From 1ef3627b055ebb738422623c7bb68eca923e27fb Mon Sep 17 00:00:00 2001
From: Brendan Abolivier <babolivier@matrix.org>
Date: Thu, 27 Jun 2019 14:43:27 +0100
Subject: Fix new 3PID bindings being associated with rewritten IS's server
 names instead of the original one

This would make unbind requests fail because Synapse is using the server name it has in DB as destination_is to generate signature, and Sydent uses its own server name there when verifying it, so if a mismatch happens, which is the case if the name gets rewritten for routing purposes, the unbind requests fail on the signature verification.
---
 synapse/handlers/identity.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'synapse')

diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py
index f39803629e..2bf83fb93f 100644
--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -129,14 +129,19 @@ class IdentityHandler(BaseHandler):
             client_secret = creds['clientSecret']
         else:
             raise SynapseError(400, "No client_secret in creds")
+
         # if we have a rewrite rule set for the identity server,
-        # apply it now.
+        # apply it now, but only for sending the request (not
+        # storing in the database).
         if id_server in self.rewrite_identity_server_urls:
-            id_server = self.rewrite_identity_server_urls[id_server]
+            id_server_host = self.rewrite_identity_server_urls[id_server]
+        else:
+            id_server_host = id_server
+
         try:
             data = yield self.http_client.post_urlencoded_get_json(
                 "https://%s%s" % (
-                    id_server, "/_matrix/identity/api/v1/3pid/bind"
+                    id_server_host, "/_matrix/identity/api/v1/3pid/bind"
                 ),
                 {
                     'sid': creds['sid'],
-- 
cgit 1.5.1