| 31 May 2019 |
 yogsi | oh cr*p | 12:49:33 |
| yogsi | synapseSql:
profile:
enabled: true
role:
query: "SELECT split_part(address,'@',2) FROM user_threepids WHERE user_id = ?" | 12:51:10 |
| yogsi | oh well, do the identing work by yourself :) | 12:52:31 |
 Maximus | good job adapting it to your needs | 12:54:25 |
| yogsi | this way I managed to restrict invites only to users with DOMAIN.com in their email address | 12:54:33 |
| Maximus | by default it's mapped to communities in the synapse identity store | 12:54:40 |
| Maximus | can I take your example to include it into the docs? | 12:55:10 |
| yogsi | sure | 12:55:20 |
| Maximus | ty! | 12:55:29 |
| 1 Jun 2019 |
 nimogit | hello,
I'm trying to to limit registration to a certain using email as 3pid, but it seems that either synapse or mxisd are not respecting the config rules
can mxisd bypass matrix 3pid's rules?
here is the portion related the synapse homeserver.yaml config file
registrations_require_3pid:
- email
allowed_local_3pids:
- medium: email
pattern: '.*@x\.y\.z'
register:
policy:
threepid:
email:
domain:
whitelist:
- '.*@x.y.z'
blacklist:
- '.*@gmail.com'
| 17:22:16 |
| nimogit | and here is the part of mxisd config
register:
policy:
threepid:
email:
domain:
whitelist:
- '.*@x.y.z'
blacklist:
- '.*@gmail.com'
| 17:23:14 |
| nimogit | sorry for the mistake, the only part related to matrix is the following
registrations_require_3pid:
- email
allowed_local_3pids:
- medium: email
pattern: '.*@x\.y\.z'
| 17:23:59 |
| Maximus | Can't advise on synapse in terms of patterns, but the syntax you use for mxisd is wrong. See the docs for the right one | 17:24:01 |
| nimogit | ah! so its the @ before the x.y.z? | 17:26:26 |
| Maximus | the policy is about domains, so what is on the right of/after the @ | 17:26:58 |
| nimogit | i tried that, i also removed the black list, but i'm still able to register for valid email outside of x.y.z
maybe i need to dig into synpase config more | 17:53:30 |
| Maximus | nimogit: After you've made sure you followed the setup steps, including the reverse proxy), and double-checked that they work, please provide the relevant mxisd logs and I can have a look. You can send them in a DM so you don't have to redact/hide emails in them | 17:55:36 |
| nimogit | Download log.txt | 18:10:33 |
| nimogit | i'm actually using the dev version, so this the log from the terminal after running mxisd and trying to register with an email from outside x.y.z
| 18:10:36 |
| Maximus | the reverse proxy config seems incorrect, the endpoint is not redirected to mxisd | 18:11:35 |
| nimogit |
location /_matrix/identity {
proxy_pass http://localhost:8090/_matrix/identity;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
this is the part of mxisd | 18:14:13 |
| Maximus | you're not reading the docs for the feature then, there is a specific section for reverse proxy config | 18:14:53 |
| nimogit | is there anything wrong about? | 18:14:58 |
| nimogit | oh, i'm sorry, i thought i did go through the docs
I will visit them again, but the weird part is that if i stop mxisd, the whole registration/invitation/etc (federation) process is stopped | 18:17:35 |
| Maximus | given that mxisd is the one dealing with a mandatory step in those, yes it's expected for them to fail if mxisd is not running | 18:18:39 |
| nimogit | sorry i missed to mention the other parts in my reverse proxy config
below is the full config file with the synapse part
location /_matrix/identity {
proxy_pass http://localhost:8090/_matrix/identity;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ^/_matrix/client/r0/register/[^/]/?$ {
proxy_pass http://localhost:8090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location ~* ^/_matrix/client/r0/rooms/([^/]+)/invite$ {
proxy_pass http://localhost:8090;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix/client/r0/user_directory {
proxy_pass http://localhost:8090/_matrix/client/r0/user_directory;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
location /_matrix {
proxy_pass http://localhost:8008;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
} | 18:22:13 |
| Maximus |
the reverse proxy config seems incorrect, the endpoint is not redirected to mxisd
still true
| 18:24:03 |
| Maximus | the location line is invalid for register | 18:24:29 |
| nimogit | indeed, that was the problem
thank you so much | 18:31:59 |
| nimogit | i replaced
location ^/_matrix/client/r0/register/[^/]/?$ {
by
location ~* ^/_matrix/client/r0/register/[^/]+/requestToken$ | 18:32:33 |
