diff options
author | Brendan Abolivier <babolivier@matrix.org> | 2019-04-17 12:01:59 +0100 |
---|---|---|
committer | Brendan Abolivier <babolivier@matrix.org> | 2019-04-17 14:23:01 +0100 |
commit | 600ec04739a3fd7a2697a837f6e232c970bd97d3 (patch) | |
tree | c34521581fbc1bd1b5040b0ca059cc93cf6e15c8 /synapse/rest/client | |
parent | 0.99.3 (diff) | |
download | synapse-600ec04739a3fd7a2697a837f6e232c970bd97d3.tar.xz |
Make sure we're not registering the same 3pid twice
Diffstat (limited to 'synapse/rest/client')
-rw-r--r-- | synapse/rest/client/v2_alpha/register.py | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py index 6d235262c8..dc3e265bcd 100644 --- a/synapse/rest/client/v2_alpha/register.py +++ b/synapse/rest/client/v2_alpha/register.py @@ -391,6 +391,13 @@ class RegisterRestServlet(RestServlet): # the user-facing checks will probably already have happened in # /register/email/requestToken when we requested a 3pid, but that's not # guaranteed. + # + # Also check that we're not trying to register a 3pid that's already + # been registered. + # + # This has probably happened in /register/email/requestToken as well, + # but if a user hits this endpoint twice then clicks on each link from + # the two activation emails, they would register the same 3pid twice. if auth_result: for login_type in [LoginType.EMAIL_IDENTITY, LoginType.MSISDN]: @@ -406,6 +413,17 @@ class RegisterRestServlet(RestServlet): Codes.THREEPID_DENIED, ) + existingUid = yield self.store.get_user_id_by_threepid( + medium, address, + ) + + if existingUid is not None: + raise SynapseError( + 400, + "%s is already in use" % medium, + Codes.THREEPID_IN_USE, + ) + if registered_user_id is not None: logger.info( "Already registered user ID %r for this session", |