From 845f5f007b3ab8d3479e1ecd1d9ff9e07f5474fe Mon Sep 17 00:00:00 2001 From: Slavi Pantaleev Date: Fri, 3 Apr 2020 10:08:37 +0300 Subject: [PATCH] Make Synapse use ma1sd (if enabled) for threepid registration --- group_vars/matrix_servers | 5 +++++ roles/matrix-synapse/defaults/main.yml | 8 ++++++++ roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 | 4 ++-- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 9efd15391..e9dbffb5a 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -655,6 +655,11 @@ matrix_synapse_container_image_self_build: "{{ matrix_container_images_self_buil # When ma1sd is enabled, we can use it instead of the default public Identity servers. matrix_synapse_trusted_third_party_id_servers: "{{ [matrix_server_fqn_matrix] if matrix_ma1sd_enabled else matrix_synapse_id_servers_public }}" +# When ma1sd is enabled, we can use it to validate email addresses and phone numbers. +# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. +matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" +matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:8090' if matrix_ma1sd_enabled else '' }}" + # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. # If matrix-nginx-proxy is not enabled, or you otherwise have a need for it, # you can expose Synapse's ports to the host. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index f896f2324..38cd23216 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -164,6 +164,14 @@ matrix_synapse_enable_group_creation: false # A list of 3PID types which users must supply when registering (possible values: email, msisdn). matrix_synapse_registrations_require_3pid: [] +# The server to use for email threepid validation. When empty, Synapse does it by itself. +# Otherwise, this should be pointed to an identity server. +matrix_synapse_account_threepid_delegates_email: '' + +# The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it. +# To make it work, this should be pointed to an identity server. +matrix_synapse_account_threepid_delegates_msisdn: '' + # Users who register on this homeserver will automatically be joined to these rooms. # Rooms are to be specified using addresses (e.g. `#address:example.com`) matrix_synapse_auto_join_rooms: [] diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index b3adcac9d..310421e9b 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1060,8 +1060,8 @@ trusted_third_party_id_servers: # If a delegate is specified, the config option public_baseurl must also be filled out. # account_threepid_delegates: - #email: https://example.com # Delegate email sending to example.com - #msisdn: http://localhost:8090 # Delegate SMS sending to this local process + email: {{ matrix_synapse_account_threepid_delegates_email|to_json }} + msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }} # Users who register on this homeserver will automatically be joined # to these rooms