diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers index 2ac8cc29..b0293802 100755 --- a/group_vars/matrix_servers +++ b/group_vars/matrix_servers @@ -2237,9 +2237,7 @@ matrix_synapse_enabled: "{{ matrix_homeserver_implementation == 'synapse' }}" matrix_synapse_container_image_self_build: "{{ matrix_architecture not in ['arm64', 'amd64'] }}" -# When ma1sd is enabled, we can use it to validate email addresses and phone numbers. -# Synapse can validate email addresses by itself as well, but it's probably not what we want by default when we have an identity server. -matrix_synapse_account_threepid_delegates_email: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" +# When ma1sd is enabled, we can use it to validate phone numbers. It's something that the homeserver cannot do by itself. matrix_synapse_account_threepid_delegates_msisdn: "{{ 'http://matrix-ma1sd:' + matrix_ma1sd_container_port | string if matrix_ma1sd_enabled else '' }}" # Normally, matrix-nginx-proxy is enabled and nginx can reach Synapse over the container network. diff --git a/roles/matrix-synapse/defaults/main.yml b/roles/matrix-synapse/defaults/main.yml index 6d204b17..1ba7b269 100644 --- a/roles/matrix-synapse/defaults/main.yml +++ b/roles/matrix-synapse/defaults/main.yml @@ -257,10 +257,6 @@ matrix_synapse_registrations_require_3pid: [] # pattern: '\+44' matrix_synapse_allowed_local_3pids: [] -# The server to use for email threepid validation. When empty, Synapse does it by itself. -# Otherwise, this should be pointed to an identity server. -matrix_synapse_account_threepid_delegates_email: '' - # The server to use for phone number threepid validation. When empty, validation cannot happen, as Synapse doesn't support it. # To make it work, this should be pointed to an identity server. matrix_synapse_account_threepid_delegates_msisdn: '' diff --git a/roles/matrix-synapse/tasks/validate_config.yml b/roles/matrix-synapse/tasks/validate_config.yml index ba60abf8..d32fce97 100644 --- a/roles/matrix-synapse/tasks/validate_config.yml +++ b/roles/matrix-synapse/tasks/validate_config.yml @@ -61,6 +61,7 @@ - {'old': 'matrix_synapse_use_presence', 'new': 'matrix_synapse_presence_enabled'} - {'old': 'matrix_synapse_version_arm64', 'new': ''} - {'old': 'matrix_synapse_enable_group_creation', 'new': ''} + - {'old': 'matrix_synapse_account_threepid_delegates_email', 'new': ''} - name: (Deprecation) Catch and report renamed settings in matrix_synapse_configuration_extension_yaml ansible.builtin.fail: diff --git a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 index 07c5ec89..04c4b3cf 100644 --- a/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 +++ b/roles/matrix-synapse/templates/synapse/homeserver.yaml.j2 @@ -1419,14 +1419,10 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # #default_identity_server: https://matrix.org -# Handle threepid (email/phone etc) registration and password resets through a set of +# Handle threepid (phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to # reset passwords for accounts! # -# Be aware that if `email` is not set, and SMTP options have not been -# configured in the email config block, registration and user password resets via -# email will be globally disabled. -# # Additionally, if `msisdn` is not set, registration and password resets via msisdn # will be disabled regardless, and users will not be able to associate an msisdn # identifier to their account. This is due to Synapse currently not supporting @@ -1441,7 +1437,6 @@ allow_guest_access: {{ matrix_synapse_allow_guest_access|to_json }} # https://matrix.org/docs/spec/identity_service/latest # account_threepid_delegates: - email: {{ matrix_synapse_account_threepid_delegates_email|to_json }} msisdn: {{ matrix_synapse_account_threepid_delegates_msisdn|to_json }} # Whether users are allowed to change their displayname after it has