summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--changelog.d/7053.feature1
-rw-r--r--docs/sample_config.yaml13
-rw-r--r--synapse/config/registration.py17
-rw-r--r--synapse/handlers/profile.py16
-rw-r--r--synapse/rest/client/v2_alpha/account.py16
-rw-r--r--tests/handlers/test_profile.py33
-rw-r--r--tests/rest/client/v2_alpha/test_account.py303
7 files changed, 1 insertions, 398 deletions
diff --git a/changelog.d/7053.feature b/changelog.d/7053.feature
deleted file mode 100644
index 00f47b2a14..0000000000
--- a/changelog.d/7053.feature
+++ /dev/null
@@ -1 +0,0 @@
-Add options to prevent users from changing their profile or associated 3PIDs.
\ No newline at end of file
diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml
index 91eff4c8ad..2ff0dd05a2 100644
--- a/docs/sample_config.yaml
+++ b/docs/sample_config.yaml
@@ -1057,19 +1057,6 @@ account_threepid_delegates:
     #email: https://example.com     # Delegate email sending to example.com
     #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
 
-# If disabled, don't let users set their own display names/avatars
-# (unless they are a server admin) other than for the very first time.
-# Useful when provisioning users based on the contents of a 3rd party
-# directory and to avoid ambiguities.
-#
-#enable_set_displayname: true
-#enable_set_avatar_url: true
-
-# If false, stop users from trying to change the 3PIDs associated with
-# their accounts.
-#
-#enable_3pid_changes: true
-
 # Users who register on this homeserver will automatically be joined
 # to these rooms
 #
diff --git a/synapse/config/registration.py b/synapse/config/registration.py
index ee737eb40d..9bb3beedbc 100644
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -129,10 +129,6 @@ class RegistrationConfig(Config):
                 raise ConfigError("Invalid auto_join_rooms entry %s" % (room_alias,))
         self.autocreate_auto_join_rooms = config.get("autocreate_auto_join_rooms", True)
 
-        self.enable_set_displayname = config.get("enable_set_displayname", True)
-        self.enable_set_avatar_url = config.get("enable_set_avatar_url", True)
-        self.enable_3pid_changes = config.get("enable_3pid_changes", True)
-
         self.disable_msisdn_registration = config.get(
             "disable_msisdn_registration", False
         )
@@ -334,19 +330,6 @@ class RegistrationConfig(Config):
             #email: https://example.com     # Delegate email sending to example.com
             #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
 
-        # If disabled, don't let users set their own display names/avatars
-        # (unless they are a server admin) other than for the very first time.
-        # Useful when provisioning users based on the contents of a 3rd party
-        # directory and to avoid ambiguities.
-        #
-        #enable_set_displayname: true
-        #enable_set_avatar_url: true
-
-        # If false, stop users from trying to change the 3PIDs associated with
-        # their accounts.
-        #
-        #enable_3pid_changes: true
-
         # Users who register on this homeserver will automatically be joined
         # to these rooms
         #
diff --git a/synapse/handlers/profile.py b/synapse/handlers/profile.py
index 6aa1c0f5e0..50ce0c585b 100644
--- a/synapse/handlers/profile.py
+++ b/synapse/handlers/profile.py
@@ -157,15 +157,6 @@ class BaseProfileHandler(BaseHandler):
         if not by_admin and target_user != requester.user:
             raise AuthError(400, "Cannot set another user's displayname")
 
-        if not by_admin and not self.hs.config.enable_set_displayname:
-            profile = yield self.store.get_profileinfo(target_user.localpart)
-            if profile.display_name:
-                raise SynapseError(
-                    400,
-                    "Changing display name is disabled on this server",
-                    Codes.FORBIDDEN,
-                )
-
         if len(new_displayname) > MAX_DISPLAYNAME_LEN:
             raise SynapseError(
                 400, "Displayname is too long (max %i)" % (MAX_DISPLAYNAME_LEN,)
@@ -227,13 +218,6 @@ class BaseProfileHandler(BaseHandler):
         if not by_admin and target_user != requester.user:
             raise AuthError(400, "Cannot set another user's avatar_url")
 
-        if not by_admin and not self.hs.config.enable_set_avatar_url:
-            profile = yield self.store.get_profileinfo(target_user.localpart)
-            if profile.avatar_url:
-                raise SynapseError(
-                    400, "Changing avatar is disabled on this server", Codes.FORBIDDEN
-                )
-
         if len(new_avatar_url) > MAX_AVATAR_URL_LEN:
             raise SynapseError(
                 400, "Avatar URL is too long (max %i)" % (MAX_AVATAR_URL_LEN,)
diff --git a/synapse/rest/client/v2_alpha/account.py b/synapse/rest/client/v2_alpha/account.py
index e40136f2f3..dc837d6c75 100644
--- a/synapse/rest/client/v2_alpha/account.py
+++ b/synapse/rest/client/v2_alpha/account.py
@@ -599,11 +599,6 @@ class ThreepidRestServlet(RestServlet):
         return 200, {"threepids": threepids}
 
     async def on_POST(self, request):
-        if not self.hs.config.enable_3pid_changes:
-            raise SynapseError(
-                400, "3PID changes are disabled on this server", Codes.FORBIDDEN
-            )
-
         requester = await self.auth.get_user_by_req(request)
         user_id = requester.user.to_string()
         body = parse_json_object_from_request(request)
@@ -648,11 +643,6 @@ class ThreepidAddRestServlet(RestServlet):
 
     @interactive_auth_handler
     async def on_POST(self, request):
-        if not self.hs.config.enable_3pid_changes:
-            raise SynapseError(
-                400, "3PID changes are disabled on this server", Codes.FORBIDDEN
-            )
-
         requester = await self.auth.get_user_by_req(request)
         user_id = requester.user.to_string()
         body = parse_json_object_from_request(request)
@@ -748,16 +738,10 @@ class ThreepidDeleteRestServlet(RestServlet):
 
     def __init__(self, hs):
         super(ThreepidDeleteRestServlet, self).__init__()
-        self.hs = hs
         self.auth = hs.get_auth()
         self.auth_handler = hs.get_auth_handler()
 
     async def on_POST(self, request):
-        if not self.hs.config.enable_3pid_changes:
-            raise SynapseError(
-                400, "3PID changes are disabled on this server", Codes.FORBIDDEN
-            )
-
         body = parse_json_object_from_request(request)
         assert_params_in_dict(body, ["medium", "address"])
 
diff --git a/tests/handlers/test_profile.py b/tests/handlers/test_profile.py
index e600b9777b..d60c124eec 100644
--- a/tests/handlers/test_profile.py
+++ b/tests/handlers/test_profile.py
@@ -19,7 +19,7 @@ from mock import Mock, NonCallableMock
 from twisted.internet import defer
 
 import synapse.types
-from synapse.api.errors import AuthError, SynapseError
+from synapse.api.errors import AuthError
 from synapse.handlers.profile import MasterProfileHandler
 from synapse.types import UserID
 
@@ -70,7 +70,6 @@ class ProfileTestCase(unittest.TestCase):
         yield self.store.create_profile(self.frank.localpart)
 
         self.handler = hs.get_profile_handler()
-        self.hs = hs
 
     @defer.inlineCallbacks
     def test_get_my_name(self):
@@ -92,19 +91,6 @@ class ProfileTestCase(unittest.TestCase):
         )
 
     @defer.inlineCallbacks
-    def test_set_my_name_if_disabled(self):
-        self.hs.config.enable_set_displayname = False
-
-        # Set first displayname is allowed, if displayname is null
-        yield self.store.set_profile_displayname(self.frank.localpart, "Frank")
-
-        d = self.handler.set_displayname(
-            self.frank, synapse.types.create_requester(self.frank), "Frank Jr."
-        )
-
-        yield self.assertFailure(d, SynapseError)
-
-    @defer.inlineCallbacks
     def test_set_my_name_noauth(self):
         d = self.handler.set_displayname(
             self.frank, synapse.types.create_requester(self.bob), "Frank Jr."
@@ -161,20 +147,3 @@ class ProfileTestCase(unittest.TestCase):
             (yield self.store.get_profile_avatar_url(self.frank.localpart)),
             "http://my.server/pic.gif",
         )
-
-    @defer.inlineCallbacks
-    def test_set_my_avatar_if_disabled(self):
-        self.hs.config.enable_set_avatar_url = False
-
-        # Set first time avatar is allowed, if avatar is null
-        yield self.store.set_profile_avatar_url(
-            self.frank.localpart, "http://my.server/me.png"
-        )
-
-        d = self.handler.set_avatar_url(
-            self.frank,
-            synapse.types.create_requester(self.frank),
-            "http://my.server/pic.gif",
-        )
-
-        yield self.assertFailure(d, SynapseError)
diff --git a/tests/rest/client/v2_alpha/test_account.py b/tests/rest/client/v2_alpha/test_account.py
index 99cc9163f3..c3facc00eb 100644
--- a/tests/rest/client/v2_alpha/test_account.py
+++ b/tests/rest/client/v2_alpha/test_account.py
@@ -24,7 +24,6 @@ import pkg_resources
 
 import synapse.rest.admin
 from synapse.api.constants import LoginType, Membership
-from synapse.api.errors import Codes
 from synapse.rest.client.v1 import login, room
 from synapse.rest.client.v2_alpha import account, register
 
@@ -326,305 +325,3 @@ class DeactivateTestCase(unittest.HomeserverTestCase):
         )
         self.render(request)
         self.assertEqual(request.code, 200)
-
-
-class ThreepidEmailRestTestCase(unittest.HomeserverTestCase):
-
-    servlets = [
-        account.register_servlets,
-        login.register_servlets,
-        synapse.rest.admin.register_servlets_for_client_rest_resource,
-    ]
-
-    def make_homeserver(self, reactor, clock):
-        config = self.default_config()
-
-        # Email config.
-        self.email_attempts = []
-
-        def sendmail(smtphost, from_addr, to_addrs, msg, **kwargs):
-            self.email_attempts.append(msg)
-            return
-
-        config["email"] = {
-            "enable_notifs": False,
-            "template_dir": os.path.abspath(
-                pkg_resources.resource_filename("synapse", "res/templates")
-            ),
-            "smtp_host": "127.0.0.1",
-            "smtp_port": 20,
-            "require_transport_security": False,
-            "smtp_user": None,
-            "smtp_pass": None,
-            "notif_from": "test@example.com",
-        }
-        config["public_baseurl"] = "https://example.com"
-
-        self.hs = self.setup_test_homeserver(config=config, sendmail=sendmail)
-        return self.hs
-
-    def prepare(self, reactor, clock, hs):
-        self.store = hs.get_datastore()
-
-        self.user_id = self.register_user("kermit", "test")
-        self.user_id_tok = self.login("kermit", "test")
-        self.email = "test@example.com"
-        self.url_3pid = b"account/3pid"
-
-    def test_add_email(self):
-        """Test add mail to profile
-        """
-        client_secret = "foobar"
-        session_id = self._request_token(self.email, client_secret)
-
-        self.assertEquals(len(self.email_attempts), 1)
-        link = self._get_link_from_email()
-
-        self._validate_token(link)
-
-        request, channel = self.make_request(
-            "POST",
-            b"/_matrix/client/unstable/account/3pid/add",
-            {
-                "client_secret": client_secret,
-                "sid": session_id,
-                "auth": {
-                    "type": "m.login.password",
-                    "user": self.user_id,
-                    "password": "test",
-                },
-            },
-            access_token=self.user_id_tok,
-        )
-
-        self.render(request)
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-
-        # Get user
-        request, channel = self.make_request(
-            "GET", self.url_3pid, access_token=self.user_id_tok,
-        )
-        self.render(request)
-
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
-        self.assertEqual(self.email, channel.json_body["threepids"][0]["address"])
-
-    def test_add_email_if_disabled(self):
-        """Test add mail to profile if disabled
-        """
-        self.hs.config.enable_3pid_changes = False
-
-        client_secret = "foobar"
-        session_id = self._request_token(self.email, client_secret)
-
-        self.assertEquals(len(self.email_attempts), 1)
-        link = self._get_link_from_email()
-
-        self._validate_token(link)
-
-        request, channel = self.make_request(
-            "POST",
-            b"/_matrix/client/unstable/account/3pid/add",
-            {
-                "client_secret": client_secret,
-                "sid": session_id,
-                "auth": {
-                    "type": "m.login.password",
-                    "user": self.user_id,
-                    "password": "test",
-                },
-            },
-            access_token=self.user_id_tok,
-        )
-        self.render(request)
-        self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
-
-        # Get user
-        request, channel = self.make_request(
-            "GET", self.url_3pid, access_token=self.user_id_tok,
-        )
-        self.render(request)
-
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertFalse(channel.json_body["threepids"])
-
-    def test_delete_email(self):
-        """Test delete mail from profile
-        """
-        # Add a threepid
-        self.get_success(
-            self.store.user_add_threepid(
-                user_id=self.user_id,
-                medium="email",
-                address=self.email,
-                validated_at=0,
-                added_at=0,
-            )
-        )
-
-        request, channel = self.make_request(
-            "POST",
-            b"account/3pid/delete",
-            {"medium": "email", "address": self.email},
-            access_token=self.user_id_tok,
-        )
-        self.render(request)
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-
-        # Get user
-        request, channel = self.make_request(
-            "GET", self.url_3pid, access_token=self.user_id_tok,
-        )
-        self.render(request)
-
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertFalse(channel.json_body["threepids"])
-
-    def test_delete_email_if_disabled(self):
-        """Test delete mail from profile if disabled
-        """
-        self.hs.config.enable_3pid_changes = False
-
-        # Add a threepid
-        self.get_success(
-            self.store.user_add_threepid(
-                user_id=self.user_id,
-                medium="email",
-                address=self.email,
-                validated_at=0,
-                added_at=0,
-            )
-        )
-
-        request, channel = self.make_request(
-            "POST",
-            b"account/3pid/delete",
-            {"medium": "email", "address": self.email},
-            access_token=self.user_id_tok,
-        )
-        self.render(request)
-
-        self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
-
-        # Get user
-        request, channel = self.make_request(
-            "GET", self.url_3pid, access_token=self.user_id_tok,
-        )
-        self.render(request)
-
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertEqual("email", channel.json_body["threepids"][0]["medium"])
-        self.assertEqual(self.email, channel.json_body["threepids"][0]["address"])
-
-    def test_cant_add_email_without_clicking_link(self):
-        """Test that we do actually need to click the link in the email
-        """
-        client_secret = "foobar"
-        session_id = self._request_token(self.email, client_secret)
-
-        self.assertEquals(len(self.email_attempts), 1)
-
-        # Attempt to add email without clicking the link
-        request, channel = self.make_request(
-            "POST",
-            b"/_matrix/client/unstable/account/3pid/add",
-            {
-                "client_secret": client_secret,
-                "sid": session_id,
-                "auth": {
-                    "type": "m.login.password",
-                    "user": self.user_id,
-                    "password": "test",
-                },
-            },
-            access_token=self.user_id_tok,
-        )
-        self.render(request)
-        self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertEqual(Codes.THREEPID_AUTH_FAILED, channel.json_body["errcode"])
-
-        # Get user
-        request, channel = self.make_request(
-            "GET", self.url_3pid, access_token=self.user_id_tok,
-        )
-        self.render(request)
-
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertFalse(channel.json_body["threepids"])
-
-    def test_no_valid_token(self):
-        """Test that we do actually need to request a token and can't just
-        make a session up.
-        """
-        client_secret = "foobar"
-        session_id = "weasle"
-
-        # Attempt to add email without even requesting an email
-        request, channel = self.make_request(
-            "POST",
-            b"/_matrix/client/unstable/account/3pid/add",
-            {
-                "client_secret": client_secret,
-                "sid": session_id,
-                "auth": {
-                    "type": "m.login.password",
-                    "user": self.user_id,
-                    "password": "test",
-                },
-            },
-            access_token=self.user_id_tok,
-        )
-        self.render(request)
-        self.assertEqual(400, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertEqual(Codes.THREEPID_AUTH_FAILED, channel.json_body["errcode"])
-
-        # Get user
-        request, channel = self.make_request(
-            "GET", self.url_3pid, access_token=self.user_id_tok,
-        )
-        self.render(request)
-
-        self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
-        self.assertFalse(channel.json_body["threepids"])
-
-    def _request_token(self, email, client_secret):
-        request, channel = self.make_request(
-            "POST",
-            b"account/3pid/email/requestToken",
-            {"client_secret": client_secret, "email": email, "send_attempt": 1},
-        )
-        self.render(request)
-        self.assertEquals(200, channel.code, channel.result)
-
-        return channel.json_body["sid"]
-
-    def _validate_token(self, link):
-        # Remove the host
-        path = link.replace("https://example.com", "")
-
-        request, channel = self.make_request("GET", path, shorthand=False)
-        self.render(request)
-        self.assertEquals(200, channel.code, channel.result)
-
-    def _get_link_from_email(self):
-        assert self.email_attempts, "No emails have been sent"
-
-        raw_msg = self.email_attempts[-1].decode("UTF-8")
-        mail = Parser().parsestr(raw_msg)
-
-        text = None
-        for part in mail.walk():
-            if part.get_content_type() == "text/plain":
-                text = part.get_payload(decode=True).decode("UTF-8")
-                break
-
-        if not text:
-            self.fail("Could not find text portion of email to parse")
-
-        match = re.search(r"https://example.com\S+", text)
-        assert match, "Could not find link in email"
-
-        return match.group(0)