From fc8fa93e04d1158b4b71dbca024bb65e427af4b8 Mon Sep 17 00:00:00 2001 From: Hanadi92 Date: Fri, 15 Sep 2023 12:06:42 +0200 Subject: [PATCH 1/5] feat: filter admin users list to ex-include locked users --- synapse/rest/admin/users.py | 6 ++++- synapse/storage/databases/main/__init__.py | 7 +++++- synapse/storage/databases/main/stats.py | 1 + tests/rest/admin/test_user.py | 26 ++++++++++++++++++++++ 4 files changed, 38 insertions(+), 2 deletions(-) diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py index 91898a5c135c..08e7aeaa2803 100644 --- a/synapse/rest/admin/users.py +++ b/synapse/rest/admin/users.py @@ -66,6 +66,7 @@ class UsersRestServletV2(RestServlet): The parameter `deactivated` can be used to include deactivated users. The parameter `order_by` can be used to order the result. The parameter `not_user_type` can be used to exclude certain user types. + The parameter `locked` can be used to include locked users. Possible values are `bot`, `support` or "empty string". "empty string" here means to exclude users without a type. """ @@ -107,8 +108,9 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]: "The guests parameter is not supported when MSC3861 is enabled.", errcode=Codes.INVALID_PARAM, ) - deactivated = parse_boolean(request, "deactivated", default=False) + deactivated = parse_boolean(request, "deactivated", default=False) + locked = parse_boolean(request, "locked", default=False) admins = parse_boolean(request, "admins") # If support for MSC3866 is not enabled, apply no filtering based on the @@ -133,6 +135,7 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]: UserSortOrder.SHADOW_BANNED.value, UserSortOrder.CREATION_TS.value, UserSortOrder.LAST_SEEN_TS.value, + UserSortOrder.LOCKED.value, ), ) @@ -154,6 +157,7 @@ async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]: direction, approved, not_user_types, + locked, ) # If support for MSC3866 is not enabled, don't show the approval flag. diff --git a/synapse/storage/databases/main/__init__.py b/synapse/storage/databases/main/__init__.py index 0836e247ef5f..0fd3060deaed 100644 --- a/synapse/storage/databases/main/__init__.py +++ b/synapse/storage/databases/main/__init__.py @@ -175,6 +175,7 @@ async def get_users_paginate( direction: Direction = Direction.FORWARDS, approved: bool = True, not_user_types: Optional[List[str]] = None, + locked: bool = False, ) -> Tuple[List[JsonDict], int]: """Function to retrieve a paginated list of users from users list. This will return a json list of users and the @@ -194,6 +195,7 @@ async def get_users_paginate( direction: sort ascending or descending approved: whether to include approved users not_user_types: list of user types to exclude + locked: whether to include locked users Returns: A tuple of a list of mappings from user to information and a count of total users. """ @@ -226,6 +228,9 @@ def get_users_paginate_txn( if not deactivated: filters.append("deactivated = 0") + if not locked: + filters.append("locked = 0") + if admins is not None: if admins: filters.append("admin = 1") @@ -290,7 +295,7 @@ def get_users_paginate_txn( sql = f""" SELECT name, user_type, is_guest, admin, deactivated, shadow_banned, displayname, avatar_url, creation_ts * 1000 as creation_ts, approved, - eu.user_id is not null as erased, last_seen_ts + eu.user_id is not null as erased, last_seen_ts, locked {sql_base} ORDER BY {order_by_column} {order}, u.name ASC LIMIT ? OFFSET ? diff --git a/synapse/storage/databases/main/stats.py b/synapse/storage/databases/main/stats.py index 3a2966b9e46a..9d403919e430 100644 --- a/synapse/storage/databases/main/stats.py +++ b/synapse/storage/databases/main/stats.py @@ -108,6 +108,7 @@ class UserSortOrder(Enum): SHADOW_BANNED = "shadow_banned" CREATION_TS = "creation_ts" LAST_SEEN_TS = "last_seen_ts" + LOCKED = "locked" class StatsStore(StateDeltasStore): diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py index 761871b933e2..471a5dc6a385 100644 --- a/tests/rest/admin/test_user.py +++ b/tests/rest/admin/test_user.py @@ -1146,6 +1146,32 @@ def test_erasure_status(self) -> None: users = {user["name"]: user for user in channel.json_body["users"]} self.assertIs(users[user_id]["erased"], True) + def test_filter_locked(self) -> None: + # Create a new user. + user_id = self.register_user("lockme", "lockme") + + # Lock them + self.get_success(self.store.set_user_locked_status(user_id, True)) + + # Locked user appears in the filtered locked=true API + channel = self.make_request( + "GET", + self.url + "?locked=true", + access_token=self.admin_user_tok, + ) + users = {user["name"]: user for user in channel.json_body["users"]} + self.assertIn(user_id, users) + self.assertTrue(users[user_id]["locked"]) + + # Locked user should not appear in the filtered locked=false API + channel = self.make_request( + "GET", + self.url + "?locked=false", + access_token=self.admin_user_tok, + ) + users = {user["name"]: user for user in channel.json_body["users"]} + self.assertNotIn(user_id, users) + def _order_test( self, expected_user_list: List[str], From dada560c523a7ba078c1e32cce04dd4cddcc35f2 Mon Sep 17 00:00:00 2001 From: Hanadi92 Date: Fri, 15 Sep 2023 16:34:35 +0200 Subject: [PATCH 2/5] docs: update changelog with feature --- changelog.d/16328.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/16328.feature diff --git a/changelog.d/16328.feature b/changelog.d/16328.feature new file mode 100644 index 000000000000..784a9e29dd00 --- /dev/null +++ b/changelog.d/16328.feature @@ -0,0 +1 @@ +Enables filtering locked users in list users admin API. From 3fbbc87d601558e3f6ca82f18e381dab20442765 Mon Sep 17 00:00:00 2001 From: Hanadi92 Date: Fri, 15 Sep 2023 20:43:44 +0200 Subject: [PATCH 3/5] fix: use boolean for locked column filter --- synapse/storage/databases/main/__init__.py | 2 +- tests/rest/admin/test_user.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/synapse/storage/databases/main/__init__.py b/synapse/storage/databases/main/__init__.py index 0fd3060deaed..101403578c06 100644 --- a/synapse/storage/databases/main/__init__.py +++ b/synapse/storage/databases/main/__init__.py @@ -229,7 +229,7 @@ def get_users_paginate_txn( filters.append("deactivated = 0") if not locked: - filters.append("locked = 0") + filters.append("locked IS FALSE") if admins is not None: if admins: diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py index 471a5dc6a385..b326ad2c9037 100644 --- a/tests/rest/admin/test_user.py +++ b/tests/rest/admin/test_user.py @@ -1153,7 +1153,7 @@ def test_filter_locked(self) -> None: # Lock them self.get_success(self.store.set_user_locked_status(user_id, True)) - # Locked user appears in the filtered locked=true API + # Locked user should appear in list users API channel = self.make_request( "GET", self.url + "?locked=true", @@ -1163,7 +1163,7 @@ def test_filter_locked(self) -> None: self.assertIn(user_id, users) self.assertTrue(users[user_id]["locked"]) - # Locked user should not appear in the filtered locked=false API + # Locked user should not appear in list users API channel = self.make_request( "GET", self.url + "?locked=false", From 67173eafe5fe894bd752f9795b3e445fc4cc000d Mon Sep 17 00:00:00 2001 From: Hanadi Tamimi Date: Mon, 18 Sep 2023 15:01:24 +0200 Subject: [PATCH 4/5] docs: update admin api docs --- docs/admin_api/user_admin_api.md | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 975a7a0da4ab..349d1970fccb 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -54,7 +54,8 @@ It returns a JSON body like the following: "external_id": "" } ], - "user_type": null + "user_type": null, + "locked": false } ``` @@ -103,7 +104,8 @@ with a body of: ], "admin": false, "deactivated": false, - "user_type": null + "user_type": null, + "locked": false } ``` @@ -184,7 +186,8 @@ A response body like the following is returned: "shadow_banned": 0, "displayname": "", "avatar_url": null, - "creation_ts": 1560432668000 + "creation_ts": 1560432668000, + "locked": false }, { "name": "", "is_guest": 0, @@ -195,7 +198,8 @@ A response body like the following is returned: "shadow_banned": 0, "displayname": "", "avatar_url": "", - "creation_ts": 1561550621000 + "creation_ts": 1561550621000, + "locked": false } ], "next_token": "100", @@ -249,6 +253,8 @@ The following parameters should be set in the URL: - `not_user_type` - Exclude certain user types, such as bot users, from the request. Can be provided multiple times. Possible values are `bot`, `support` or "empty string". "empty string" here means to exclude users without a type. +- `locked` - string representing a bool - Is optional and if `true` will **include** locked users. + Defaults to `false` to exclude locked users. Note: Introduced in v1.93. Caution. The database only has indexes on the columns `name` and `creation_ts`. This means that if a different sort order is used (`is_guest`, `admin`, @@ -274,7 +280,7 @@ The following fields are returned in the JSON response body: - `avatar_url` - string - The user's avatar URL if they have set one. - `creation_ts` - integer - The user's creation timestamp in ms. - `last_seen_ts` - integer - The user's last activity timestamp in ms. - + - `locked` - bool - Status if that user has been marked as locked. - `next_token`: string representing a positive integer - Indication for pagination. See above. - `total` - integer - Total number of media. From 3588aa482dff2770e14d105dfa64418b3e927930 Mon Sep 17 00:00:00 2001 From: Hanadi Date: Mon, 18 Sep 2023 15:35:11 +0200 Subject: [PATCH 5/5] docs: wordings from code review Co-authored-by: David Robertson --- changelog.d/16328.feature | 2 +- docs/admin_api/user_admin_api.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/changelog.d/16328.feature b/changelog.d/16328.feature index 784a9e29dd00..9fadf766cc8c 100644 --- a/changelog.d/16328.feature +++ b/changelog.d/16328.feature @@ -1 +1 @@ -Enables filtering locked users in list users admin API. +Report whether a user is `locked` in the [List Accounts admin API](https://matrix-org.github.io/synapse/latest/admin_api/user_admin_api.html#list-accounts), and exclude locked users by default. diff --git a/docs/admin_api/user_admin_api.md b/docs/admin_api/user_admin_api.md index 349d1970fccb..f83facabe4d6 100644 --- a/docs/admin_api/user_admin_api.md +++ b/docs/admin_api/user_admin_api.md @@ -280,10 +280,11 @@ The following fields are returned in the JSON response body: - `avatar_url` - string - The user's avatar URL if they have set one. - `creation_ts` - integer - The user's creation timestamp in ms. - `last_seen_ts` - integer - The user's last activity timestamp in ms. - - `locked` - bool - Status if that user has been marked as locked. + - `locked` - bool - Status if that user has been marked as locked. Note: Introduced in v1.93. - `next_token`: string representing a positive integer - Indication for pagination. See above. - `total` - integer - Total number of media. +*Added in Synapse 1.93:* the `locked` query parameter and response field. ## Query current sessions for a user