Apply an IP range blacklist to push and key revocation requests. (#8821)

Replaces the `federation_ip_range_blacklist` configuration setting with an `ip_range_blacklist` setting with wider scope. It now applies to: * Federation * Identity servers * Push notifications * Checking key validitity for third-party invite events The old `federation_ip_range_blacklist` setting is still honored if present, but with reduced scope (it only applies to federation and identity servers).
2025-06-20 02:54:08 -04:00 · 2020-12-02 11:09:24 -05:00 · 2020-12-02 11:09:24 -05:00 · 30fba62108
commit 30fba62108
parent c5b6abd53d
43 changed files with 175 additions and 114 deletions
--- a/tests/replication/test_pusher_shard.py
+++ b/tests/replication/test_pusher_shard.py
@ -98,7 +98,7 @@ class PusherShardTestCase(BaseMultiWorkerStreamTestCase):
        self.make_worker_hs(
            "synapse.app.pusher",
            {"start_pushers": True},
-            proxied_http_client=http_client_mock,
+            proxied_blacklisted_http_client=http_client_mock,
        )

        event_id = self._create_pusher_and_send_msg("user")
@ -133,7 +133,7 @@ class PusherShardTestCase(BaseMultiWorkerStreamTestCase):
                "worker_name": "pusher1",
                "pusher_instances": ["pusher1", "pusher2"],
            },
-            proxied_http_client=http_client_mock1,
+            proxied_blacklisted_http_client=http_client_mock1,
        )

        http_client_mock2 = Mock(spec_set=["post_json_get_json"])
@ -148,7 +148,7 @@ class PusherShardTestCase(BaseMultiWorkerStreamTestCase):
                "worker_name": "pusher2",
                "pusher_instances": ["pusher1", "pusher2"],
            },
-            proxied_http_client=http_client_mock2,
+            proxied_blacklisted_http_client=http_client_mock2,
        )

        # We choose a user name that we know should go to pusher1.