Reworked MSC1915. Add request validation.

src/main/java/io/kamax/mxisd/http/undertow/handler/identity/v1/SessionTpidUnbindHandler.java

@@ -21,13 +21,10 @@
 package io.kamax.mxisd.http.undertow.handler.identity.v1;
 
 import com.google.gson.JsonObject;
-import io.kamax.mxisd.exception.BadRequestException;
-import io.kamax.mxisd.exception.NotAllowedException;
 import io.kamax.mxisd.http.IsAPIv1;
 import io.kamax.mxisd.http.undertow.handler.BasicHttpHandler;
 import io.kamax.mxisd.session.SessionManager;
 import io.undertow.server.HttpServerExchange;
-import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -46,20 +43,9 @@ public class SessionTpidUnbindHandler extends BasicHttpHandler {
     @Override
     public void handleRequest(HttpServerExchange exchange) {
         String auth = exchange.getRequestHeaders().getFirst("Authorization");
-        if (StringUtils.isNotEmpty(auth)) {
-            // We have a auth header to process
-            if (StringUtils.startsWith(auth, "X-Matrix ")) {
-                log.warn("A remote host attempted to unbind without proper authorization. Request was denied");
-                log.warn("See https://github.com/kamax-matrix/mxisd/wiki/mxisd-and-your-privacy for more info");
-                throw new NotAllowedException("3PID can only be removed via 3PID sessions, not via Homeserver signature");
-            } else {
-                throw new BadRequestException("Illegal authorization type");
-            }
-        }
 
         JsonObject body = parseJsonObject(exchange);
-        sessionMgr.unbind(body);
+        sessionMgr.unbind(auth, body);
         writeBodyAsUtf8(exchange, "{}");
     }
-
 }