Implement MSC2290

synapse/handlers/identity.py

@@ -79,8 +79,16 @@ def threepid_from_creds(self, id_server, creds):
 
         url = id_server + "/_matrix/identity/api/v1/3pid/getValidated3pid"
 
-        data = yield self.http_client.get_json(url, query_params)
-        return data if "medium" in data else None
+        try:
+            data = yield self.http_client.get_json(url, query_params)
+            return data if "medium" in data else None
+        except HttpResponseException:
+            logger.debug(
+                "%s reported non-validated threepid: %s",
+                self.hs.config.account_threepid_delegate_email,
+                creds,
+            )
+            return None
 
     @defer.inlineCallbacks
     def bind_threepid(
@@ -437,6 +445,10 @@ def validate_threepid_session(self, client_secret, sid):
         # XXX: We shouldn't need to keep wrapping and unwrapping this value
         threepid_creds = {"client_secret": client_secret, "sid": sid}
 
+        # We don't actually know which medium this 3PID is. Thus we first assume it's email,
+        # and if validation fails we try msisdn
+        validation_session = None
+
         # Try to validate as email
         if self.hs.config.threepid_behaviour_email == ThreepidBehaviour.REMOTE:
             # Ask our delegated email identity server
@@ -449,7 +461,12 @@ def validate_threepid_session(self, client_secret, sid):
                 "email", client_secret, sid=sid, validated=True
             )
 
-        if validation_session:
+        # Old versions of Sydent return a 200 http code even on a failed validation check.
+        # Thus, in addition to the HttpResponseException check above (which checks for
+        # non-200 errors), we need to make sure validation_session isn't actually an error,
+        # identified by containing an "error" key
+        # See https://github.com/matrix-org/sydent/issues/215 for details
+        if validation_session and "error" not in validation_session:
             return validation_session
 
         # Try to validate as msisdn
@@ -459,7 +476,12 @@ def validate_threepid_session(self, client_secret, sid):
                 self.hs.config.account_threepid_delegate_msisdn, threepid_creds
             )
 
-        return validation_session
+            # Check that validation_session isn't actually an error due to old Sydent instances
+            # See explanatory comment above
+            if validation_session and "error" not in validation_session:
+                return validation_session
+
+        return None
 
 
 def create_id_access_token_header(id_access_token):

synapse/storage/registration.py

@@ -587,6 +587,18 @@ def add_user_bound_threepid(self, user_id, medium, address, id_server):
         )
 
     def user_get_bound_threepids(self, user_id):
+        """Get the threepids that a user has bound to an identity server through the homeserver
+        The homeserver remembers where binds to an identity server occurred. Using this
+        method can retrieve those threepids.
+
+        Args:
+            user_id (str): The ID of the user to retrieve threepids for
+
+        Returns:
+            list[dict(str, str)]: List of dictionaries containing the following:
+                medium (str): The medium of the threepid (e.g "email")
+                address (str): The address of the threepid (e.g "[email protected]")
+        """
         return self._simple_select_list(
             table="user_threepid_id_server",
             keyvalues={"user_id": user_id},