Merge pull request #2495 from matrix-org/dbkr/spam_check_room_creation
Add room creation checks to spam checker
This commit is contained in:
commit
93b0cf7a99
|
@ -61,3 +61,53 @@ class SpamChecker(object):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
return self.spam_checker.user_may_invite(userid, room_id)
|
return self.spam_checker.user_may_invite(userid, room_id)
|
||||||
|
|
||||||
|
def user_may_create_room(self, userid):
|
||||||
|
"""Checks if a given user may create a room
|
||||||
|
|
||||||
|
If this method returns false, the creation request will be rejected.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
userid (string): The sender's user ID
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
bool: True if the user may create a room, otherwise False
|
||||||
|
"""
|
||||||
|
if self.spam_checker is None:
|
||||||
|
return True
|
||||||
|
|
||||||
|
return self.spam_checker.user_may_create_room(userid)
|
||||||
|
|
||||||
|
def user_may_create_room_alias(self, userid, room_alias):
|
||||||
|
"""Checks if a given user may create a room alias
|
||||||
|
|
||||||
|
If this method returns false, the association request will be rejected.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
userid (string): The sender's user ID
|
||||||
|
room_alias (string): The alias to be created
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
bool: True if the user may create a room alias, otherwise False
|
||||||
|
"""
|
||||||
|
if self.spam_checker is None:
|
||||||
|
return True
|
||||||
|
|
||||||
|
return self.spam_checker.user_may_create_room_alias(userid, room_alias)
|
||||||
|
|
||||||
|
def user_may_publish_room(self, userid, room_id):
|
||||||
|
"""Checks if a given user may publish a room to the directory
|
||||||
|
|
||||||
|
If this method returns false, the publish request will be rejected.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
userid (string): The sender's user ID
|
||||||
|
room_id (string): The ID of the room that would be published
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
bool: True if the user may publish the room, otherwise False
|
||||||
|
"""
|
||||||
|
if self.spam_checker is None:
|
||||||
|
return True
|
||||||
|
|
||||||
|
return self.spam_checker.user_may_publish_room(userid, room_id)
|
||||||
|
|
|
@ -40,6 +40,8 @@ class DirectoryHandler(BaseHandler):
|
||||||
"directory", self.on_directory_query
|
"directory", self.on_directory_query
|
||||||
)
|
)
|
||||||
|
|
||||||
|
self.spam_checker = hs.get_spam_checker()
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def _create_association(self, room_alias, room_id, servers=None, creator=None):
|
def _create_association(self, room_alias, room_id, servers=None, creator=None):
|
||||||
# general association creation for both human users and app services
|
# general association creation for both human users and app services
|
||||||
|
@ -73,6 +75,11 @@ class DirectoryHandler(BaseHandler):
|
||||||
# association creation for human users
|
# association creation for human users
|
||||||
# TODO(erikj): Do user auth.
|
# TODO(erikj): Do user auth.
|
||||||
|
|
||||||
|
if not self.spam_checker.user_may_create_room_alias(user_id, room_alias):
|
||||||
|
raise SynapseError(
|
||||||
|
403, "This user is not permitted to create this alias",
|
||||||
|
)
|
||||||
|
|
||||||
can_create = yield self.can_modify_alias(
|
can_create = yield self.can_modify_alias(
|
||||||
room_alias,
|
room_alias,
|
||||||
user_id=user_id
|
user_id=user_id
|
||||||
|
@ -327,6 +334,14 @@ class DirectoryHandler(BaseHandler):
|
||||||
room_id (str)
|
room_id (str)
|
||||||
visibility (str): "public" or "private"
|
visibility (str): "public" or "private"
|
||||||
"""
|
"""
|
||||||
|
if not self.spam_checker.user_may_publish_room(
|
||||||
|
requester.user.to_string(), room_id
|
||||||
|
):
|
||||||
|
raise AuthError(
|
||||||
|
403,
|
||||||
|
"This user is not permitted to publish rooms to the room list"
|
||||||
|
)
|
||||||
|
|
||||||
if requester.is_guest:
|
if requester.is_guest:
|
||||||
raise AuthError(403, "Guests cannot edit the published room list")
|
raise AuthError(403, "Guests cannot edit the published room list")
|
||||||
|
|
||||||
|
|
|
@ -60,6 +60,11 @@ class RoomCreationHandler(BaseHandler):
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
def __init__(self, hs):
|
||||||
|
super(RoomCreationHandler, self).__init__(hs)
|
||||||
|
|
||||||
|
self.spam_checker = hs.get_spam_checker()
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def create_room(self, requester, config, ratelimit=True):
|
def create_room(self, requester, config, ratelimit=True):
|
||||||
""" Creates a new room.
|
""" Creates a new room.
|
||||||
|
@ -75,6 +80,9 @@ class RoomCreationHandler(BaseHandler):
|
||||||
"""
|
"""
|
||||||
user_id = requester.user.to_string()
|
user_id = requester.user.to_string()
|
||||||
|
|
||||||
|
if not self.spam_checker.user_may_create_room(user_id):
|
||||||
|
raise SynapseError(403, "You are not permitted to create rooms")
|
||||||
|
|
||||||
if ratelimit:
|
if ratelimit:
|
||||||
yield self.ratelimit(requester)
|
yield self.ratelimit(requester)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue