Add config option to block users from looking up 3PIDs (#5010)

author: Brendan Abolivier <contact@brendanabolivier.com> 2019-04-04 17:25:47 +0100
committer: GitHub <noreply@github.com> 2019-04-04 17:25:47 +0100
commit: 8e85493b0cdae25dd07c94c010dbf11bca947c2d (patch)
tree: b29f75868cf26a0de6005f28d700d82e738cfacc /synapse
parent: Clean up the database pagination code (#5007) (diff)
download: synapse-8e85493b0cdae25dd07c94c010dbf11bca947c2d.tar.xz
2 files changed, 10 insertions, 0 deletions
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index f6b2b9ceee..fcfda341e9 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -33,6 +33,7 @@ class RegistrationConfig(Config):
 
         self.registrations_require_3pid = config.get("registrations_require_3pid", [])
         self.allowed_local_3pids = config.get("allowed_local_3pids", [])
+        self.enable_3pid_lookup = config.get("enable_3pid_lookup", True)
         self.registration_shared_secret = config.get("registration_shared_secret")
 
         self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
@@ -97,6 +98,10 @@ class RegistrationConfig(Config):
         #  - medium: msisdn
         #    pattern: '\\+44'
 
+        # Enable 3PIDs lookup requests to identity servers from this server.
+        #
+        #enable_3pid_lookup: true
+
         # If set, allows registration of standard or admin accounts by anyone who
         # has the shared secret, even if registration is otherwise disabled.
         #
diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py
index e432740832..024d6db27a 100644
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@@ -70,6 +70,7 @@ class RoomMemberHandler(object):
         self.clock = hs.get_clock()
         self.spam_checker = hs.get_spam_checker()
         self._server_notices_mxid = self.config.server_notices_mxid
+        self._enable_lookup = hs.config.enable_3pid_lookup
 
     @abc.abstractmethod
     def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
@@ -738,6 +739,10 @@ class RoomMemberHandler(object):
         Returns:
             str: the matrix ID of the 3pid, or None if it is not recognized.
         """
+        if not self._enable_lookup:
+            raise SynapseError(
+                403, "Looking up third-party identifiers is denied from this server",
+            )
         try:
             data = yield self.simple_http_client.get_json(
                 "%s%s/_matrix/identity/api/v1/lookup" % (id_server_scheme, id_server,),
author	Brendan Abolivier <contact@brendanabolivier.com>	2019-04-04 17:25:47 +0100
committer	GitHub <noreply@github.com>	2019-04-04 17:25:47 +0100
commit	8e85493b0cdae25dd07c94c010dbf11bca947c2d (patch)
tree	b29f75868cf26a0de6005f28d700d82e738cfacc /synapse
parent	Clean up the database pagination code (#5007) (diff)
download	synapse-8e85493b0cdae25dd07c94c010dbf11bca947c2d.tar.xz