From 6df2e8a7dc5818c6f5d35675cb3f1baf64c6e8b1 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 5 May 2020 15:50:06 +0100 Subject: [PATCH 1/5] Stop Auth methods from polling the config on every req. --- synapse/api/auth.py | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index c5d1eb952b20..44fb04ae4e9f 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -78,6 +78,16 @@ def __init__(self, hs): register_cache("cache", "token_cache", self.token_cache) self._account_validity = hs.config.account_validity + self._track_appservice_user_ips = self.hs.config.track_appservice_user_ips + self._macaroon_secret_key = self.hs.config.macaroon_secret_key + self._server_notices_mxid = self.hs.config.server_notices_mxid + self._hs_disabled = self.hs.config.hs_disabled + self._limit_usage_by_mau = self.hs.config.limit_usage_by_mau + self._hs_disabled_message = self.hs.config.hs_disabled_message + self._admin_contact = self.hs.config.admin_contact + self._limit_usage_by_mau = self.hs.config.limit_usage_by_mau + self._mau_limits_reserved_threepids = self.hs.config.mau_limits_reserved_threepids + self._max_mau_value = self.hs.config.max_mau_value @defer.inlineCallbacks def check_from_context(self, room_version: str, event, context, do_sig_check=True): @@ -191,7 +201,7 @@ def get_user_by_req( opentracing.set_tag("authenticated_entity", user_id) opentracing.set_tag("appservice_id", app_service.id) - if ip_addr and self.hs.config.track_appservice_user_ips: + if ip_addr and self._track_appservice_user_ips: yield self.store.insert_client_ip( user_id=user_id, access_token=access_token, @@ -454,7 +464,7 @@ def validate_macaroon(self, macaroon, type_string, user_id): # access_tokens include a nonce for uniqueness: any value is acceptable v.satisfy_general(lambda c: c.startswith("nonce = ")) - v.verify(macaroon, self.hs.config.macaroon_secret_key) + v.verify(macaroon, self._macaroon_secret_key) def _verify_expiry(self, caveat): prefix = "time < " @@ -685,20 +695,20 @@ def check_auth_blocking(self, user_id=None, threepid=None, user_type=None): # Never fail an auth check for the server notices users or support user # This can be a problem where event creation is prohibited due to blocking if user_id is not None: - if user_id == self.hs.config.server_notices_mxid: + if user_id == self._server_notices_mxid: return if (yield self.store.is_support_user(user_id)): return - if self.hs.config.hs_disabled: + if self._hs_disabled: raise ResourceLimitError( 403, - self.hs.config.hs_disabled_message, + self._hs_disabled_message, errcode=Codes.RESOURCE_LIMIT_EXCEEDED, - admin_contact=self.hs.config.admin_contact, + admin_contact=self._admin_contact, limit_type=LimitBlockingTypes.HS_DISABLED, ) - if self.hs.config.limit_usage_by_mau is True: + if self._limit_usage_by_mau is True: assert not (user_id and threepid) # If the user is already part of the MAU cohort or a trial user @@ -714,7 +724,7 @@ def check_auth_blocking(self, user_id=None, threepid=None, user_type=None): # If the user does not exist yet, but is signing up with a # reserved threepid then pass auth check if is_threepid_reserved( - self.hs.config.mau_limits_reserved_threepids, threepid + self._mau_limits_reserved_threepids, threepid ): return elif user_type == UserTypes.SUPPORT: @@ -723,11 +733,11 @@ def check_auth_blocking(self, user_id=None, threepid=None, user_type=None): return # Else if there is no room in the MAU bucket, bail current_mau = yield self.store.get_monthly_active_count() - if current_mau >= self.hs.config.max_mau_value: + if current_mau >= self._max_mau_value: raise ResourceLimitError( 403, "Monthly Active User Limit Exceeded", - admin_contact=self.hs.config.admin_contact, + admin_contact=self._admin_contact, errcode=Codes.RESOURCE_LIMIT_EXCEEDED, limit_type=LimitBlockingTypes.MONTHLY_ACTIVE_USER, ) From be68e62aca183c4d00b1a93ea5d92d5e0e11b8dc Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 5 May 2020 15:53:02 +0100 Subject: [PATCH 2/5] Changelog --- changelog.d/7420.misc | 1 + synapse/api/auth.py | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 changelog.d/7420.misc diff --git a/changelog.d/7420.misc b/changelog.d/7420.misc new file mode 100644 index 000000000000..e834a9163e35 --- /dev/null +++ b/changelog.d/7420.misc @@ -0,0 +1 @@ +Prevent methods in `synapse.handlers.auth` from polling the homeserver config every request. \ No newline at end of file diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 44fb04ae4e9f..8a0066068c39 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -86,7 +86,9 @@ def __init__(self, hs): self._hs_disabled_message = self.hs.config.hs_disabled_message self._admin_contact = self.hs.config.admin_contact self._limit_usage_by_mau = self.hs.config.limit_usage_by_mau - self._mau_limits_reserved_threepids = self.hs.config.mau_limits_reserved_threepids + self._mau_limits_reserved_threepids = ( + self.hs.config.mau_limits_reserved_threepids + ) self._max_mau_value = self.hs.config.max_mau_value @defer.inlineCallbacks @@ -723,9 +725,7 @@ def check_auth_blocking(self, user_id=None, threepid=None, user_type=None): elif threepid: # If the user does not exist yet, but is signing up with a # reserved threepid then pass auth check - if is_threepid_reserved( - self._mau_limits_reserved_threepids, threepid - ): + if is_threepid_reserved(self._mau_limits_reserved_threepids, threepid): return elif user_type == UserTypes.SUPPORT: # If the user does not exist yet and is of type "support", From a30ce7637f1201912fd64805ba038ac25b1779db Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 5 May 2020 16:35:31 +0100 Subject: [PATCH 3/5] Move check_auth_blocking to new class AuthBlocking --- synapse/api/auth.py | 81 ++------------------------ synapse/api/auth_blocking.py | 109 +++++++++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 76 deletions(-) create mode 100644 synapse/api/auth_blocking.py diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 8a0066068c39..3c62e7dc4404 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -15,6 +15,7 @@ import logging from typing import Optional +from synapse.api.auth_blocking import AuthBlocking from six import itervalues @@ -77,19 +78,11 @@ def __init__(self, hs): self.token_cache = LruCache(CACHE_SIZE_FACTOR * 10000) register_cache("cache", "token_cache", self.token_cache) + self._auth_blocking = AuthBlocking(hs) + self._account_validity = hs.config.account_validity self._track_appservice_user_ips = self.hs.config.track_appservice_user_ips self._macaroon_secret_key = self.hs.config.macaroon_secret_key - self._server_notices_mxid = self.hs.config.server_notices_mxid - self._hs_disabled = self.hs.config.hs_disabled - self._limit_usage_by_mau = self.hs.config.limit_usage_by_mau - self._hs_disabled_message = self.hs.config.hs_disabled_message - self._admin_contact = self.hs.config.admin_contact - self._limit_usage_by_mau = self.hs.config.limit_usage_by_mau - self._mau_limits_reserved_threepids = ( - self.hs.config.mau_limits_reserved_threepids - ) - self._max_mau_value = self.hs.config.max_mau_value @defer.inlineCallbacks def check_from_context(self, room_version: str, event, context, do_sig_check=True): @@ -675,69 +668,5 @@ def check_user_in_room_or_world_readable( % (user_id, room_id), ) - @defer.inlineCallbacks - def check_auth_blocking(self, user_id=None, threepid=None, user_type=None): - """Checks if the user should be rejected for some external reason, - such as monthly active user limiting or global disable flag - - Args: - user_id(str|None): If present, checks for presence against existing - MAU cohort - - threepid(dict|None): If present, checks for presence against configured - reserved threepid. Used in cases where the user is trying register - with a MAU blocked server, normally they would be rejected but their - threepid is on the reserved list. user_id and - threepid should never be set at the same time. - - user_type(str|None): If present, is used to decide whether to check against - certain blocking reasons like MAU. - """ - - # Never fail an auth check for the server notices users or support user - # This can be a problem where event creation is prohibited due to blocking - if user_id is not None: - if user_id == self._server_notices_mxid: - return - if (yield self.store.is_support_user(user_id)): - return - - if self._hs_disabled: - raise ResourceLimitError( - 403, - self._hs_disabled_message, - errcode=Codes.RESOURCE_LIMIT_EXCEEDED, - admin_contact=self._admin_contact, - limit_type=LimitBlockingTypes.HS_DISABLED, - ) - if self._limit_usage_by_mau is True: - assert not (user_id and threepid) - - # If the user is already part of the MAU cohort or a trial user - if user_id: - timestamp = yield self.store.user_last_seen_monthly_active(user_id) - if timestamp: - return - - is_trial = yield self.store.is_trial_user(user_id) - if is_trial: - return - elif threepid: - # If the user does not exist yet, but is signing up with a - # reserved threepid then pass auth check - if is_threepid_reserved(self._mau_limits_reserved_threepids, threepid): - return - elif user_type == UserTypes.SUPPORT: - # If the user does not exist yet and is of type "support", - # allow registration. Support users are excluded from MAU checks. - return - # Else if there is no room in the MAU bucket, bail - current_mau = yield self.store.get_monthly_active_count() - if current_mau >= self._max_mau_value: - raise ResourceLimitError( - 403, - "Monthly Active User Limit Exceeded", - admin_contact=self._admin_contact, - errcode=Codes.RESOURCE_LIMIT_EXCEEDED, - limit_type=LimitBlockingTypes.MONTHLY_ACTIVE_USER, - ) + def check_auth_blocking(self, *args, **kwargs): + return self._auth_blocking.check_auth_blocking(*args, **kwargs) diff --git a/synapse/api/auth_blocking.py b/synapse/api/auth_blocking.py new file mode 100644 index 000000000000..024e1b4fefff --- /dev/null +++ b/synapse/api/auth_blocking.py @@ -0,0 +1,109 @@ +# -*- coding: utf-8 -*- +# Copyright 2019 The Matrix.org Foundation C.I.C. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import logging + +from twisted.internet import defer + +from synapse.api.constants import LimitBlockingTypes, UserTypes +from synapse.api.errors import ( + Codes, + ResourceLimitError, +) +from synapse.config.server import is_threepid_reserved +from synapse.util.caches import CACHE_SIZE_FACTOR, register_cache +from synapse.util.caches.lrucache import LruCache + +logger = logging.getLogger(__name__) + + +class AuthBlocking(object): + def __init__(self, hs): + self.store = hs.get_datastore() + + self._server_notices_mxid = hs.config.server_notices_mxid + self._hs_disabled = hs.config.hs_disabled + self._limit_usage_by_mau = hs.config.limit_usage_by_mau + self._hs_disabled_message = hs.config.hs_disabled_message + self._admin_contact = hs.config.admin_contact + self._max_mau_value = hs.config.max_mau_value + self._mau_limits_reserved_threepids = hs.config.mau_limits_reserved_threepids + + @defer.inlineCallbacks + def check_auth_blocking(self, user_id=None, threepid=None, user_type=None): + """Checks if the user should be rejected for some external reason, + such as monthly active user limiting or global disable flag + + Args: + user_id(str|None): If present, checks for presence against existing + MAU cohort + + threepid(dict|None): If present, checks for presence against configured + reserved threepid. Used in cases where the user is trying register + with a MAU blocked server, normally they would be rejected but their + threepid is on the reserved list. user_id and + threepid should never be set at the same time. + + user_type(str|None): If present, is used to decide whether to check against + certain blocking reasons like MAU. + """ + + # Never fail an auth check for the server notices users or support user + # This can be a problem where event creation is prohibited due to blocking + if user_id is not None: + if user_id == self._server_notices_mxid: + return + if (yield self.store.is_support_user(user_id)): + return + + if self._hs_disabled: + raise ResourceLimitError( + 403, + self._hs_disabled_message, + errcode=Codes.RESOURCE_LIMIT_EXCEEDED, + admin_contact=self._admin_contact, + limit_type=LimitBlockingTypes.HS_DISABLED, + ) + if self._limit_usage_by_mau is True: + assert not (user_id and threepid) + + # If the user is already part of the MAU cohort or a trial user + if user_id: + timestamp = yield self.store.user_last_seen_monthly_active(user_id) + if timestamp: + return + + is_trial = yield self.store.is_trial_user(user_id) + if is_trial: + return + elif threepid: + # If the user does not exist yet, but is signing up with a + # reserved threepid then pass auth check + if is_threepid_reserved(self._mau_limits_reserved_threepids, threepid): + return + elif user_type == UserTypes.SUPPORT: + # If the user does not exist yet and is of type "support", + # allow registration. Support users are excluded from MAU checks. + return + # Else if there is no room in the MAU bucket, bail + current_mau = yield self.store.get_monthly_active_count() + if current_mau >= self._max_mau_value: + raise ResourceLimitError( + 403, + "Monthly Active User Limit Exceeded", + admin_contact=self._admin_contact, + errcode=Codes.RESOURCE_LIMIT_EXCEEDED, + limit_type=LimitBlockingTypes.MONTHLY_ACTIVE_USER, + ) From 55e8e1833a86776b46d73c33be8ecef5653c6dfa Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 5 May 2020 16:36:52 +0100 Subject: [PATCH 4/5] Wait it's 2020 --- synapse/api/auth.py | 6 ++---- synapse/api/auth_blocking.py | 9 ++------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 3c62e7dc4404..154750f1f87d 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -15,7 +15,6 @@ import logging from typing import Optional -from synapse.api.auth_blocking import AuthBlocking from six import itervalues @@ -27,16 +26,15 @@ import synapse.logging.opentracing as opentracing import synapse.types from synapse import event_auth -from synapse.api.constants import EventTypes, LimitBlockingTypes, Membership, UserTypes +from synapse.api.auth_blocking import AuthBlocking +from synapse.api.constants import EventTypes, Membership from synapse.api.errors import ( AuthError, Codes, InvalidClientTokenError, MissingClientTokenError, - ResourceLimitError, ) from synapse.api.room_versions import KNOWN_ROOM_VERSIONS -from synapse.config.server import is_threepid_reserved from synapse.events import EventBase from synapse.types import StateMap, UserID from synapse.util.caches import CACHE_SIZE_FACTOR, register_cache diff --git a/synapse/api/auth_blocking.py b/synapse/api/auth_blocking.py index 024e1b4fefff..830195a5bf96 100644 --- a/synapse/api/auth_blocking.py +++ b/synapse/api/auth_blocking.py @@ -1,5 +1,5 @@ # -*- coding: utf-8 -*- -# Copyright 2019 The Matrix.org Foundation C.I.C. +# Copyright 2020 The Matrix.org Foundation C.I.C. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,13 +18,8 @@ from twisted.internet import defer from synapse.api.constants import LimitBlockingTypes, UserTypes -from synapse.api.errors import ( - Codes, - ResourceLimitError, -) +from synapse.api.errors import Codes, ResourceLimitError from synapse.config.server import is_threepid_reserved -from synapse.util.caches import CACHE_SIZE_FACTOR, register_cache -from synapse.util.caches.lrucache import LruCache logger = logging.getLogger(__name__) From a7ae92900cd50ca38d05def2c7d79e27d2abdd57 Mon Sep 17 00:00:00 2001 From: Andrew Morgan Date: Tue, 5 May 2020 17:23:37 +0100 Subject: [PATCH 5/5] Fix tests to modify hs' AuthBlocking config instead of hs' config --- synapse/api/auth.py | 6 +++--- synapse/api/auth_blocking.py | 2 +- tests/api/test_auth.py | 36 ++++++++++++++++++++---------------- tests/handlers/test_auth.py | 23 ++++++++++++++--------- tests/handlers/test_sync.py | 13 ++++++++----- tests/test_mau.py | 14 +++++++++++--- 6 files changed, 57 insertions(+), 37 deletions(-) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 154750f1f87d..1ad5ff9410ab 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -76,11 +76,11 @@ def __init__(self, hs): self.token_cache = LruCache(CACHE_SIZE_FACTOR * 10000) register_cache("cache", "token_cache", self.token_cache) - self._auth_blocking = AuthBlocking(hs) + self._auth_blocking = AuthBlocking(self.hs) self._account_validity = hs.config.account_validity - self._track_appservice_user_ips = self.hs.config.track_appservice_user_ips - self._macaroon_secret_key = self.hs.config.macaroon_secret_key + self._track_appservice_user_ips = hs.config.track_appservice_user_ips + self._macaroon_secret_key = hs.config.macaroon_secret_key @defer.inlineCallbacks def check_from_context(self, room_version: str, event, context, do_sig_check=True): diff --git a/synapse/api/auth_blocking.py b/synapse/api/auth_blocking.py index 830195a5bf96..5c499b6b4e66 100644 --- a/synapse/api/auth_blocking.py +++ b/synapse/api/auth_blocking.py @@ -30,10 +30,10 @@ def __init__(self, hs): self._server_notices_mxid = hs.config.server_notices_mxid self._hs_disabled = hs.config.hs_disabled - self._limit_usage_by_mau = hs.config.limit_usage_by_mau self._hs_disabled_message = hs.config.hs_disabled_message self._admin_contact = hs.config.admin_contact self._max_mau_value = hs.config.max_mau_value + self._limit_usage_by_mau = hs.config.limit_usage_by_mau self._mau_limits_reserved_threepids = hs.config.mau_limits_reserved_threepids @defer.inlineCallbacks diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py index cc0b10e7f628..0bfb86bf1f6d 100644 --- a/tests/api/test_auth.py +++ b/tests/api/test_auth.py @@ -52,6 +52,10 @@ def setUp(self): self.hs.handlers = TestHandlers(self.hs) self.auth = Auth(self.hs) + # AuthBlocking reads from the hs' config on initialization. We need to + # modify its config instead of the hs' + self.auth_blocking = self.auth._auth_blocking + self.test_user = "@foo:bar" self.test_token = b"_test_token_" @@ -321,15 +325,15 @@ def get_user(tok): @defer.inlineCallbacks def test_blocking_mau(self): - self.hs.config.limit_usage_by_mau = False - self.hs.config.max_mau_value = 50 + self.auth_blocking._limit_usage_by_mau = False + self.auth_blocking._max_mau_value = 50 lots_of_users = 100 small_number_of_users = 1 # Ensure no error thrown yield defer.ensureDeferred(self.auth.check_auth_blocking()) - self.hs.config.limit_usage_by_mau = True + self.auth_blocking._limit_usage_by_mau = True self.store.get_monthly_active_count = Mock( return_value=defer.succeed(lots_of_users) @@ -349,8 +353,8 @@ def test_blocking_mau(self): @defer.inlineCallbacks def test_blocking_mau__depending_on_user_type(self): - self.hs.config.max_mau_value = 50 - self.hs.config.limit_usage_by_mau = True + self.auth_blocking._max_mau_value = 50 + self.auth_blocking._limit_usage_by_mau = True self.store.get_monthly_active_count = Mock(return_value=defer.succeed(100)) # Support users allowed @@ -370,12 +374,12 @@ def test_blocking_mau__depending_on_user_type(self): @defer.inlineCallbacks def test_reserved_threepid(self): - self.hs.config.limit_usage_by_mau = True - self.hs.config.max_mau_value = 1 + self.auth_blocking._limit_usage_by_mau = True + self.auth_blocking._max_mau_value = 1 self.store.get_monthly_active_count = lambda: defer.succeed(2) threepid = {"medium": "email", "address": "reserved@server.com"} unknown_threepid = {"medium": "email", "address": "unreserved@server.com"} - self.hs.config.mau_limits_reserved_threepids = [threepid] + self.auth_blocking._mau_limits_reserved_threepids = [threepid] with self.assertRaises(ResourceLimitError): yield defer.ensureDeferred(self.auth.check_auth_blocking()) @@ -389,8 +393,8 @@ def test_reserved_threepid(self): @defer.inlineCallbacks def test_hs_disabled(self): - self.hs.config.hs_disabled = True - self.hs.config.hs_disabled_message = "Reason for being disabled" + self.auth_blocking._hs_disabled = True + self.auth_blocking._hs_disabled_message = "Reason for being disabled" with self.assertRaises(ResourceLimitError) as e: yield defer.ensureDeferred(self.auth.check_auth_blocking()) self.assertEquals(e.exception.admin_contact, self.hs.config.admin_contact) @@ -404,10 +408,10 @@ def test_hs_disabled_no_server_notices_user(self): """ # this should be the default, but we had a bug where the test was doing the wrong # thing, so let's make it explicit - self.hs.config.server_notices_mxid = None + self.auth_blocking._server_notices_mxid = None - self.hs.config.hs_disabled = True - self.hs.config.hs_disabled_message = "Reason for being disabled" + self.auth_blocking._hs_disabled = True + self.auth_blocking._hs_disabled_message = "Reason for being disabled" with self.assertRaises(ResourceLimitError) as e: yield defer.ensureDeferred(self.auth.check_auth_blocking()) self.assertEquals(e.exception.admin_contact, self.hs.config.admin_contact) @@ -416,8 +420,8 @@ def test_hs_disabled_no_server_notices_user(self): @defer.inlineCallbacks def test_server_notices_mxid_special_cased(self): - self.hs.config.hs_disabled = True + self.auth_blocking._hs_disabled = True user = "@user:server" - self.hs.config.server_notices_mxid = user - self.hs.config.hs_disabled_message = "Reason for being disabled" + self.auth_blocking._server_notices_mxid = user + self.auth_blocking._hs_disabled_message = "Reason for being disabled" yield defer.ensureDeferred(self.auth.check_auth_blocking(user)) diff --git a/tests/handlers/test_auth.py b/tests/handlers/test_auth.py index 52c4ac8b11d2..c01b04e1dcad 100644 --- a/tests/handlers/test_auth.py +++ b/tests/handlers/test_auth.py @@ -39,8 +39,13 @@ def setUp(self): self.hs.handlers = AuthHandlers(self.hs) self.auth_handler = self.hs.handlers.auth_handler self.macaroon_generator = self.hs.get_macaroon_generator() + # MAU tests - self.hs.config.max_mau_value = 50 + # AuthBlocking reads from the hs' config on initialization. We need to + # modify its config instead of the hs' + self.auth_blocking = self.hs.get_auth()._auth_blocking + self.auth_blocking._max_mau_value = 50 + self.small_number_of_users = 1 self.large_number_of_users = 100 @@ -119,7 +124,7 @@ def test_short_term_login_token_cannot_replace_user_id(self): @defer.inlineCallbacks def test_mau_limits_disabled(self): - self.hs.config.limit_usage_by_mau = False + self.auth_blocking._limit_usage_by_mau = False # Ensure does not throw exception yield defer.ensureDeferred( self.auth_handler.get_access_token_for_user_id( @@ -135,7 +140,7 @@ def test_mau_limits_disabled(self): @defer.inlineCallbacks def test_mau_limits_exceeded_large(self): - self.hs.config.limit_usage_by_mau = True + self.auth_blocking._limit_usage_by_mau = True self.hs.get_datastore().get_monthly_active_count = Mock( return_value=defer.succeed(self.large_number_of_users) ) @@ -159,11 +164,11 @@ def test_mau_limits_exceeded_large(self): @defer.inlineCallbacks def test_mau_limits_parity(self): - self.hs.config.limit_usage_by_mau = True + self.auth_blocking._limit_usage_by_mau = True # If not in monthly active cohort self.hs.get_datastore().get_monthly_active_count = Mock( - return_value=defer.succeed(self.hs.config.max_mau_value) + return_value=defer.succeed(self.auth_blocking._max_mau_value) ) with self.assertRaises(ResourceLimitError): yield defer.ensureDeferred( @@ -173,7 +178,7 @@ def test_mau_limits_parity(self): ) self.hs.get_datastore().get_monthly_active_count = Mock( - return_value=defer.succeed(self.hs.config.max_mau_value) + return_value=defer.succeed(self.auth_blocking._max_mau_value) ) with self.assertRaises(ResourceLimitError): yield defer.ensureDeferred( @@ -186,7 +191,7 @@ def test_mau_limits_parity(self): return_value=defer.succeed(self.hs.get_clock().time_msec()) ) self.hs.get_datastore().get_monthly_active_count = Mock( - return_value=defer.succeed(self.hs.config.max_mau_value) + return_value=defer.succeed(self.auth_blocking._max_mau_value) ) yield defer.ensureDeferred( self.auth_handler.get_access_token_for_user_id( @@ -197,7 +202,7 @@ def test_mau_limits_parity(self): return_value=defer.succeed(self.hs.get_clock().time_msec()) ) self.hs.get_datastore().get_monthly_active_count = Mock( - return_value=defer.succeed(self.hs.config.max_mau_value) + return_value=defer.succeed(self.auth_blocking._max_mau_value) ) yield defer.ensureDeferred( self.auth_handler.validate_short_term_login_token_and_get_user_id( @@ -207,7 +212,7 @@ def test_mau_limits_parity(self): @defer.inlineCallbacks def test_mau_limits_not_exceeded(self): - self.hs.config.limit_usage_by_mau = True + self.auth_blocking._limit_usage_by_mau = True self.hs.get_datastore().get_monthly_active_count = Mock( return_value=defer.succeed(self.small_number_of_users) diff --git a/tests/handlers/test_sync.py b/tests/handlers/test_sync.py index 4cbe9784ed26..e178d7765b3b 100644 --- a/tests/handlers/test_sync.py +++ b/tests/handlers/test_sync.py @@ -30,28 +30,31 @@ def prepare(self, reactor, clock, hs): self.sync_handler = self.hs.get_sync_handler() self.store = self.hs.get_datastore() - def test_wait_for_sync_for_user_auth_blocking(self): + # AuthBlocking reads from the hs' config on initialization. We need to + # modify its config instead of the hs' + self.auth_blocking = self.hs.get_auth()._auth_blocking + def test_wait_for_sync_for_user_auth_blocking(self): user_id1 = "@user1:test" user_id2 = "@user2:test" sync_config = self._generate_sync_config(user_id1) self.reactor.advance(100) # So we get not 0 time - self.hs.config.limit_usage_by_mau = True - self.hs.config.max_mau_value = 1 + self.auth_blocking._limit_usage_by_mau = True + self.auth_blocking._max_mau_value = 1 # Check that the happy case does not throw errors self.get_success(self.store.upsert_monthly_active_user(user_id1)) self.get_success(self.sync_handler.wait_for_sync_for_user(sync_config)) # Test that global lock works - self.hs.config.hs_disabled = True + self.auth_blocking._hs_disabled = True e = self.get_failure( self.sync_handler.wait_for_sync_for_user(sync_config), ResourceLimitError ) self.assertEquals(e.value.errcode, Codes.RESOURCE_LIMIT_EXCEEDED) - self.hs.config.hs_disabled = False + self.auth_blocking._hs_disabled = False sync_config = self._generate_sync_config(user_id2) diff --git a/tests/test_mau.py b/tests/test_mau.py index 1fbe0d51fffc..eb159e3ba52b 100644 --- a/tests/test_mau.py +++ b/tests/test_mau.py @@ -19,6 +19,7 @@ from mock import Mock +from synapse.api.auth_blocking import AuthBlocking from synapse.api.constants import LoginType from synapse.api.errors import Codes, HttpResponseException, SynapseError from synapse.rest.client.v2_alpha import register, sync @@ -45,11 +46,17 @@ def make_homeserver(self, reactor, clock): self.hs.config.limit_usage_by_mau = True self.hs.config.hs_disabled = False self.hs.config.max_mau_value = 2 - self.hs.config.mau_trial_days = 0 self.hs.config.server_notices_mxid = "@server:red" self.hs.config.server_notices_mxid_display_name = None self.hs.config.server_notices_mxid_avatar_url = None self.hs.config.server_notices_room_name = "Test Server Notice Room" + self.hs.config.mau_trial_days = 0 + + # AuthBlocking reads config options during hs creation. Recreate the + # hs' copy of AuthBlocking after we've updated config values above + self.auth_blocking = AuthBlocking(self.hs) + self.hs.get_auth()._auth_blocking = self.auth_blocking + return self.hs def test_simple_deny_mau(self): @@ -121,6 +128,7 @@ def test_trial_delay(self): self.assertEqual(e.errcode, Codes.RESOURCE_LIMIT_EXCEEDED) def test_trial_users_cant_come_back(self): + self.auth_blocking._mau_trial_days = 1 self.hs.config.mau_trial_days = 1 # We should be able to register more than the limit initially @@ -169,8 +177,8 @@ def test_trial_users_cant_come_back(self): self.assertEqual(e.errcode, Codes.RESOURCE_LIMIT_EXCEEDED) def test_tracked_but_not_limited(self): - self.hs.config.max_mau_value = 1 # should not matter - self.hs.config.limit_usage_by_mau = False + self.auth_blocking._max_mau_value = 1 # should not matter + self.auth_blocking._limit_usage_by_mau = False self.hs.config.mau_stats_only = True # Simply being able to create 2 users indicates that the