diff --git a/changelog.d/11333.misc b/changelog.d/11333.misc
new file mode 100644
index 0000000000..6c1fd560ad
--- /dev/null
+++ b/changelog.d/11333.misc
@@ -0,0 +1 @@
+Remove deprecated `trust_identity_server_for_password_resets` configuration flag.
\ No newline at end of file
diff --git a/synapse/config/emailconfig.py b/synapse/config/emailconfig.py
index afd65fecd3..510b647c63 100644
--- a/synapse/config/emailconfig.py
+++ b/synapse/config/emailconfig.py
@@ -137,33 +137,14 @@ class EmailConfig(Config):
if self.root.registration.account_threepid_delegate_email
else ThreepidBehaviour.LOCAL
)
- # Prior to Synapse v1.4.0, there was another option that defined whether Synapse would
- # use an identity server to password reset tokens on its behalf. We now warn the user
- # if they have this set and tell them to use the updated option, while using a default
- # identity server in the process.
- self.using_identity_server_from_trusted_list = False
- if (
- not self.root.registration.account_threepid_delegate_email
- and config.get("trust_identity_server_for_password_resets", False) is True
- ):
- # Use the first entry in self.trusted_third_party_id_servers instead
- if self.trusted_third_party_id_servers:
- # XXX: It's a little confusing that account_threepid_delegate_email is modified
- # both in RegistrationConfig and here. We should factor this bit out
- first_trusted_identity_server = self.trusted_third_party_id_servers[0]
-
- # trusted_third_party_id_servers does not contain a scheme whereas
- # account_threepid_delegate_email is expected to. Presume https
- self.root.registration.account_threepid_delegate_email = (
- "https://" + first_trusted_identity_server
- )
- self.using_identity_server_from_trusted_list = True
- else:
- raise ConfigError(
- "Attempted to use an identity server from"
- '"trusted_third_party_id_servers" but it is empty.'
- )
+ if config.get("trust_identity_server_for_password_resets"):
+ raise ConfigError(
+ 'The config option "trust_identity_server_for_password_resets" '
+ 'has been replaced by "account_threepid_delegate". '
+ "Please consult the sample config at docs/sample_config.yaml for "
+ "details and update your config file."
+ )
self.local_threepid_handling_disabled_due_to_email_config = False
if (
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index 5379e80715..66382a479e 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -39,9 +39,7 @@ class RegistrationConfig(Config):
self.registration_shared_secret = config.get("registration_shared_secret")
self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
- self.trusted_third_party_id_servers = config.get(
- "trusted_third_party_id_servers", ["matrix.org", "vector.im"]
- )
+
account_threepid_delegates = config.get("account_threepid_delegates") or {}
self.account_threepid_delegate_email = account_threepid_delegates.get("email")
self.account_threepid_delegate_msisdn = account_threepid_delegates.get("msisdn")
diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index 3dbe611f95..c83eaea359 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -464,15 +464,6 @@ class IdentityHandler:
if next_link:
params["next_link"] = next_link
- if self.hs.config.email.using_identity_server_from_trusted_list:
- # Warn that a deprecated config option is in use
- logger.warning(
- 'The config option "trust_identity_server_for_password_resets" '
- 'has been replaced by "account_threepid_delegate". '
- "Please consult the sample config at docs/sample_config.yaml for "
- "details and update your config file."
- )
-
try:
data = await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/email/requestToken",
@@ -517,15 +508,6 @@ class IdentityHandler:
if next_link:
params["next_link"] = next_link
- if self.hs.config.email.using_identity_server_from_trusted_list:
- # Warn that a deprecated config option is in use
- logger.warning(
- 'The config option "trust_identity_server_for_password_resets" '
- 'has been replaced by "account_threepid_delegate". '
- "Please consult the sample config at docs/sample_config.yaml for "
- "details and update your config file."
- )
-
try:
data = await self.http_client.post_json_get_json(
id_server + "/_matrix/identity/api/v1/validate/msisdn/requestToken",
diff --git a/tests/config/test_load.py b/tests/config/test_load.py
index 765258c47a..d8668d56b2 100644
--- a/tests/config/test_load.py
+++ b/tests/config/test_load.py
@@ -94,3 +94,12 @@ class ConfigLoadingFileTestCase(ConfigFileTestCase):
# The default Metrics Flags are off by default.
config = HomeServerConfig.load_config("", ["-c", self.config_file])
self.assertFalse(config.metrics.metrics_flags.known_servers)
+
+ def test_depreciated_identity_server_flag_throws_error(self):
+ self.generate_config()
+ # Needed to ensure that actual key/value pair added below don't end up on a line with a comment
+ self.add_lines_to_config([" "])
+ # Check that presence of "trust_identity_server_for_password" throws config error
+ self.add_lines_to_config(["trust_identity_server_for_password_resets: true"])
+ with self.assertRaises(ConfigError):
+ HomeServerConfig.load_config("", ["-c", self.config_file])
|
