4 years ago · bc5facd098
--- a/README.rst
+++ b/README.rst
@@ -73,11 +73,12 @@ Fetch pubkey key for a server::
 
				 
			
 
				     curl http://localhost:8090/_matrix/identity/api/v1/pubkey/ed25519:0
			
 
				 
			
 
				-Internal bind api
			
 
				+Internal bind and unbind api
			
 
				 -----------------
			
 
				 
			
 
				-It is possible to enable an internal API which allows identifiers to be bound
			
 
				-to matrix IDs without any validation. This is open to abuse, so is disabled by
			
 
				+It is possible to enable an internal API which allows for binding and unbinding
			
 
				+between identifiers and matrix IDs without any validation.
			
 
				+This is open to abuse, so is disabled by
			
 
				 default, and when it is enabled, is available only on a separate socket which
			
 
				 is bound to 'localhost' by default.
			
 
				 
			
@@ -86,12 +87,19 @@ To enable it, configure the port in the config file. For example::
 
				     [http]
			
 
				     internalapi.http.port = 8091
			
 
				 
			
 
				-To use it::
			
 
				+To use bind::
			
 
				 
			
 
				     curl -XPOST 'http://localhost:8091/_matrix/identity/internal/bind' -H "Content-Type: application/json" -d '{"address": "matthew@arasphere.net", "medium": "email", "mxid": "@matthew:matrix.org"}'
			
 
				 
			
 
				-The response has the same format as ``/_matrix/identity/api/v1/3pid/bind``.
			
 
				+The response has the same format as
			
 
				+`/_matrix/identity/api/v1/3pid/bind <https://matrix.org/docs/spec/identity_service/r0.3.0#deprecated-post-matrix-identity-api-v1-3pid-bind>`_.
			
 
				 
			
 
				+To use unbind::
			
 
				+
			
 
				+    curl -XPOST 'http://localhost:8091/_matrix/identity/internal/unbind' -H "Content-Type: application/json" -d '{"address": "matthew@arasphere.net", "medium": "email", "mxid": "@matthew:matrix.org"}'
			
 
				+
			
 
				+The response has the same format as
			
 
				+`/_matrix/identity/api/v1/3pid/unbind <https://matrix.org/docs/spec/identity_service/r0.3.0#deprecated-post-matrix-identity-api-v1-3pid-unbind>`_.
			
 
				 
			
 
				 Replication
			
 
				 ===========
			
--- a/sydent/http/httpserver.py
+++ b/sydent/http/httpserver.py
@@ -26,6 +26,9 @@ import twisted.internet.ssl
 
				 from sydent.http.servlets.authenticated_bind_threepid_servlet import (
			
 
				     AuthenticatedBindThreePidServlet,
			
 
				 )
			
 
				+from sydent.http.servlets.authenticated_unbind_threepid_servlet import (
			
 
				+    AuthenticatedUnbindThreePidServlet,
			
 
				+)
			
 
				 
			
 
				 logger = logging.getLogger(__name__)
			
 
				 
			
@@ -151,6 +154,9 @@ class InternalApiHttpServer(object):
 
				         authenticated_bind = AuthenticatedBindThreePidServlet(self.sydent)
			
 
				         internal.putChild(b'bind', authenticated_bind)
			
 
				 
			
 
				+        authenticated_unbind = AuthenticatedUnbindThreePidServlet(self.sydent)
			
 
				+        internal.putChild(b'unbind', authenticated_unbind)
			
 
				+
			
 
				         factory = Site(root)
			
 
				         factory.displayTracebacks = False
			
 
				         self.sydent.reactor.listenTCP(port, factory, interface=interface)
			
--- a/sydent/http/servlets/authenticated_unbind_threepid_servlet.py
+++ b/sydent/http/servlets/authenticated_unbind_threepid_servlet.py
@@ -0,0 +1,44 @@
 
				+# -*- coding: utf-8 -*-
			
 
				+
			
 
				+# Copyright 2020 Dirk Klimpel
			
 
				+#
			
 
				+# Licensed under the Apache License, Version 2.0 (the "License");
			
 
				+# you may not use this file except in compliance with the License.
			
 
				+# You may obtain a copy of the License at
			
 
				+#
			
 
				+#     http://www.apache.org/licenses/LICENSE-2.0
			
 
				+#
			
 
				+# Unless required by applicable law or agreed to in writing, software
			
 
				+# distributed under the License is distributed on an "AS IS" BASIS,
			
 
				+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			
 
				+# See the License for the specific language governing permissions and
			
 
				+# limitations under the License.
			
 
				+
			
 
				+from twisted.web.resource import Resource
			
 
				+
			
 
				+from sydent.http.servlets import get_args, jsonwrap, send_cors
			
 
				+
			
 
				+
			
 
				+class AuthenticatedUnbindThreePidServlet(Resource):
			
 
				+    """A servlet which allows a caller to unbind any 3pid they want from an mxid
			
 
				+
			
 
				+    It is assumed that authentication happens out of band
			
 
				+    """
			
 
				+    def __init__(self, sydent):
			
 
				+        Resource.__init__(self)
			
 
				+        self.sydent = sydent
			
 
				+
			
 
				+    @jsonwrap
			
 
				+    def render_POST(self, request):
			
 
				+        send_cors(request)
			
 
				+        args = get_args(request, ('medium', 'address', 'mxid'))
			
 
				+
			
 
				+        threepid = {'medium': args['medium'], 'address': args['address']}
			
 
				+        
			
 
				+        return self.sydent.threepidBinder.removeBinding(
			
 
				+            threepid, args['mxid'],
			
 
				+        )
			
 
				+
			
 
				+    def render_OPTIONS(self, request):
			
 
				+        send_cors(request)
			
 
				+        return b''