From b4325aab3ab4d1d303588e6fd6f8008b58b5369e Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 12 Nov 2021 16:17:30 -0800 Subject: [PATCH 1/7] remove code legacy code related to depreciated config flag "trust_identity_server_for_password_resets" from synapse/config/emailconfig.py --- synapse/config/emailconfig.py | 33 +++++++-------------------------- 1 file changed, 7 insertions(+), 26 deletions(-) diff --git a/synapse/config/emailconfig.py b/synapse/config/emailconfig.py index afd65fecd30f..5e787c3aefd0 100644 --- a/synapse/config/emailconfig.py +++ b/synapse/config/emailconfig.py @@ -137,33 +137,14 @@ def read_config(self, config, **kwargs): if self.root.registration.account_threepid_delegate_email else ThreepidBehaviour.LOCAL ) - # Prior to Synapse v1.4.0, there was another option that defined whether Synapse would - # use an identity server to password reset tokens on its behalf. We now warn the user - # if they have this set and tell them to use the updated option, while using a default - # identity server in the process. - self.using_identity_server_from_trusted_list = False - if ( - not self.root.registration.account_threepid_delegate_email - and config.get("trust_identity_server_for_password_resets", False) is True - ): - # Use the first entry in self.trusted_third_party_id_servers instead - if self.trusted_third_party_id_servers: - # XXX: It's a little confusing that account_threepid_delegate_email is modified - # both in RegistrationConfig and here. We should factor this bit out - first_trusted_identity_server = self.trusted_third_party_id_servers[0] - - # trusted_third_party_id_servers does not contain a scheme whereas - # account_threepid_delegate_email is expected to. Presume https - self.root.registration.account_threepid_delegate_email = ( - "https://" + first_trusted_identity_server - ) - self.using_identity_server_from_trusted_list = True - else: - raise ConfigError( - "Attempted to use an identity server from" - '"trusted_third_party_id_servers" but it is empty.' - ) + if "trust_identity_server_for_password_resets" in config: + raise ConfigError( + 'The config option "trust_identity_server_for_password_resets" ' + 'has been replaced by "account_threepid_delegate". ' + "Please consult the sample config at docs/sample_config.yaml for " + "details and update your config file." + ) self.local_threepid_handling_disabled_due_to_email_config = False if ( From 7857295d7cfcb2668fce86c20d9af3fdc003d088 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 12 Nov 2021 16:21:38 -0800 Subject: [PATCH 2/7] remove legacy code supporting depreciated config flag "trust_identity_server_for_password_resets" from synapse/config/registration.py --- synapse/config/registration.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/synapse/config/registration.py b/synapse/config/registration.py index 5379e80715b3..66382a479e79 100644 --- a/synapse/config/registration.py +++ b/synapse/config/registration.py @@ -39,9 +39,7 @@ def read_config(self, config, **kwargs): self.registration_shared_secret = config.get("registration_shared_secret") self.bcrypt_rounds = config.get("bcrypt_rounds", 12) - self.trusted_third_party_id_servers = config.get( - "trusted_third_party_id_servers", ["matrix.org", "vector.im"] - ) + account_threepid_delegates = config.get("account_threepid_delegates") or {} self.account_threepid_delegate_email = account_threepid_delegates.get("email") self.account_threepid_delegate_msisdn = account_threepid_delegates.get("msisdn") From d82615c177b67283caabd64184f11a5ba294e803 Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 12 Nov 2021 16:24:05 -0800 Subject: [PATCH 3/7] remove legacy code supporting depreciated config flag "trust_identity_server_for_password_resets" from synapse/handlers/identity.py --- synapse/handlers/identity.py | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/synapse/handlers/identity.py b/synapse/handlers/identity.py index 3dbe611f9563..c83eaea359e7 100644 --- a/synapse/handlers/identity.py +++ b/synapse/handlers/identity.py @@ -464,15 +464,6 @@ async def requestEmailToken( if next_link: params["next_link"] = next_link - if self.hs.config.email.using_identity_server_from_trusted_list: - # Warn that a deprecated config option is in use - logger.warning( - 'The config option "trust_identity_server_for_password_resets" ' - 'has been replaced by "account_threepid_delegate". ' - "Please consult the sample config at docs/sample_config.yaml for " - "details and update your config file." - ) - try: data = await self.http_client.post_json_get_json( id_server + "/_matrix/identity/api/v1/validate/email/requestToken", @@ -517,15 +508,6 @@ async def requestMsisdnToken( if next_link: params["next_link"] = next_link - if self.hs.config.email.using_identity_server_from_trusted_list: - # Warn that a deprecated config option is in use - logger.warning( - 'The config option "trust_identity_server_for_password_resets" ' - 'has been replaced by "account_threepid_delegate". ' - "Please consult the sample config at docs/sample_config.yaml for " - "details and update your config file." - ) - try: data = await self.http_client.post_json_get_json( id_server + "/_matrix/identity/api/v1/validate/msisdn/requestToken", From 4bc12e0b42ae0588a6dd595f03d67d26bb12ac3d Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 12 Nov 2021 16:25:34 -0800 Subject: [PATCH 4/7] add tests to ensure config error is thrown and synapse refuses to start when depreciated config flag is found --- tests/config/test_load.py | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/config/test_load.py b/tests/config/test_load.py index 765258c47ad7..10a7f145d2ed 100644 --- a/tests/config/test_load.py +++ b/tests/config/test_load.py @@ -94,3 +94,16 @@ def test_stats_enabled(self): # The default Metrics Flags are off by default. config = HomeServerConfig.load_config("", ["-c", self.config_file]) self.assertFalse(config.metrics.metrics_flags.known_servers) + + def test_depreciated_identity_server_flag_throws_error(self): + self.generate_config() + # Needed to ensure that actual key/value pair added below don't end up on a line with a comment + self.add_lines_to_config([" "]) + # Check that presence of "trust_identity_server_for_password" throws config error whether + # true or false + self.add_lines_to_config(["trust_identity_server_for_password_resets: true"]) + with self.assertRaises(ConfigError): + HomeServerConfig.load_config("", ["-c", self.config_file]) + self.add_lines_to_config(["trust_identity_server_for_password_resets: false"]) + with self.assertRaises(ConfigError): + HomeServerConfig.load_config("", ["-c", self.config_file]) From a99e4d37ae61c0019798af9497bd4dd4f5fce20b Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Fri, 12 Nov 2021 16:39:24 -0800 Subject: [PATCH 5/7] add changelog --- changelog.d/11333.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/11333.misc diff --git a/changelog.d/11333.misc b/changelog.d/11333.misc new file mode 100644 index 000000000000..728adde7346b --- /dev/null +++ b/changelog.d/11333.misc @@ -0,0 +1 @@ +Remove legacy code related to depreciated "trust_identity_server_for_password_resets" config flag. \ No newline at end of file From 1f07bdd5f350ad9702c1c6178d09a1b77ccb89ea Mon Sep 17 00:00:00 2001 From: "H. Shay" Date: Mon, 15 Nov 2021 10:40:57 -0800 Subject: [PATCH 6/7] slightly change behavior to only check for deprecated flag if set to 'true' --- synapse/config/emailconfig.py | 2 +- tests/config/test_load.py | 6 +----- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/synapse/config/emailconfig.py b/synapse/config/emailconfig.py index 5e787c3aefd0..510b647c6343 100644 --- a/synapse/config/emailconfig.py +++ b/synapse/config/emailconfig.py @@ -138,7 +138,7 @@ def read_config(self, config, **kwargs): else ThreepidBehaviour.LOCAL ) - if "trust_identity_server_for_password_resets" in config: + if config.get("trust_identity_server_for_password_resets"): raise ConfigError( 'The config option "trust_identity_server_for_password_resets" ' 'has been replaced by "account_threepid_delegate". ' diff --git a/tests/config/test_load.py b/tests/config/test_load.py index 10a7f145d2ed..d8668d56b2fd 100644 --- a/tests/config/test_load.py +++ b/tests/config/test_load.py @@ -99,11 +99,7 @@ def test_depreciated_identity_server_flag_throws_error(self): self.generate_config() # Needed to ensure that actual key/value pair added below don't end up on a line with a comment self.add_lines_to_config([" "]) - # Check that presence of "trust_identity_server_for_password" throws config error whether - # true or false + # Check that presence of "trust_identity_server_for_password" throws config error self.add_lines_to_config(["trust_identity_server_for_password_resets: true"]) with self.assertRaises(ConfigError): HomeServerConfig.load_config("", ["-c", self.config_file]) - self.add_lines_to_config(["trust_identity_server_for_password_resets: false"]) - with self.assertRaises(ConfigError): - HomeServerConfig.load_config("", ["-c", self.config_file]) From fb5c0601998b62a1bd81b48e7b84e356a4434765 Mon Sep 17 00:00:00 2001 From: Shay Date: Thu, 18 Nov 2021 10:10:50 -0800 Subject: [PATCH 7/7] Update changelog.d/11333.misc Co-authored-by: reivilibre --- changelog.d/11333.misc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.d/11333.misc b/changelog.d/11333.misc index 728adde7346b..6c1fd560adb3 100644 --- a/changelog.d/11333.misc +++ b/changelog.d/11333.misc @@ -1 +1 @@ -Remove legacy code related to depreciated "trust_identity_server_for_password_resets" config flag. \ No newline at end of file +Remove deprecated `trust_identity_server_for_password_resets` configuration flag. \ No newline at end of file