From 7ff7a415d17128fa50dd05b8b033be3ee811770c Mon Sep 17 00:00:00 2001
From: Richard van der Hoff <richard@matrix.org>
Date: Mon, 11 May 2020 13:08:48 +0100
Subject: [PATCH] Revert emergency registration patches

Revert "Merge commit '4d3ebc' into matrix-org-hotfixes"

This reverts commit 617541c4c6f9dea1ac1ed0a8f1ab848507457e23, reversing
changes made to ae4f6140f134b8a9296b35ff15b37641912c76ec.
---
 synapse/handlers/auth.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index a167498add..7613e5b6ab 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -329,6 +329,18 @@ class AuthHandler(BaseHandler):
                 # isn't arbitrary.
                 clientdict = session.clientdict
 
+            # Ensure that the queried operation does not vary between stages of
+            # the UI authentication session. This is done by generating a stable
+            # comparator based on the URI, method, and body (minus the auth dict)
+            # and storing it during the initial query. Subsequent queries ensure
+            # that this comparator has not changed.
+            comparator = (uri, method, clientdict)
+            if (session.uri, session.method, session.clientdict) != comparator:
+                raise SynapseError(
+                    403,
+                    "Requested operation has changed during the UI authentication session.",
+                )
+
         if not authdict:
             raise InteractiveAuthIncompleteError(
                 self._auth_dict_for_flows(flows, session.session_id)