Add config option for setting the trusted id servers, disabling checking the...

Add config option for setting the trusted id servers, disabling checking the ID server in integration tests

Add config option for setting the trusted id servers, disabling checking the...
0fcafbec · Mark Haines · 5687a00e · 0fcafbec · 0fcafbec
Commit 0fcafbec authored 9 years ago by Mark Haines
--- a/synapse/config/registration.py
+++ b/synapse/config/registration.py
@@ -34,6 +34,7 @@ class RegistrationConfig(Config):
        self.registration_shared_secret = config.get("registration_shared_secret")
        self.macaroon_secret_key = config.get("macaroon_secret_key")
        self.bcrypt_rounds = config.get("bcrypt_rounds", 12)
+        self.trusted_third_party_id_servers = config["trusted_third_party_id_servers"]
        self.allow_guest_access = config.get("allow_guest_access", False)

    def default_config(self, **kwargs):
@@ -60,6 +61,12 @@ class RegistrationConfig(Config):
        # participate in rooms hosted on this server which have been made
        # accessible to anonymous users.
        allow_guest_access: False
+
+        # The list of identity servers trusted to verify third party
+        # identifiers by this server.
+        trusted_third_party_id_servers:
+            - matrix.org
+            - vector.im
        """ % locals()

    def add_arguments(self, parser):

--- a/synapse/handlers/identity.py
+++ b/synapse/handlers/identity.py
@@ -36,14 +36,15 @@ class IdentityHandler(BaseHandler):

        self.http_client = hs.get_simple_http_client()

+        self.trusted_id_servers = set(hs.config.trusted_third_party_id_servers)
+        self.trust_any_id_server_just_for_testing_do_not_use = (
+            hs.config.use_insecure_ssl_client_just_for_testing_do_not_use
+        )
+
    @defer.inlineCallbacks
    def threepid_from_creds(self, creds):
        yield run_on_reactor()

-        # XXX: make this configurable!
-        # trustedIdServers = ['matrix.org', 'localhost:8090']
-        trustedIdServers = ['matrix.org', 'vector.im']
-
        if 'id_server' in creds:
            id_server = creds['id_server']
        elif 'idServer' in creds:
@@ -58,10 +59,18 @@ class IdentityHandler(BaseHandler):
        else:
            raise SynapseError(400, "No client_secret in creds")

-        if id_server not in trustedIdServers:
-            logger.warn('%s is not a trusted ID server: rejecting 3pid ' +
-                        'credentials', id_server)
-            defer.returnValue(None)
+        if id_server not in self.trusted_id_servers:
+            if self.trust_any_id_server_just_for_testing_do_not_use:
+                logger.warn(
+                    "Trusting untrustworthy ID server %r even though it isn't"
+                    " in the trusted id list for testing because"
+                    " 'use_insecure_ssl_client_just_for_testing_do_not_use'"
+                    " is set in the config"
+                )
+            else:
+                logger.warn('%s is not a trusted ID server: rejecting 3pid ' +
+                            'credentials', id_server)
+                defer.returnValue(None)

        data = {}
        try: