From cd77270a669fa827912efd86a0723d85e9e388ed Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 23 Aug 2018 19:17:08 +0100 Subject: [PATCH 1/3] Implement trail users --- synapse/api/auth.py | 6 +++++- synapse/config/server.py | 6 ++++++ synapse/storage/monthly_active_users.py | 5 +++++ synapse/storage/registration.py | 28 ++++++++++++++++++++++++- tests/storage/test_registration.py | 1 + 5 files changed, 44 insertions(+), 2 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 4ca40a0f71..8d2aa5870a 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -797,11 +797,15 @@ class Auth(object): limit_type=self.hs.config.hs_disabled_limit_type ) if self.hs.config.limit_usage_by_mau is True: - # If the user is already part of the MAU cohort + # If the user is already part of the MAU cohort or a trial user if user_id: timestamp = yield self.store.user_last_seen_monthly_active(user_id) if timestamp: return + + is_trial = yield self.store.is_trial_user(user_id) + if is_trial: + return # Else if there is no room in the MAU bucket, bail current_mau = yield self.store.get_monthly_active_count() if current_mau >= self.hs.config.max_mau_value: diff --git a/synapse/config/server.py b/synapse/config/server.py index 68a612e594..8eecd28e7d 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -77,10 +77,15 @@ class ServerConfig(Config): self.max_mau_value = config.get( "max_mau_value", 0, ) + self.mau_limits_reserved_threepids = config.get( "mau_limit_reserved_threepids", [] ) + self.mau_trial_days = config.get( + "mau_trial_days", 0, + ) + # Options to disable HS self.hs_disabled = config.get("hs_disabled", False) self.hs_disabled_message = config.get("hs_disabled_message", "") @@ -365,6 +370,7 @@ class ServerConfig(Config): # Enables monthly active user checking # limit_usage_by_mau: False # max_mau_value: 50 + # mau_trial_days: 2 # # Sometimes the server admin will want to ensure certain accounts are # never blocked by mau checking. These accounts are specified here. diff --git a/synapse/storage/monthly_active_users.py b/synapse/storage/monthly_active_users.py index fd3b630bd2..d178f5c5ba 100644 --- a/synapse/storage/monthly_active_users.py +++ b/synapse/storage/monthly_active_users.py @@ -201,6 +201,11 @@ class MonthlyActiveUsersStore(SQLBaseStore): user_id(str): the user_id to query """ if self.hs.config.limit_usage_by_mau: + is_trial = yield self.is_trial_user(user_id) + if is_trial: + # we don't track trial users in the MAU table. + return + last_seen_timestamp = yield self.user_last_seen_monthly_active(user_id) now = self.hs.get_clock().time_msec() diff --git a/synapse/storage/registration.py b/synapse/storage/registration.py index 07333f777d..26b429e307 100644 --- a/synapse/storage/registration.py +++ b/synapse/storage/registration.py @@ -26,6 +26,11 @@ from synapse.util.caches.descriptors import cached, cachedInlineCallbacks class RegistrationWorkerStore(SQLBaseStore): + def __init__(self, db_conn, hs): + super(RegistrationWorkerStore, self).__init__(db_conn, hs) + + self.config = hs.config + @cached() def get_user_by_id(self, user_id): return self._simple_select_one( @@ -36,12 +41,33 @@ class RegistrationWorkerStore(SQLBaseStore): retcols=[ "name", "password_hash", "is_guest", "consent_version", "consent_server_notice_sent", - "appservice_id", + "appservice_id", "creation_ts", ], allow_none=True, desc="get_user_by_id", ) + @defer.inlineCallbacks + def is_trial_user(self, user_id): + """Checks if user is in the "trial" period, i.e. within the first + N days of registration defined by `mau_trial_days` config + + Args: + user_id (str) + + Returns: + Deferred[bool] + """ + + info = yield self.get_user_by_id(user_id) + if not info: + defer.returnValue(False) + + now = self.clock.time_msec() + trial_duration_ms = self.config.mau_trial_days * 24 * 60 * 60 * 1000 + is_trial = (now - info["creation_ts"] * 1000) < trial_duration_ms + defer.returnValue(is_trial) + @cached() def get_user_by_access_token(self, token): """Get a user from the given access token. diff --git a/tests/storage/test_registration.py b/tests/storage/test_registration.py index 4eda122edc..3dfb7b903a 100644 --- a/tests/storage/test_registration.py +++ b/tests/storage/test_registration.py @@ -46,6 +46,7 @@ class RegistrationStoreTestCase(unittest.TestCase): "consent_version": None, "consent_server_notice_sent": None, "appservice_id": None, + "creation_ts": 1000, }, (yield self.store.get_user_by_id(self.user_id)), ) From f2cbbda956a5abd3163665ad87d2fc9500a265d2 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 23 Aug 2018 18:33:04 +0100 Subject: [PATCH 2/3] Unit tests --- tests/server.py | 13 ++- tests/test_mau.py | 217 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 227 insertions(+), 3 deletions(-) create mode 100644 tests/test_mau.py diff --git a/tests/server.py b/tests/server.py index c63b2c3100..7dbdb7f8ea 100644 --- a/tests/server.py +++ b/tests/server.py @@ -5,7 +5,7 @@ from six import text_type import attr -from twisted.internet import threads +from twisted.internet import address, threads from twisted.internet.defer import Deferred from twisted.python.failure import Failure from twisted.test.proto_helpers import MemoryReactorClock @@ -63,7 +63,9 @@ class FakeChannel(object): self.result["done"] = True def getPeer(self): - return None + # We give an address so that getClientIP returns a non null entry, + # causing us to record the MAU + return address.IPv4Address(b"TCP", "127.0.0.1", 3423) def getHost(self): return None @@ -91,7 +93,7 @@ class FakeSite: return FakeLogger() -def make_request(method, path, content=b""): +def make_request(method, path, content=b"", access_token=None): """ Make a web request using the given method and path, feed it the content, and return the Request and the Channel underneath. @@ -116,6 +118,11 @@ def make_request(method, path, content=b""): req = SynapseRequest(site, channel) req.process = lambda: b"" req.content = BytesIO(content) + + if access_token: + req.requestHeaders.addRawHeader(b"Authorization", b"Bearer " + access_token) + + req.requestHeaders.addRawHeader(b"X-Forwarded-For", b"127.0.0.1") req.requestReceived(method, path, b"1.1") return req, channel diff --git a/tests/test_mau.py b/tests/test_mau.py new file mode 100644 index 0000000000..0732615447 --- /dev/null +++ b/tests/test_mau.py @@ -0,0 +1,217 @@ +# -*- coding: utf-8 -*- +# Copyright 2018 New Vector Ltd +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Tests REST events for /rooms paths.""" + +import json + +from mock import Mock, NonCallableMock + +from synapse.api.constants import LoginType +from synapse.api.errors import Codes, HttpResponseException, SynapseError +from synapse.http.server import JsonResource +from synapse.rest.client.v2_alpha import register, sync +from synapse.util import Clock + +from tests import unittest +from tests.server import ( + ThreadedMemoryReactorClock, + make_request, + render, + setup_test_homeserver, +) + + +class TestMauLimit(unittest.TestCase): + def setUp(self): + self.reactor = ThreadedMemoryReactorClock() + self.clock = Clock(self.reactor) + + self.hs = setup_test_homeserver( + self.addCleanup, + "red", + http_client=None, + clock=self.clock, + reactor=self.reactor, + federation_client=Mock(), + ratelimiter=NonCallableMock(spec_set=["send_message"]), + ) + + self.store = self.hs.get_datastore() + + self.hs.config.registrations_require_3pid = [] + self.hs.config.enable_registration_captcha = False + self.hs.config.recaptcha_public_key = [] + + self.hs.config.limit_usage_by_mau = True + self.hs.config.hs_disabled = False + self.hs.config.max_mau_value = 2 + self.hs.config.mau_trial_days = 0 + self.hs.config.server_notices_mxid = "@server:red" + self.hs.config.server_notices_mxid_display_name = None + self.hs.config.server_notices_mxid_avatar_url = None + self.hs.config.server_notices_room_name = "Test Server Notice Room" + + self.resource = JsonResource(self.hs) + register.register_servlets(self.hs, self.resource) + sync.register_servlets(self.hs, self.resource) + + def test_simple_deny_mau(self): + # Create and sync so that the MAU counts get updated + token1 = self.create_user("kermit1") + self.do_sync_for_user(token1) + token2 = self.create_user("kermit2") + self.do_sync_for_user(token2) + + # We've created and activated two users, we shouldn't be able to + # register new users + with self.assertRaises(SynapseError) as cm: + self.create_user("kermit3") + + e = cm.exception + self.assertEqual(e.code, 403) + self.assertEqual(e.errcode, Codes.RESOURCE_LIMIT_EXCEEDED) + + def test_allowed_after_a_month_mau(self): + # Create and sync so that the MAU counts get updated + token1 = self.create_user("kermit1") + self.do_sync_for_user(token1) + token2 = self.create_user("kermit2") + self.do_sync_for_user(token2) + + # Advance time by 31 days + self.reactor.advance(31 * 24 * 60 * 60) + + self.store.reap_monthly_active_users() + + self.reactor.advance(0) + + # We should be able to register more users + token3 = self.create_user("kermit3") + self.do_sync_for_user(token3) + + def test_trial_delay(self): + self.hs.config.mau_trial_days = 1 + + # We should be able to register more than the limit initially + token1 = self.create_user("kermit1") + self.do_sync_for_user(token1) + token2 = self.create_user("kermit2") + self.do_sync_for_user(token2) + token3 = self.create_user("kermit3") + self.do_sync_for_user(token3) + + # Advance time by 2 days + self.reactor.advance(2 * 24 * 60 * 60) + + # Two users should be able to sync + self.do_sync_for_user(token1) + self.do_sync_for_user(token2) + + # But the third should fail + with self.assertRaises(SynapseError) as cm: + self.do_sync_for_user(token3) + + e = cm.exception + self.assertEqual(e.code, 403) + self.assertEqual(e.errcode, Codes.RESOURCE_LIMIT_EXCEEDED) + + # And new registrations are now denied too + with self.assertRaises(SynapseError) as cm: + self.create_user("kermit4") + + e = cm.exception + self.assertEqual(e.code, 403) + self.assertEqual(e.errcode, Codes.RESOURCE_LIMIT_EXCEEDED) + + def test_trial_users_cant_come_back(self): + self.hs.config.mau_trial_days = 1 + + # We should be able to register more than the limit initially + token1 = self.create_user("kermit1") + self.do_sync_for_user(token1) + token2 = self.create_user("kermit2") + self.do_sync_for_user(token2) + token3 = self.create_user("kermit3") + self.do_sync_for_user(token3) + + # Advance time by 2 days + self.reactor.advance(2 * 24 * 60 * 60) + + # Two users should be able to sync + self.do_sync_for_user(token1) + self.do_sync_for_user(token2) + + # Advance by 2 months so everyone falls out of MAU + self.reactor.advance(60 * 24 * 60 * 60) + self.store.reap_monthly_active_users() + self.reactor.advance(0) + + # We can create as many new users as we want + token4 = self.create_user("kermit4") + self.do_sync_for_user(token4) + token5 = self.create_user("kermit5") + self.do_sync_for_user(token5) + token6 = self.create_user("kermit6") + self.do_sync_for_user(token6) + + # users 2 and 3 can come back to bring us back up to MAU limit + self.do_sync_for_user(token2) + self.do_sync_for_user(token3) + + # New trial users can still sync + self.do_sync_for_user(token4) + self.do_sync_for_user(token5) + self.do_sync_for_user(token6) + + # But old user cant + with self.assertRaises(SynapseError) as cm: + self.do_sync_for_user(token1) + + e = cm.exception + self.assertEqual(e.code, 403) + self.assertEqual(e.errcode, Codes.RESOURCE_LIMIT_EXCEEDED) + + def create_user(self, localpart): + request_data = json.dumps({ + "username": localpart, + "password": "monkey", + "auth": {"type": LoginType.DUMMY}, + }) + + request, channel = make_request(b"POST", b"/register", request_data) + render(request, self.resource, self.reactor) + + if channel.result["code"] != b"200": + raise HttpResponseException( + int(channel.result["code"]), + channel.result["reason"], + channel.result["body"], + ).to_synapse_error() + + access_token = channel.json_body["access_token"] + + return access_token + + def do_sync_for_user(self, token): + request, channel = make_request(b"GET", b"/sync", access_token=token) + render(request, self.resource, self.reactor) + + if channel.result["code"] != b"200": + raise HttpResponseException( + int(channel.result["code"]), + channel.result["reason"], + channel.result["body"], + ).to_synapse_error() From 28d7b546cb7855e70b82dc7a4aab8a401c5909a2 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Thu, 23 Aug 2018 19:18:52 +0100 Subject: [PATCH 3/3] Newsfile --- changelog.d/3749.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/3749.feature diff --git a/changelog.d/3749.feature b/changelog.d/3749.feature new file mode 100644 index 0000000000..9f8837b106 --- /dev/null +++ b/changelog.d/3749.feature @@ -0,0 +1 @@ +Add mau_trial_days config param, so that users only get counted as MAU after N days.