Allow denying or shadow banning registrations via the spam checker (#8034)

2025-05-04 03:24:49 -04:00 · 2020-08-20 15:42:58 -04:00 · 2020-08-20 15:42:58 -04:00 · 3f91638da6
commit 3f91638da6
parent e259d63f73
14 changed files with 258 additions and 18 deletions
--- a/synapse/handlers/oidc_handler.py
+++ b/synapse/handlers/oidc_handler.py
@ -93,6 +93,7 @@ class OidcHandler:
    """

    def __init__(self, hs: "HomeServer"):
+        self.hs = hs
        self._callback_url = hs.config.oidc_callback_url  # type: str
        self._scopes = hs.config.oidc_scopes  # type: List[str]
        self._client_auth = ClientAuth(
@ -689,9 +690,17 @@ class OidcHandler:
                self._render_error(request, "invalid_token", str(e))
                return

+        # Pull out the user-agent and IP from the request.
+        user_agent = request.requestHeaders.getRawHeaders(b"User-Agent", default=[b""])[
+            0
+        ].decode("ascii", "surrogateescape")
+        ip_address = self.hs.get_ip_from_request(request)
+
        # Call the mapper to register/login the user
        try:
-            user_id = await self._map_userinfo_to_user(userinfo, token)
+            user_id = await self._map_userinfo_to_user(
+                userinfo, token, user_agent, ip_address
+            )
        except MappingException as e:
            logger.exception("Could not map user")
            self._render_error(request, "mapping_error", str(e))
@ -828,7 +837,9 @@ class OidcHandler:
        now = self._clock.time_msec()
        return now < expiry

-    async def _map_userinfo_to_user(self, userinfo: UserInfo, token: Token) -> str:
+    async def _map_userinfo_to_user(
+        self, userinfo: UserInfo, token: Token, user_agent: str, ip_address: str
+    ) -> str:
        """Maps a UserInfo object to a mxid.

        UserInfo should have a claim that uniquely identifies users. This claim
@ -843,6 +854,8 @@ class OidcHandler:
        Args:
            userinfo: an object representing the user
            token: a dict with the tokens obtained from the provider
+            user_agent: The user agent of the client making the request.
+            ip_address: The IP address of the client making the request.

        Raises:
            MappingException: if there was an error while mapping some properties
@ -899,7 +912,9 @@ class OidcHandler:
        # It's the first time this user is logging in and the mapped mxid was
        # not taken, register the user
        registered_user_id = await self._registration_handler.register_user(
-            localpart=localpart, default_display_name=attributes["display_name"],
+            localpart=localpart,
+            default_display_name=attributes["display_name"],
+            user_agent_ips=(user_agent, ip_address),
        )

        await self._datastore.record_user_external_id(