Add user_may_join_room spam check

2019-03-18 13:17:49 +00:00 · 2019-03-18 13:17:49 +00:00 · b85ff4b894
parent 4eca8d3fb3
commit b85ff4b894
3 changed files with 35 additions and 1 deletions
--- a/synapse/events/spamcheck.py
+++ b/synapse/events/spamcheck.py
@ -122,3 +122,21 @@ class SpamChecker(object):
            return True

        return self.spam_checker.user_may_publish_room(userid, room_id)
+
+    def user_may_join_room(self, userid, room_id, is_invited):
+        """Checks if a given users is allowed to join a room.
+
+        Is not called when the user creates a room.
+
+        Args:
+            userid (str)
+            room_id (str)
+            is_invited (bool): Whether the user is invited into the room
+
+        Returns:
+            bool: Whether the user may join the room
+        """
+        if self.spam_checker is None:
+            return True
+
+        return self.spam_checker.user_may_join_room(userid, room_id, is_invited)
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@ -487,8 +487,19 @@ class RoomMemberHandler(object):
                    # so don't really fit into the general auth process.
                    raise AuthError(403, "Guest access not allowed")

+            inviter = yield self._get_inviter(target.to_string(), room_id)
+            # We assume that if the spam checker allowed the user to create
+            # a room then they're allowed to join it.
+            if not new_room and not self.spam_checker.user_may_join_room(
+                target.to_string(), room_id,
+                is_invited=inviter is not None,
+                new_room=new_room,
+            ):
+                raise SynapseError(
+                    403, "Not allowed to join this room",
+                )
+
            if not is_host_in_room:
-                inviter = yield self._get_inviter(target.to_string(), room_id)
                if inviter and not self.hs.is_mine(inviter):
                    remote_room_hosts.append(inviter.domain)

--- a/synapse/rulecheck/domain_rule_checker.py
+++ b/synapse/rulecheck/domain_rule_checker.py
@ -75,6 +75,11 @@ class DomainRuleChecker(object):
        """
        return True

+    def user_may_join_room(self, userid, room_id, is_invited, new_room):
+        """Implements synapse.events.SpamChecker.user_may_join_room
+        """
+        return True
+
    @staticmethod
    def parse_config(config):
        """Implements synapse.events.SpamChecker.parse_config