Merge pull request #2492 from matrix-org/dbkr/spam_check_invites

Allow spam checker to reject invites too
2017-10-03 18:10:23 +01:00 · 2017-10-03 18:10:23 +01:00 · 5f20a91fa1
parent e4779be97a 1e2ac54351
commit 5f20a91fa1
3 changed files with 39 additions and 2 deletions
--- a/synapse/events/spamcheck.py
+++ b/synapse/events/spamcheck.py
@ -45,3 +45,19 @@ class SpamChecker(object):
            return False

        return self.spam_checker.check_event_for_spam(event)
+
+    def user_may_invite(self, userid, room_id):
+        """Checks if a given user may send an invite
+
+        If this method returns false, the invite will be rejected.
+
+        Args:
+            userid (string): The sender's user ID
+
+        Returns:
+            bool: True if the user may send an invite, otherwise False
+        """
+        if self.spam_checker is None:
+            return True
+
+        return self.spam_checker.user_may_invite(userid, room_id)
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -77,6 +77,7 @@ class FederationHandler(BaseHandler):
        self.action_generator = hs.get_action_generator()
        self.is_mine_id = hs.is_mine_id
        self.pusher_pool = hs.get_pusherpool()
+        self.spam_checker = hs.get_spam_checker()

        self.replication_layer.set_handler(self)

@ -1077,6 +1078,11 @@ class FederationHandler(BaseHandler):
        if self.hs.config.block_non_admin_invites:
            raise SynapseError(403, "This server does not accept room invites")

+        if not self.spam_checker.user_may_invite(event.sender, event.room_id):
+            raise SynapseError(
+                403, "This user is not permitted to send invites to this server"
+            )
+
        membership = event.content.get("membership")
        if event.type != EventTypes.Member or membership != Membership.INVITE:
            raise SynapseError(400, "The event was not an m.room.member invite event")
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@ -48,6 +48,7 @@ class RoomMemberHandler(BaseHandler):
        self.member_linearizer = Linearizer(name="member")

        self.clock = hs.get_clock()
+        self.spam_checker = hs.get_spam_checker()

        self.distributor = hs.get_distributor()
        self.distributor.declare("user_joined_room")
@ -210,12 +211,26 @@ class RoomMemberHandler(BaseHandler):
            if is_blocked:
                raise SynapseError(403, "This room has been blocked on this server")

-        if (effective_membership_state == "invite" and
-                self.hs.config.block_non_admin_invites):
+        if effective_membership_state == "invite":
+            block_invite = False
            is_requester_admin = yield self.auth.is_server_admin(
                requester.user,
            )
            if not is_requester_admin:
+                if self.hs.config.block_non_admin_invites:
+                    logger.info(
+                        "Blocking invite: user is not admin and non-admin "
+                        "invites disabled"
+                    )
+                    block_invite = True
+
+                if not self.spam_checker.user_may_invite(
+                    requester.user.to_string(), room_id,
+                ):
+                    logger.info("Blocking invite due to spam checker")
+                    block_invite = True
+
+            if block_invite:
                raise SynapseError(
                    403, "Invites have been disabled on this server",
                )