Allow guest users to join and message rooms

2024-10-01 11:49:51 -04:00 · 2015-11-10 16:57:13 +00:00 · 2015-11-10 16:57:13 +00:00 · 38d82edf0e
commit 38d82edf0e
parent 82e8a2d763
7 changed files with 92 additions and 12 deletions
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@ -68,6 +68,7 @@ class EventTypes(object):
    RoomHistoryVisibility = "m.room.history_visibility"
    CanonicalAlias = "m.room.canonical_alias"
    RoomAvatar = "m.room.avatar"
+    GuestAccess = "m.room.guest_access"

    # These are used for validation
    Message = "m.room.message"
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@ -175,6 +175,8 @@ class BaseHandler(object):
        if not suppress_auth:
            self.auth.check(event, auth_events=context.current_state)

+        yield self.maybe_kick_guest_users(event, context.current_state.values())
+
        if event.type == EventTypes.CanonicalAlias:
            # Check the alias is acually valid (at this time at least)
            room_alias_str = event.content.get("alias", None)
@ -282,3 +284,58 @@ class BaseHandler(object):
        federation_handler.handle_new_event(
            event, destinations=destinations,
        )
+
+    @defer.inlineCallbacks
+    def maybe_kick_guest_users(self, event, current_state):
+        # Technically this function invalidates current_state by changing it.
+        # Hopefully this isn't that important to the caller.
+        if event.type == EventTypes.GuestAccess:
+            guest_access = event.content.get("guest_access", "forbidden")
+            if guest_access != "can_join":
+                yield self.kick_guest_users(current_state)
+
+    @defer.inlineCallbacks
+    def kick_guest_users(self, current_state):
+        for member_event in current_state:
+            try:
+                if member_event.type != EventTypes.Member:
+                    continue
+
+                if not self.hs.is_mine(UserID.from_string(member_event.state_key)):
+                    continue
+
+                if member_event.content["membership"] not in {
+                    Membership.JOIN,
+                    Membership.INVITE
+                }:
+                    continue
+
+                if (
+                    "kind" not in member_event.content
+                    or member_event.content["kind"] != "guest"
+                ):
+                    continue
+
+                # We make the user choose to leave, rather than have the
+                # event-sender kick them. This is partially because we don't
+                # need to worry about power levels, and partially because guest
+                # users are a concept which doesn't hugely work over federation,
+                # and having homeservers have their own users leave keeps more
+                # of that decision-making and control local to the guest-having
+                # homeserver.
+                message_handler = self.hs.get_handlers().message_handler
+                yield message_handler.create_and_send_event(
+                    {
+                        "type": EventTypes.Member,
+                        "state_key": member_event.state_key,
+                        "content": {
+                            "membership": Membership.LEAVE,
+                            "kind": "guest"
+                        },
+                        "room_id": member_event.room_id,
+                        "sender": member_event.state_key
+                    },
+                    ratelimit=False,
+                )
+            except Exception as e:
+                logger.warn("Error kicking guest user: %s" % (e,))
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -1097,8 +1097,6 @@ class FederationHandler(BaseHandler):
        context = yield self._prep_event(
            origin, event,
            state=state,
-            backfilled=backfilled,
-            current_state=current_state,
            auth_events=auth_events,
        )

@ -1121,7 +1119,6 @@ class FederationHandler(BaseHandler):
                    origin,
                    ev_info["event"],
                    state=ev_info.get("state"),
-                    backfilled=backfilled,
                    auth_events=ev_info.get("auth_events"),
                )
                for ev_info in event_infos
@ -1208,8 +1205,7 @@ class FederationHandler(BaseHandler):
        defer.returnValue((event_stream_id, max_stream_id))

    @defer.inlineCallbacks
-    def _prep_event(self, origin, event, state=None, backfilled=False,
-                    current_state=None, auth_events=None):
+    def _prep_event(self, origin, event, state=None, auth_events=None):
        outlier = event.internal_metadata.is_outlier()

        context = yield self.state_handler.compute_event_context(
@ -1242,6 +1238,10 @@ class FederationHandler(BaseHandler):

            context.rejected = RejectedReason.AUTH_ERROR

+        if event.type == EventTypes.GuestAccess:
+            full_context = yield self.store.get_current_state(room_id=event.room_id)
+            yield self.maybe_kick_guest_users(event, full_context)
+
        defer.returnValue(context)

    @defer.inlineCallbacks
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@ -167,7 +167,7 @@ class MessageHandler(BaseHandler):

    @defer.inlineCallbacks
    def create_and_send_event(self, event_dict, ratelimit=True,
-                              token_id=None, txn_id=None):
+                              token_id=None, txn_id=None, is_guest=False):
        """ Given a dict from a client, create and handle a new event.

        Creates an FrozenEvent object, filling out auth_events, prev_events,
@ -213,7 +213,7 @@ class MessageHandler(BaseHandler):

        if event.type == EventTypes.Member:
            member_handler = self.hs.get_handlers().room_member_handler
-            yield member_handler.change_membership(event, context)
+            yield member_handler.change_membership(event, context, is_guest=is_guest)
        else:
            yield self.handle_new_client_event(
                event=event,
--- a/synapse/handlers/presence.py
+++ b/synapse/handlers/presence.py
@ -950,6 +950,7 @@ class PresenceHandler(BaseHandler):
                )
                while len(self._remote_offline_serials) > MAX_OFFLINE_SERIALS:
                    self._remote_offline_serials.pop()  # remove the oldest
+                if user in self._user_cachemap:
                    del self._user_cachemap[user]
            else:
                # Remove the user from remote_offline_serials now that they're
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@ -369,7 +369,7 @@ class RoomMemberHandler(BaseHandler):
                    remotedomains.add(member.domain)

    @defer.inlineCallbacks
-    def change_membership(self, event, context, do_auth=True):
+    def change_membership(self, event, context, do_auth=True, is_guest=False):
        """ Change the membership status of a user in a room.

        Args:
@ -390,6 +390,20 @@ class RoomMemberHandler(BaseHandler):
        # if this HS is not currently in the room, i.e. we have to do the
        # invite/join dance.
        if event.membership == Membership.JOIN:
+            if is_guest:
+                guest_access = context.current_state.get(
+                    (EventTypes.GuestAccess, ""),
+                    None
+                )
+                is_guest_access_allowed = (
+                    guest_access
+                    and guest_access.content
+                    and "guest_access" in guest_access.content
+                    and guest_access.content["guest_access"] == "can_join"
+                )
+                if not is_guest_access_allowed:
+                    raise AuthError(403, "Guest access not allowed")
+
            yield self._do_join(event, context, do_auth=do_auth)
        else:
            if event.membership == Membership.LEAVE:
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@ -175,7 +175,7 @@ class RoomSendEventRestServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_POST(self, request, room_id, event_type, txn_id=None):
-        user, token_id, _ = yield self.auth.get_user_by_req(request)
+        user, token_id, _ = yield self.auth.get_user_by_req(request, allow_guest=True)
        content = _parse_json(request)

        msg_handler = self.handlers.message_handler
@ -220,7 +220,10 @@ class JoinRoomAliasServlet(ClientV1RestServlet):

    @defer.inlineCallbacks
    def on_POST(self, request, room_identifier, txn_id=None):
-        user, token_id, _ = yield self.auth.get_user_by_req(request)
+        user, token_id, is_guest = yield self.auth.get_user_by_req(
+            request,
+            allow_guest=True
+        )

        # the identifier could be a room alias or a room id. Try one then the
        # other if it fails to parse, without swallowing other valid
@ -242,16 +245,20 @@ class JoinRoomAliasServlet(ClientV1RestServlet):
            defer.returnValue((200, ret_dict))
        else:  # room id
            msg_handler = self.handlers.message_handler
+            content = {"membership": Membership.JOIN}
+            if is_guest:
+                content["kind"] = "guest"
            yield msg_handler.create_and_send_event(
                {
                    "type": EventTypes.Member,
-                    "content": {"membership": Membership.JOIN},
+                    "content": content,
                    "room_id": identifier.to_string(),
                    "sender": user.to_string(),
                    "state_key": user.to_string(),
                },
                token_id=token_id,
                txn_id=txn_id,
+                is_guest=is_guest,
            )

            defer.returnValue((200, {"room_id": identifier.to_string()}))