From fa71bb18b527d1a3e2629b48640ea67fff2f8c59 Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com>
Date: Tue, 12 Jul 2022 19:18:53 +0100
Subject: Drop support for delegating email validation (#13192)

* Drop support for delegating email validation

Delegating email validation to an IS is insecure (since it allows the owner of
the IS to do a password reset on your HS), and has long been deprecated. It
will now cause a config error at startup.

* Update unit test which checks for email verification

Give it an `email` config instead of a threepid delegate

* Remove unused method `requestEmailToken`

* Simplify config handling for email verification

Rather than an enum and a boolean, all we need here is a single bool, which
says whether we are or are not doing email verification.

* update docs

* changelog

* upgrade.md: fix typo

* update version number

this will be in 1.64, not 1.63

* update version number

this one too
---
 changelog.d/13192.removal | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/13192.removal

(limited to 'changelog.d/13192.removal')

diff --git a/changelog.d/13192.removal b/changelog.d/13192.removal
new file mode 100644
index 0000000000..a7dffd1c48
--- /dev/null
+++ b/changelog.d/13192.removal
@@ -0,0 +1 @@
+Drop support for delegating email verification to an external server.
-- 
cgit 1.5.1