diff options
author | Brendan Abolivier <babolivier@matrix.org> | 2020-04-23 10:38:57 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-23 10:38:57 +0200 |
commit | 6f4319368b3afab661c55367b9348f9b77bc04a5 (patch) | |
tree | 5e009c19cceb24b38471762ecc63520ab154decd /synapse/config | |
parent | Improve example TURN configuration in documentation (#7284) (diff) | |
parent | Config option to inhibit 3PID errors on /requestToken (diff) | |
download | synapse-6f4319368b3afab661c55367b9348f9b77bc04a5.tar.xz |
Merge pull request #7315 from matrix-org/babolivier/request_token
Config option to inhibit 3PID errors on /requestToken
Diffstat (limited to 'synapse/config')
-rw-r--r-- | synapse/config/server.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/synapse/config/server.py b/synapse/config/server.py index 7525765fee..8acf3946eb 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -507,6 +507,17 @@ class ServerConfig(Config): self.enable_ephemeral_messages = config.get("enable_ephemeral_messages", False) + # Inhibits the /requestToken endpoints from returning an error that might leak + # information about whether an e-mail address is in use or not on this + # homeserver, and instead return a 200 with a fake sid if this kind of error is + # met, without sending anything. + # This is a compromise between sending an email, which could be a spam vector, + # and letting the client know which email address is bound to an account and + # which one isn't. + self.request_token_inhibit_3pid_errors = config.get( + "request_token_inhibit_3pid_errors", False, + ) + def has_tls_listener(self) -> bool: return any(l["tls"] for l in self.listeners) @@ -967,6 +978,16 @@ class ServerConfig(Config): # - shortest_max_lifetime: 3d # longest_max_lifetime: 1y # interval: 1d + + # Inhibits the /requestToken endpoints from returning an error that might leak + # information about whether an e-mail address is in use or not on this + # homeserver. + # Note that for some endpoints the error situation is the e-mail already being + # used, and for others the error is entering the e-mail being unused. + # If this option is enabled, instead of returning an error, these endpoints will + # act as if no error happened and return a fake session ID ('sid') to clients. + # + #request_token_inhibit_3pid_errors: true """ % locals() ) |