diff --git a/changelog.d/16127.bugfix b/changelog.d/16127.bugfix
new file mode 100644
index 0000000000..0308fdfd45
--- /dev/null
+++ b/changelog.d/16127.bugfix
@@ -0,0 +1 @@
+User consent features cannot be enabled when using experimental MSC3861.
diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py
index ac9449b18f..d4cf9a0555 100644
--- a/synapse/config/experimental.py
+++ b/synapse/config/experimental.py
@@ -173,6 +173,13 @@ class MSC3861:
("enable_registration",),
)
+ # We only need to test the user consent version, as if it must be set if the user_consent section was present in the config
+ if root.consent.user_consent_version is not None:
+ raise ConfigError(
+ "User consent cannot be enabled when OAuth delegation is enabled",
+ ("user_consent",),
+ )
+
if (
root.oidc.oidc_enabled
or root.saml2.saml2_enabled
diff --git a/tests/config/test_oauth_delegation.py b/tests/config/test_oauth_delegation.py
index f57c813a58..35f7b85dc7 100644
--- a/tests/config/test_oauth_delegation.py
+++ b/tests/config/test_oauth_delegation.py
@@ -12,6 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+import os
from unittest.mock import Mock
from synapse.config import ConfigError
@@ -167,6 +168,21 @@ class MSC3861OAuthDelegation(TestCase):
with self.assertRaises(ConfigError):
self.parse_config()
+ def test_user_consent_cannot_be_enabled(self) -> None:
+ tmpdir = self.mktemp()
+ os.mkdir(tmpdir)
+ self.config_dict["user_consent"] = {
+ "require_at_registration": True,
+ "version": "1",
+ "template_dir": tmpdir,
+ "server_notice_content": {
+ "msgtype": "m.text",
+ "body": "foo",
+ },
+ }
+ with self.assertRaises(ConfigError):
+ self.parse_config()
+
def test_password_config_cannot_be_enabled(self) -> None:
self.config_dict["password_config"] = {"enabled": True}
with self.assertRaises(ConfigError):
|
