Home Explore Help
Sign In
RISCI_ATOM
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Files Issues 3 Wiki
Browse Source

Add a config option to block all room invites (#2457)

- allows sysadmins the ability to lock down their servers so that people can't
send their users room invites.
Richard van der Hoff 6 years ago
parent
2eabdf3f98
commit
aa620d09a0
5 changed files with 44 additions and 0 deletions
Split View Show Diff Stats
  1. 8 0
      synapse/api/auth.py
  2. 10 0
      synapse/config/server.py
  3. 3 0
      synapse/handlers/federation.py
  4. 22 0
      synapse/handlers/room_member.py
  5. 1 0
      tests/utils.py

+ 8 - 0
synapse/api/auth.py
View File 

@@ -519,6 +519,14 @@ class Auth(object):
 
             )
 
 
     def is_server_admin(self, user):
 
+        """ Check if the given user is a local server admin.
 
+
 
+        Args:
 
+            user (str): mxid of user to check
 
+
 
+        Returns:
 
+            bool: True if the user is an admin
 
+        """
 
         return self.store.is_server_admin(user)
 
 
     @defer.inlineCallbacks

+ 10 - 0
synapse/config/server.py
View File 

@@ -43,6 +43,12 @@ class ServerConfig(Config):
 
 
         self.filter_timeline_limit = config.get("filter_timeline_limit", -1)
 
 
+        # Whether we should block invites sent to users on this server
 
+        # (other than those sent by local server admins)
 
+        self.block_non_admin_invites = config.get(
 
+            "block_non_admin_invites", False,
 
+        )
 
+
 
         if self.public_baseurl is not None:
 
             if self.public_baseurl[-1] != '/':
 
                 self.public_baseurl += '/'
 
@@ -194,6 +200,10 @@ class ServerConfig(Config):
 
         # and sync operations. The default value is -1, means no upper limit.
 
         # filter_timeline_limit: 5000
 
 
+        # Whether room invites to users on this server should be blocked
 
+        # (except those sent by local server admins). The default is False.
 
+        # block_non_admin_invites: True
 
+
 
         # List of ports that Synapse should listen on, their purpose and their
 
         # configuration.
 
         listeners:

+ 3 - 0
synapse/handlers/federation.py
View File 

@@ -1074,6 +1074,9 @@ class FederationHandler(BaseHandler):
 
         if is_blocked:
 
             raise SynapseError(403, "This room has been blocked on this server")
 
 
+        if self.hs.config.block_non_admin_invites:
 
+            raise SynapseError(403, "This server does not accept room invites")
 
+
 
         membership = event.content.get("membership")
 
         if event.type != EventTypes.Member or membership != Membership.INVITE:
 
             raise SynapseError(400, "The event was not an m.room.member invite event")

+ 22 - 0
synapse/handlers/room_member.py
View File 

@@ -191,6 +191,8 @@ class RoomMemberHandler(BaseHandler):
 
         if action in ["kick", "unban"]:
 
             effective_membership_state = "leave"
 
 
+        # if this is a join with a 3pid signature, we may need to turn a 3pid
 
+        # invite into a normal invite before we can handle the join.
 
         if third_party_signed is not None:
 
             replication = self.hs.get_replication_layer()
 
             yield replication.exchange_third_party_invite(
 
@@ -208,6 +210,16 @@ class RoomMemberHandler(BaseHandler):
 
             if is_blocked:
 
                 raise SynapseError(403, "This room has been blocked on this server")
 
 
+        if (effective_membership_state == "invite" and
 
+                self.hs.config.block_non_admin_invites):
 
+            is_requester_admin = yield self.auth.is_server_admin(
 
+                requester.user,
 
+            )
 
+            if not is_requester_admin:
 
+                raise SynapseError(
 
+                    403, "Invites have been disabled on this server",
 
+                )
 
+
 
         latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
 
         current_state_ids = yield self.state_handler.get_current_state_ids(
 
             room_id, latest_event_ids=latest_event_ids,
 
@@ -471,6 +483,16 @@ class RoomMemberHandler(BaseHandler):
 
             requester,
 
             txn_id
 
     ):
 
+        if self.hs.config.block_non_admin_invites:
 
+            is_requester_admin = yield self.auth.is_server_admin(
 
+                requester.user,
 
+            )
 
+            if not is_requester_admin:
 
+                raise SynapseError(
 
+                    403, "Invites have been disabled on this server",
 
+                    Codes.FORBIDDEN,
 
+                )
 
+
 
         invitee = yield self._lookup_3pid(
 
             id_server, medium, address
 
         )

+ 1 - 0
tests/utils.py
View File 

@@ -56,6 +56,7 @@ def setup_test_homeserver(name="test", datastore=None, config=None, **kargs):
 
         config.worker_replication_url = ""
 
         config.worker_app = None
 
         config.email_enable_notifs = False
 
+        config.block_non_admin_invites = False
 
 
     config.use_frozen_dicts = True
 
     config.database_config = {"name": "sqlite3"}