Relay M_TOKEN_INCORRECT as per MSC4183

changelog.d/17625.feature

@@ -0,0 +1 @@
+Relay M_TOKEN_INCORRECT from submitToken endpoint as per MSC4183.

synapse/api/errors.py

@@ -63,6 +63,7 @@ class Codes(str, Enum):
     CAPTCHA_INVALID = "M_CAPTCHA_INVALID"
     MISSING_PARAM = "M_MISSING_PARAM"
     INVALID_PARAM = "M_INVALID_PARAM"
+    SESSION_EXPIRED = "M_SESSION_EXPIRED"
     TOO_LARGE = "M_TOO_LARGE"
     EXCLUSIVE = "M_EXCLUSIVE"
     THREEPID_AUTH_FAILED = "M_THREEPID_AUTH_FAILED"
@@ -132,6 +133,9 @@ class Codes(str, Enum):
     # connection.
     UNKNOWN_POS = "M_UNKNOWN_POS"
 
+    # MSC4183: The token supplied to validate a 3pid was not correct
+    TOKEN_INCORRECT = "M_TOKEN_INCORRECT"
+
 
 class CodeMessageException(RuntimeError):
     """An exception with integer code, a message string attributes and optional headers.

synapse/handlers/identity.py

@@ -535,8 +535,20 @@ async def proxy_msisdn_submit_token(
         except RequestTimedOutError:
             raise SynapseError(500, "Timed out contacting identity server")
         except HttpResponseException as e:
-            logger.warning("Error contacting msisdn account_threepid_delegate: %s", e)
-            raise SynapseError(400, "Error contacting the identity server")
+            synapse_error = e.to_synapse_error()
+            if synapse_error.errcode == Codes.TOKEN_INCORRECT:
+                raise SynapseError(
+                    400, "Token incorrect", errcode=Codes.TOKEN_INCORRECT
+                )
+            elif synapse_error.errcode == Codes.SESSION_EXPIRED:
+                raise SynapseError(
+                    400, "Session expired", errcode=Codes.SESSION_EXPIRED
+                )
+            else:
+                logger.warning(
+                    "Error contacting msisdn account_threepid_delegate: %s", e
+                )
+                raise SynapseError(400, "Error contacting the identity server")
 
     async def lookup_3pid(
         self, id_server: str, medium: str, address: str, id_access_token: str