Merge pull request #3687 from matrix-org/neilj/admin_email
support admin_email config and pass through into blocking errors,
This commit is contained in:
commit
4601129c44
|
@ -0,0 +1 @@
|
||||||
|
set admin uri via config, to be used in error messages where the user should contact the administrator
|
|
@ -785,7 +785,9 @@ class Auth(object):
|
||||||
"""
|
"""
|
||||||
if self.hs.config.hs_disabled:
|
if self.hs.config.hs_disabled:
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
403, self.hs.config.hs_disabled_message, errcode=Codes.HS_DISABLED
|
403, self.hs.config.hs_disabled_message,
|
||||||
|
errcode=Codes.RESOURCE_LIMIT_EXCEED,
|
||||||
|
admin_uri=self.hs.config.admin_uri,
|
||||||
)
|
)
|
||||||
if self.hs.config.limit_usage_by_mau is True:
|
if self.hs.config.limit_usage_by_mau is True:
|
||||||
# If the user is already part of the MAU cohort
|
# If the user is already part of the MAU cohort
|
||||||
|
@ -797,5 +799,7 @@ class Auth(object):
|
||||||
current_mau = yield self.store.get_monthly_active_count()
|
current_mau = yield self.store.get_monthly_active_count()
|
||||||
if current_mau >= self.hs.config.max_mau_value:
|
if current_mau >= self.hs.config.max_mau_value:
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
|
403, "Monthly Active User Limits AU Limit Exceeded",
|
||||||
|
admin_uri=self.hs.config.admin_uri,
|
||||||
|
errcode=Codes.RESOURCE_LIMIT_EXCEED
|
||||||
)
|
)
|
||||||
|
|
|
@ -56,8 +56,7 @@ class Codes(object):
|
||||||
SERVER_NOT_TRUSTED = "M_SERVER_NOT_TRUSTED"
|
SERVER_NOT_TRUSTED = "M_SERVER_NOT_TRUSTED"
|
||||||
CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
|
CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
|
||||||
CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
|
CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
|
||||||
MAU_LIMIT_EXCEEDED = "M_MAU_LIMIT_EXCEEDED"
|
RESOURCE_LIMIT_EXCEED = "M_RESOURCE_LIMIT_EXCEED"
|
||||||
HS_DISABLED = "M_HS_DISABLED"
|
|
||||||
UNSUPPORTED_ROOM_VERSION = "M_UNSUPPORTED_ROOM_VERSION"
|
UNSUPPORTED_ROOM_VERSION = "M_UNSUPPORTED_ROOM_VERSION"
|
||||||
INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"
|
INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"
|
||||||
|
|
||||||
|
@ -225,11 +224,16 @@ class NotFoundError(SynapseError):
|
||||||
|
|
||||||
class AuthError(SynapseError):
|
class AuthError(SynapseError):
|
||||||
"""An error raised when there was a problem authorising an event."""
|
"""An error raised when there was a problem authorising an event."""
|
||||||
|
def __init__(self, code, msg, errcode=Codes.FORBIDDEN, admin_uri=None):
|
||||||
|
self.admin_uri = admin_uri
|
||||||
|
super(AuthError, self).__init__(code, msg, errcode=errcode)
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def error_dict(self):
|
||||||
if "errcode" not in kwargs:
|
return cs_error(
|
||||||
kwargs["errcode"] = Codes.FORBIDDEN
|
self.msg,
|
||||||
super(AuthError, self).__init__(*args, **kwargs)
|
self.errcode,
|
||||||
|
admin_uri=self.admin_uri,
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class EventSizeError(SynapseError):
|
class EventSizeError(SynapseError):
|
||||||
|
|
|
@ -82,6 +82,10 @@ class ServerConfig(Config):
|
||||||
self.hs_disabled = config.get("hs_disabled", False)
|
self.hs_disabled = config.get("hs_disabled", False)
|
||||||
self.hs_disabled_message = config.get("hs_disabled_message", "")
|
self.hs_disabled_message = config.get("hs_disabled_message", "")
|
||||||
|
|
||||||
|
# Admin uri to direct users at should their instance become blocked
|
||||||
|
# due to resource constraints
|
||||||
|
self.admin_uri = config.get("admin_uri", None)
|
||||||
|
|
||||||
# FIXME: federation_domain_whitelist needs sytests
|
# FIXME: federation_domain_whitelist needs sytests
|
||||||
self.federation_domain_whitelist = None
|
self.federation_domain_whitelist = None
|
||||||
federation_domain_whitelist = config.get(
|
federation_domain_whitelist = config.get(
|
||||||
|
|
|
@ -144,7 +144,8 @@ class RegistrationHandler(BaseHandler):
|
||||||
Raises:
|
Raises:
|
||||||
RegistrationError if there was a problem registering.
|
RegistrationError if there was a problem registering.
|
||||||
"""
|
"""
|
||||||
yield self._check_mau_limits()
|
|
||||||
|
yield self.auth.check_auth_blocking()
|
||||||
password_hash = None
|
password_hash = None
|
||||||
if password:
|
if password:
|
||||||
password_hash = yield self.auth_handler().hash(password)
|
password_hash = yield self.auth_handler().hash(password)
|
||||||
|
@ -289,7 +290,7 @@ class RegistrationHandler(BaseHandler):
|
||||||
400,
|
400,
|
||||||
"User ID can only contain characters a-z, 0-9, or '=_-./'",
|
"User ID can only contain characters a-z, 0-9, or '=_-./'",
|
||||||
)
|
)
|
||||||
yield self._check_mau_limits()
|
yield self.auth.check_auth_blocking()
|
||||||
user = UserID(localpart, self.hs.hostname)
|
user = UserID(localpart, self.hs.hostname)
|
||||||
user_id = user.to_string()
|
user_id = user.to_string()
|
||||||
|
|
||||||
|
@ -439,7 +440,7 @@ class RegistrationHandler(BaseHandler):
|
||||||
"""
|
"""
|
||||||
if localpart is None:
|
if localpart is None:
|
||||||
raise SynapseError(400, "Request must include user id")
|
raise SynapseError(400, "Request must include user id")
|
||||||
yield self._check_mau_limits()
|
yield self.auth.check_auth_blocking()
|
||||||
need_register = True
|
need_register = True
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -533,14 +534,3 @@ class RegistrationHandler(BaseHandler):
|
||||||
remote_room_hosts=remote_room_hosts,
|
remote_room_hosts=remote_room_hosts,
|
||||||
action="join",
|
action="join",
|
||||||
)
|
)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
|
||||||
def _check_mau_limits(self):
|
|
||||||
"""
|
|
||||||
Do not accept registrations if monthly active user limits exceeded
|
|
||||||
and limiting is enabled
|
|
||||||
"""
|
|
||||||
try:
|
|
||||||
yield self.auth.check_auth_blocking()
|
|
||||||
except AuthError as e:
|
|
||||||
raise RegistrationError(e.code, str(e), e.errcode)
|
|
||||||
|
|
|
@ -455,8 +455,11 @@ class AuthTestCase(unittest.TestCase):
|
||||||
return_value=defer.succeed(lots_of_users)
|
return_value=defer.succeed(lots_of_users)
|
||||||
)
|
)
|
||||||
|
|
||||||
with self.assertRaises(AuthError):
|
with self.assertRaises(AuthError) as e:
|
||||||
yield self.auth.check_auth_blocking()
|
yield self.auth.check_auth_blocking()
|
||||||
|
self.assertEquals(e.exception.admin_uri, self.hs.config.admin_uri)
|
||||||
|
self.assertEquals(e.exception.errcode, Codes.RESOURCE_LIMIT_EXCEED)
|
||||||
|
self.assertEquals(e.exception.code, 403)
|
||||||
|
|
||||||
# Ensure does not throw an error
|
# Ensure does not throw an error
|
||||||
self.store.get_monthly_active_count = Mock(
|
self.store.get_monthly_active_count = Mock(
|
||||||
|
@ -470,5 +473,6 @@ class AuthTestCase(unittest.TestCase):
|
||||||
self.hs.config.hs_disabled_message = "Reason for being disabled"
|
self.hs.config.hs_disabled_message = "Reason for being disabled"
|
||||||
with self.assertRaises(AuthError) as e:
|
with self.assertRaises(AuthError) as e:
|
||||||
yield self.auth.check_auth_blocking()
|
yield self.auth.check_auth_blocking()
|
||||||
self.assertEquals(e.exception.errcode, Codes.HS_DISABLED)
|
self.assertEquals(e.exception.admin_uri, self.hs.config.admin_uri)
|
||||||
|
self.assertEquals(e.exception.errcode, Codes.RESOURCE_LIMIT_EXCEED)
|
||||||
self.assertEquals(e.exception.code, 403)
|
self.assertEquals(e.exception.code, 403)
|
||||||
|
|
|
@ -17,7 +17,7 @@ from mock import Mock
|
||||||
|
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
from synapse.api.errors import RegistrationError
|
from synapse.api.errors import AuthError
|
||||||
from synapse.handlers.register import RegistrationHandler
|
from synapse.handlers.register import RegistrationHandler
|
||||||
from synapse.types import UserID, create_requester
|
from synapse.types import UserID, create_requester
|
||||||
|
|
||||||
|
@ -109,7 +109,7 @@ class RegistrationTestCase(unittest.TestCase):
|
||||||
self.store.get_monthly_active_count = Mock(
|
self.store.get_monthly_active_count = Mock(
|
||||||
return_value=defer.succeed(self.lots_of_users)
|
return_value=defer.succeed(self.lots_of_users)
|
||||||
)
|
)
|
||||||
with self.assertRaises(RegistrationError):
|
with self.assertRaises(AuthError):
|
||||||
yield self.handler.get_or_create_user("requester", 'b', "display_name")
|
yield self.handler.get_or_create_user("requester", 'b', "display_name")
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
|
@ -118,7 +118,7 @@ class RegistrationTestCase(unittest.TestCase):
|
||||||
self.store.get_monthly_active_count = Mock(
|
self.store.get_monthly_active_count = Mock(
|
||||||
return_value=defer.succeed(self.lots_of_users)
|
return_value=defer.succeed(self.lots_of_users)
|
||||||
)
|
)
|
||||||
with self.assertRaises(RegistrationError):
|
with self.assertRaises(AuthError):
|
||||||
yield self.handler.register(localpart="local_part")
|
yield self.handler.register(localpart="local_part")
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
|
@ -127,5 +127,5 @@ class RegistrationTestCase(unittest.TestCase):
|
||||||
self.store.get_monthly_active_count = Mock(
|
self.store.get_monthly_active_count = Mock(
|
||||||
return_value=defer.succeed(self.lots_of_users)
|
return_value=defer.succeed(self.lots_of_users)
|
||||||
)
|
)
|
||||||
with self.assertRaises(RegistrationError):
|
with self.assertRaises(AuthError):
|
||||||
yield self.handler.register_saml2(localpart="local_part")
|
yield self.handler.register_saml2(localpart="local_part")
|
||||||
|
|
|
@ -51,7 +51,7 @@ class SyncTestCase(tests.unittest.TestCase):
|
||||||
self.hs.config.hs_disabled = True
|
self.hs.config.hs_disabled = True
|
||||||
with self.assertRaises(AuthError) as e:
|
with self.assertRaises(AuthError) as e:
|
||||||
yield self.sync_handler.wait_for_sync_for_user(sync_config)
|
yield self.sync_handler.wait_for_sync_for_user(sync_config)
|
||||||
self.assertEquals(e.exception.errcode, Codes.HS_DISABLED)
|
self.assertEquals(e.exception.errcode, Codes.RESOURCE_LIMIT_EXCEED)
|
||||||
|
|
||||||
self.hs.config.hs_disabled = False
|
self.hs.config.hs_disabled = False
|
||||||
|
|
||||||
|
@ -59,7 +59,7 @@ class SyncTestCase(tests.unittest.TestCase):
|
||||||
|
|
||||||
with self.assertRaises(AuthError) as e:
|
with self.assertRaises(AuthError) as e:
|
||||||
yield self.sync_handler.wait_for_sync_for_user(sync_config)
|
yield self.sync_handler.wait_for_sync_for_user(sync_config)
|
||||||
self.assertEquals(e.exception.errcode, Codes.MAU_LIMIT_EXCEEDED)
|
self.assertEquals(e.exception.errcode, Codes.RESOURCE_LIMIT_EXCEED)
|
||||||
|
|
||||||
def _generate_sync_config(self, user_id):
|
def _generate_sync_config(self, user_id):
|
||||||
return SyncConfig(
|
return SyncConfig(
|
||||||
|
|
|
@ -139,6 +139,7 @@ def setup_test_homeserver(
|
||||||
config.hs_disabled_message = ""
|
config.hs_disabled_message = ""
|
||||||
config.max_mau_value = 50
|
config.max_mau_value = 50
|
||||||
config.mau_limits_reserved_threepids = []
|
config.mau_limits_reserved_threepids = []
|
||||||
|
config.admin_uri = None
|
||||||
|
|
||||||
# we need a sane default_room_version, otherwise attempts to create rooms will
|
# we need a sane default_room_version, otherwise attempts to create rooms will
|
||||||
# fail.
|
# fail.
|
||||||
|
|
Loading…
Reference in New Issue