Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add a config option to block all room invites #2457

Merged
merged 3 commits into from
Sep 19, 2017
Merged

Add a config option to block all room invites #2457

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b2cea1f
Add a config option to block all room invites
richvdh Sep 19, 2017
60661ab
Fix up the tests
richvdh Sep 19, 2017
aad78bc
unbackslashify
richvdh Sep 19, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions synapse/api/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -519,6 +519,14 @@ def get_appservice_by_req(self, request):
)

def is_server_admin(self, user):
""" Check if the given user is a local server admin.

Args:
user (str): mxid of user to check

Returns:
bool: True if the user is an admin
"""
return self.store.is_server_admin(user)

@defer.inlineCallbacks
Expand Down
10 changes: 10 additions & 0 deletions synapse/config/server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,12 @@ def read_config(self, config):

self.filter_timeline_limit = config.get("filter_timeline_limit", -1)

# Whether we should block invites sent to users on this server
# (other than those sent by local server admins)
self.block_non_admin_invites = config.get(
"block_non_admin_invites", False,
)

if self.public_baseurl is not None:
if self.public_baseurl[-1] != '/':
self.public_baseurl += '/'
Expand Down Expand Up @@ -194,6 +200,10 @@ def default_config(self, server_name, **kwargs):
# and sync operations. The default value is -1, means no upper limit.
# filter_timeline_limit: 5000

# Whether room invites to users on this server should be blocked
# (except those sent by local server admins). The default is False.
# block_non_admin_invites: True

# List of ports that Synapse should listen on, their purpose and their
# configuration.
listeners:
Expand Down
3 changes: 3 additions & 0 deletions synapse/handlers/federation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1074,6 +1074,9 @@ def on_invite_request(self, origin, pdu):
if is_blocked:
raise SynapseError(403, "This room has been blocked on this server")

if self.hs.config.block_non_admin_invites:
raise SynapseError(403, "This server does not accept room invites")

membership = event.content.get("membership")
if event.type != EventTypes.Member or membership != Membership.INVITE:
raise SynapseError(400, "The event was not an m.room.member invite event")
Expand Down
22 changes: 22 additions & 0 deletions synapse/handlers/room_member.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,8 @@ def _update_membership(
if action in ["kick", "unban"]:
effective_membership_state = "leave"

# if this is a join with a 3pid signature, we may need to turn a 3pid
# invite into a normal invite before we can handle the join.
if third_party_signed is not None:
replication = self.hs.get_replication_layer()
yield replication.exchange_third_party_invite(
Expand All @@ -208,6 +210,16 @@ def _update_membership(
if is_blocked:
raise SynapseError(403, "This room has been blocked on this server")

if (effective_membership_state == "invite" and
self.hs.config.block_non_admin_invites):
is_requester_admin = yield self.auth.is_server_admin(
requester.user,
)
if not is_requester_admin:
raise SynapseError(
403, "Invites have been disabled on this server",
)

latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
current_state_ids = yield self.state_handler.get_current_state_ids(
room_id, latest_event_ids=latest_event_ids,
Expand Down Expand Up @@ -471,6 +483,16 @@ def do_3pid_invite(
requester,
txn_id
):
if self.hs.config.block_non_admin_invites:
is_requester_admin = yield self.auth.is_server_admin(
requester.user,
)
if not is_requester_admin:
raise SynapseError(
403, "Invites have been disabled on this server",
Codes.FORBIDDEN,
)

invitee = yield self._lookup_3pid(
id_server, medium, address
)
Expand Down
1 change: 1 addition & 0 deletions tests/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ def setup_test_homeserver(name="test", datastore=None, config=None, **kargs):
config.worker_replication_url = ""
config.worker_app = None
config.email_enable_notifs = False
config.block_non_admin_invites = False

config.use_frozen_dicts = True
config.database_config = {"name": "sqlite3"}
Expand Down