From 3bc0a1924b230e0a3fe28fcba2830aa46f3f1156 Mon Sep 17 00:00:00 2001
From: James Blachly <james.blachly@gmail.com>
Date: Tue, 25 Oct 2022 20:47:41 +0000
Subject: [PATCH] Return 403 to 3pid token routes to signal not implemented

---
 src/api/client_server/account.rs | 33 ++++++++++++++++++++++++++++++--
 src/main.rs                      |  2 ++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/api/client_server/account.rs b/src/api/client_server/account.rs
index ce4dadda..c9e3c9b9 100644
--- a/src/api/client_server/account.rs
+++ b/src/api/client_server/account.rs
@@ -3,7 +3,8 @@ use crate::{api::client_server, services, utils, Error, Result, Ruma};
 use ruma::{
     api::client::{
         account::{
-            change_password, deactivate, get_3pids, get_username_availability, register, whoami,
+            change_password, deactivate, get_3pids, get_username_availability, register,
+            request_3pid_management_token_via_email, request_3pid_management_token_via_msisdn, whoami,
             ThirdPartyIdRemovalStatus,
         },
         error::ErrorKind,
@@ -406,7 +407,7 @@ pub async fn deactivate_route(
     })
 }
 
-/// # `GET _matrix/client/r0/account/3pid`
+/// # `GET _matrix/client/v3/account/3pid`
 ///
 /// Get a list of third party identifiers associated with this account.
 ///
@@ -418,3 +419,31 @@ pub async fn third_party_route(
 
     Ok(get_3pids::v3::Response::new(Vec::new()))
 }
+
+/// # `POST /_matrix/client/v3/account/3pid/email/requestToken`
+///
+/// "This API should be used to request validation tokens when adding an email address to an account"
+///
+/// - 403 signals that The homeserver does not allow the third party identifier as a contact option.
+pub async fn request_3pid_management_token_via_email_route(
+    _body: Ruma<request_3pid_management_token_via_email::v3::IncomingRequest>,
+) -> Result<request_3pid_management_token_via_email::v3::Response> {
+    Err(Error::BadRequest(
+        ErrorKind::ThreepidDenied,
+        "Third party identifier is not allowed",
+    ))
+}
+
+/// # `POST /_matrix/client/v3/account/3pid/msisdn/requestToken`
+///
+/// "This API should be used to request validation tokens when adding an phone number to an account"
+///
+/// - 403 signals that The homeserver does not allow the third party identifier as a contact option.
+pub async fn request_3pid_management_token_via_msisdn_route(
+    _body: Ruma<request_3pid_management_token_via_msisdn::v3::IncomingRequest>,
+) -> Result<request_3pid_management_token_via_msisdn::v3::Response> {
+    Err(Error::BadRequest(
+        ErrorKind::ThreepidDenied,
+        "Third party identifier is not allowed",
+    ))
+}
diff --git a/src/main.rs b/src/main.rs
index 626de3ae..38fdfdd1 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -217,6 +217,8 @@ fn routes() -> Router {
         .ruma_route(client_server::change_password_route)
         .ruma_route(client_server::deactivate_route)
         .ruma_route(client_server::third_party_route)
+        .ruma_route(client_server::request_3pid_management_token_via_email_route)
+        .ruma_route(client_server::request_3pid_management_token_via_msisdn_route)
         .ruma_route(client_server::get_capabilities_route)
         .ruma_route(client_server::get_pushrules_all_route)
         .ruma_route(client_server::set_pushrule_route)