Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
a112a5e57c |
@@ -218,8 +218,15 @@ public class SessionManager {
|
|||||||
throw new BadRequestException("Missing required 3PID");
|
throw new BadRequestException("Missing required 3PID");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We only allow unbind for the domain we manage, mirroring bind
|
||||||
|
final CharSequence domain = cfg.getMatrix().getDomain();
|
||||||
|
if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) {
|
||||||
|
throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be unbound");
|
||||||
|
}
|
||||||
|
|
||||||
|
log.info("Request was authorized.");
|
||||||
if (StringUtils.isNotBlank(sid) && StringUtils.isNotBlank(secret)) {
|
if (StringUtils.isNotBlank(sid) && StringUtils.isNotBlank(secret)) {
|
||||||
checkSession(sid, secret, tpid, mxid);
|
checkSession(sid, secret, tpid);
|
||||||
} else if (StringUtils.isNotBlank(auth)) {
|
} else if (StringUtils.isNotBlank(auth)) {
|
||||||
checkAuthorization(auth, reqData);
|
checkAuthorization(auth, reqData);
|
||||||
} else {
|
} else {
|
||||||
@@ -269,6 +276,10 @@ public class SessionManager {
|
|||||||
throw new BadRequestException("Missing required header parameters");
|
throw new BadRequestException("Missing required header parameters");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!cfg.getMatrix().getDomain().equalsIgnoreCase(origin)) {
|
||||||
|
throw new NotAllowedException("Only Matrix IDs from domain " + origin + " can be unbound");
|
||||||
|
}
|
||||||
|
|
||||||
JsonObject jsonObject = new JsonObject();
|
JsonObject jsonObject = new JsonObject();
|
||||||
jsonObject.addProperty("method", "POST");
|
jsonObject.addProperty("method", "POST");
|
||||||
jsonObject.addProperty("uri", "/_matrix/identity/api/v1/3pid/unbind");
|
jsonObject.addProperty("uri", "/_matrix/identity/api/v1/3pid/unbind");
|
||||||
@@ -340,7 +351,7 @@ public class SessionManager {
|
|||||||
log.info("Request was authorized.");
|
log.info("Request was authorized.");
|
||||||
}
|
}
|
||||||
|
|
||||||
private void checkSession(String sid, String secret, ThreePid tpid, _MatrixID mxid) {
|
private void checkSession(String sid, String secret, ThreePid tpid) {
|
||||||
// We ensure the session was validated
|
// We ensure the session was validated
|
||||||
ThreePidSession session = getSessionIfValidated(sid, secret);
|
ThreePidSession session = getSessionIfValidated(sid, secret);
|
||||||
|
|
||||||
@@ -348,13 +359,5 @@ public class SessionManager {
|
|||||||
if (!session.getThreePid().equals(tpid)) {
|
if (!session.getThreePid().equals(tpid)) {
|
||||||
throw new BadRequestException("3PID to unbind does not match the one from the validated session");
|
throw new BadRequestException("3PID to unbind does not match the one from the validated session");
|
||||||
}
|
}
|
||||||
|
|
||||||
// We only allow unbind for the domain we manage, mirroring bind
|
|
||||||
final CharSequence domain = cfg.getMatrix().getDomain();
|
|
||||||
if (!StringUtils.equalsIgnoreCase(domain, mxid.getDomain())) {
|
|
||||||
throw new NotAllowedException("Only Matrix IDs from domain " + domain + " can be unbound");
|
|
||||||
}
|
|
||||||
|
|
||||||
log.info("Request was authorized.");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user