diff --git a/changelog.d/5477.feature b/changelog.d/5477.feature new file mode 100644 index 0000000000..63d9b58734 --- /dev/null +++ b/changelog.d/5477.feature @@ -0,0 +1 @@ +Allow server admins to define implementations of extra rules for allowing or denying incoming events. diff --git a/synapse/events/third_party_rules.py b/synapse/events/third_party_rules.py index ee7b97ad39..50ceeb1e8e 100644 --- a/synapse/events/third_party_rules.py +++ b/synapse/events/third_party_rules.py @@ -35,7 +35,10 @@ class ThirdPartyEventRules(object): module, config = hs.config.third_party_event_rules if module is not None: - self.third_party_rules = module(config=config) + self.third_party_rules = module( + config=config, + http_client=hs.get_simple_http_client(), + ) @defer.inlineCallbacks def check_event_allowed(self, event, context): @@ -81,3 +84,31 @@ class ThirdPartyEventRules(object): yield self.third_party_rules.on_create_room( requester, config, is_requester_admin ) + + @defer.inlineCallbacks + def check_threepid_can_be_invited(self, medium, address, room_id): + """Check if a provided 3PID can be invited in the given room. + + Args: + medium (str): The 3PID's medium. + address (str): The 3PID's address. + room_id (str): The room we want to invite the threepid to. + + Returns: + defer.Deferred[bool], True if the 3PID can be invited, False if not. + """ + + if self.third_party_rules is None: + defer.returnValue(True) + + state_ids = yield self.store.get_filtered_current_state_ids(room_id) + room_state_events = yield self.store.get_events(state_ids.values()) + + state_events = {} + for key, event_id in state_ids.items(): + state_events[key] = room_state_events[event_id] + + ret = yield self.third_party_rules.check_threepid_can_be_invited( + medium, address, state_events, + ) + defer.returnValue(ret) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 93ac986c86..458902bb7e 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -72,6 +72,7 @@ class RoomMemberHandler(object): self.clock = hs.get_clock() self.spam_checker = hs.get_spam_checker() + self.third_party_event_rules = hs.get_third_party_event_rules() self._server_notices_mxid = self.config.server_notices_mxid self._enable_lookup = hs.config.enable_3pid_lookup self.allow_per_room_profiles = self.config.allow_per_room_profiles @@ -723,6 +724,15 @@ class RoomMemberHandler(object): # can't just rely on the standard ratelimiting of events. yield self.base_handler.ratelimit(requester) + can_invite = yield self.third_party_event_rules.check_threepid_can_be_invited( + medium, address, room_id, + ) + if not can_invite: + raise SynapseError( + 403, "This third-party identifier can not be invited in this room", + Codes.FORBIDDEN, + ) + invitee = yield self._lookup_3pid( id_server, medium, address )