From 187d2837a9fc9d5b9e585f3a7f0f54f2ceac7d1b Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Mon, 17 Jun 2019 15:48:57 +0100 Subject: [PATCH 1/2] Add third party rules hook into create room --- synapse/events/third_party_rules.py | 27 ++++++++++++++++++++++++--- synapse/handlers/room.py | 25 ++++++++++++++++++++++++- 2 files changed, 48 insertions(+), 4 deletions(-) diff --git a/synapse/events/third_party_rules.py b/synapse/events/third_party_rules.py index 9f98d51523..ee7b97ad39 100644 --- a/synapse/events/third_party_rules.py +++ b/synapse/events/third_party_rules.py @@ -17,8 +17,8 @@ from twisted.internet import defer class ThirdPartyEventRules(object): - """Allows server admins to provide a Python module implementing an extra set of rules - to apply when processing events. + """Allows server admins to provide a Python module implementing an extra + set of rules to apply when processing events. This is designed to help admins of closed federations with enforcing custom behaviours. @@ -46,7 +46,7 @@ class ThirdPartyEventRules(object): context (synapse.events.snapshot.EventContext): The context of the event. Returns: - defer.Deferred(bool), True if the event should be allowed, False if not. + defer.Deferred[bool]: True if the event should be allowed, False if not. """ if self.third_party_rules is None: defer.returnValue(True) @@ -60,3 +60,24 @@ class ThirdPartyEventRules(object): ret = yield self.third_party_rules.check_event_allowed(event, state_events) defer.returnValue(ret) + + @defer.inlineCallbacks + def on_create_room(self, requester, config, is_requester_admin): + """Intercept requests to create room to allow, deny or update the + request config. + + Args: + requester (Requester) + config (dict): The creation config from the client. + is_requester_admin (bool): If the requester is an admin + + Returns: + defer.Deferred + """ + + if self.third_party_rules is None: + return + + yield self.third_party_rules.on_create_room( + requester, config, is_requester_admin + ) diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py index 4a17911a87..74793bab33 100644 --- a/synapse/handlers/room.py +++ b/synapse/handlers/room.py @@ -75,6 +75,10 @@ class RoomCreationHandler(BaseHandler): # linearizer to stop two upgrades happening at once self._upgrade_linearizer = Linearizer("room_upgrade_linearizer") + self._server_notices_mxid = hs.config.server_notices_mxid + + self.third_party_event_rules = hs.get_third_party_event_rules() + @defer.inlineCallbacks def upgrade_room(self, requester, old_room_id, new_version): """Replace a room with a new room with a different version @@ -470,7 +474,26 @@ class RoomCreationHandler(BaseHandler): yield self.auth.check_auth_blocking(user_id) - if not self.spam_checker.user_may_create_room(user_id): + if (self._server_notices_mxid is not None and + requester.user.to_string() == self._server_notices_mxid): + # allow the server notices mxid to create rooms + is_requester_admin = True + else: + is_requester_admin = yield self.auth.is_server_admin( + requester.user, + ) + + # Check whether the third party rules allows/changes the room create + # request. + yield self.third_party_event_rules.on_create_room( + requester, + config, + is_requester_admin=is_requester_admin, + ) + + if not is_requester_admin and not self.spam_checker.user_may_create_room( + user_id, + ): raise SynapseError(403, "You are not permitted to create rooms") if ratelimit: From 2d6308a043153b149ead23b1a6567a03ae20496b Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Mon, 17 Jun 2019 15:52:15 +0100 Subject: [PATCH 2/2] Newsfile --- changelog.d/5474.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5474.feature diff --git a/changelog.d/5474.feature b/changelog.d/5474.feature new file mode 100644 index 0000000000..63d9b58734 --- /dev/null +++ b/changelog.d/5474.feature @@ -0,0 +1 @@ +Allow server admins to define implementations of extra rules for allowing or denying incoming events.