Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deny bindings to anything other than the mxid you're authed as #202

Merged
merged 3 commits into from Aug 27, 2019

Conversation

@dbkr
Copy link
Member

commented Aug 22, 2019

on v2 which requires auth

Second PR against new set of branches

Baseed on #201

on v2 which requires auth

The syditest email invite template was also too enthustastic and
contained more variables than the real template.
@dbkr dbkr requested a review from matrix-org/synapse-core Aug 22, 2019
Copy link
Member

left a comment

Does this mean that if you use the v1 API you can bypass the check here?

sydent/http/servlets/threepidbindservlet.py Outdated Show resolved Hide resolved
Co-Authored-By: Erik Johnston <erik@matrix.org>
@dbkr

This comment has been minimized.

Copy link
Member Author

commented Aug 27, 2019

Does this mean that if you use the v1 API you can bypass the check here?

Yep, at some point we'll add an option to disable the v1 API (or make it accessible only internally or something) and then disable it on matrix.org.

@dbkr dbkr requested a review from erikjohnston Aug 27, 2019
@dbkr dbkr merged commit f2ef8a7 into master Aug 27, 2019
1 check passed
1 check passed
buildkite/sydent Build #107 passed (26 seconds)
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.