Skip to content
This repository was archived by the owner on Apr 26, 2024. It is now read-only.
This repository was archived by the owner on Apr 26, 2024. It is now read-only.

_check_threepid in auth.py incorrect for MSISDN #6103

Closed
Closed
_check_threepid in auth.py incorrect for MSISDN#6103
Labels
z-privacy-sprint(Deprecated Label)
@jryans

Description

@jryans
jryans
opened on Sep 24, 2019

Looking at this snippet:

synapse/synapse/handlers/auth.py

Lines 446 to 463 in f99a9c9

if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
if medium == "email":
threepid = yield identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_email, threepid_creds
)
elif medium == "msisdn":
threepid = yield identity_handler.threepid_from_creds(
self.hs.config.account_threepid_delegate_msisdn, threepid_creds
)
else:
raise SynapseError(400, "Unrecognized threepid medium: %s" % (medium,))
elif self.hs.config.threepid_behaviour_email == ThreepidBehaviour.LOCAL:
row = yield self.store.get_threepid_validation_session(
medium,
threepid_creds["client_secret"],
sid=threepid_creds["sid"],
validated=True,
)

...the MSISDN handling should not depend on the threepid_behaviour_email setting. Instead, we should use the MSISDN delegate if it exists or else fail.

Riot Web hits this block when trying to provide a MSISDN during registration.

Metadata

Metadata

Assignees

No one assigned

    Labels

    z-privacy-sprint(Deprecated Label)

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions