = config.get("bcrypt_rounds", 12) account_threepid_delegates = config.get("account_threepid_delegates") or {} - self.account_threepid_delegate_email = account_threepid_delegates.get("email") + if "email" in account_threepid_delegates: + raise ConfigError(NO_EMAIL_DELEGATE_ERROR) + # self.account_threepid_delegate_email = account_threepid_delegates.get("email") self.account_threepid_delegate_msisdn = account_threepid_delegates.get("msisdn") self.default_identity_server = config.get("default_identity_server") self.allow_guest_access = config.get("allow_guest_access", False) |