Merge pull request #3232 from matrix-org/rav/server_notices_room

Infrastructure for a server notices room
2025-09-20 18:04:35 -04:00 · 2018-05-18 11:28:04 +01:00 · 2018-05-18 11:28:04 +01:00 · 6d9dc67139
commit 6d9dc67139
parent ed3125b0a1 011e1f4010
10 changed files with 309 additions and 7 deletions
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -81,6 +81,7 @@ class FederationHandler(BaseHandler):
        self.pusher_pool = hs.get_pusherpool()
        self.spam_checker = hs.get_spam_checker()
        self.event_creation_handler = hs.get_event_creation_handler()
+        self._server_notices_mxid = hs.config.server_notices_mxid

        # When joining a room we need to queue any events for that room up
        self.room_queues = {}
@ -1180,6 +1181,13 @@ class FederationHandler(BaseHandler):
        if not self.is_mine_id(event.state_key):
            raise SynapseError(400, "The invite event must be for this server")

+        # block any attempts to invite the server notices mxid
+        if event.state_key == self._server_notices_mxid:
+            raise SynapseError(
+                http_client.FORBIDDEN,
+                "Cannot invite this user",
+            )
+
        event.internal_metadata.outlier = True
        event.internal_metadata.invite_from_remote = True

--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@ -34,6 +34,11 @@ logger = logging.getLogger(__name__)
 class RegistrationHandler(BaseHandler):

    def __init__(self, hs):
+        """
+
+        Args:
+            hs (synapse.server.HomeServer):
+        """
        super(RegistrationHandler, self).__init__(hs)

        self.auth = hs.get_auth()
@ -49,6 +54,7 @@ class RegistrationHandler(BaseHandler):
        self._generate_user_id_linearizer = Linearizer(
            name="_generate_user_id_linearizer",
        )
+        self._server_notices_mxid = hs.config.server_notices_mxid

    @defer.inlineCallbacks
    def check_username(self, localpart, guest_access_token=None,
@ -338,6 +344,14 @@ class RegistrationHandler(BaseHandler):
            yield identity_handler.bind_threepid(c, user_id)

    def check_user_id_not_appservice_exclusive(self, user_id, allowed_appservice=None):
+        # don't allow people to register the server notices mxid
+        if self._server_notices_mxid is not None:
+            if user_id == self._server_notices_mxid:
+                raise SynapseError(
+                    400, "This user ID is reserved.",
+                    errcode=Codes.EXCLUSIVE
+                )
+
        # valid user IDs must not clash with any user ID namespaces claimed by
        # application services.
        services = self.store.get_app_services()
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@ -68,7 +68,8 @@ class RoomCreationHandler(BaseHandler):
        self.event_creation_handler = hs.get_event_creation_handler()

    @defer.inlineCallbacks
-    def create_room(self, requester, config, ratelimit=True):
+    def create_room(self, requester, config, ratelimit=True,
+                    creator_join_profile=None):
        """ Creates a new room.

        Args:
@ -76,6 +77,14 @@ class RoomCreationHandler(BaseHandler):
                The user who requested the room creation.
            config (dict) : A dict of configuration options.
            ratelimit (bool): set to False to disable the rate limiter
+
+            creator_join_profile (dict|None):
+                Set to override the displayname and avatar for the creating
+                user in this room. If unset, displayname and avatar will be
+                derived from the user's profile. If set, should contain the
+                values to go in the body of the 'join' event (typically
+                `avatar_url` and/or `displayname`.
+
        Returns:
            Deferred[dict]:
                a dict containing the keys `room_id` and, if an alias was
@ -180,7 +189,8 @@ class RoomCreationHandler(BaseHandler):
            initial_state=initial_state,
            creation_content=creation_content,
            room_alias=room_alias,
-            power_level_content_override=config.get("power_level_content_override", {})
+            power_level_content_override=config.get("power_level_content_override", {}),
+            creator_join_profile=creator_join_profile,
        )

        if "name" in config:
@ -260,6 +270,7 @@ class RoomCreationHandler(BaseHandler):
            creation_content,
            room_alias,
            power_level_content_override,
+            creator_join_profile,
    ):
        def create(etype, content, **kwargs):
            e = {
@ -303,6 +314,7 @@ class RoomCreationHandler(BaseHandler):
            room_id,
            "join",
            ratelimit=False,
+            content=creator_join_profile,
        )

        # We treat the power levels override specially as this needs to be one
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@ -17,11 +17,14 @@
 import abc
 import logging

+from six.moves import http_client
+
 from signedjson.key import decode_verify_key_bytes
 from signedjson.sign import verify_signed_json
 from twisted.internet import defer
 from unpaddedbase64 import decode_base64

+import synapse.server
 import synapse.types
 from synapse.api.constants import (
    EventTypes, Membership,
@ -46,6 +49,11 @@ class RoomMemberHandler(object):
    __metaclass__ = abc.ABCMeta

    def __init__(self, hs):
+        """
+
+        Args:
+            hs (synapse.server.HomeServer):
+        """
        self.hs = hs
        self.store = hs.get_datastore()
        self.auth = hs.get_auth()
@ -63,6 +71,7 @@ class RoomMemberHandler(object):

        self.clock = hs.get_clock()
        self.spam_checker = hs.get_spam_checker()
+        self._server_notices_mxid = self.config.server_notices_mxid

    @abc.abstractmethod
    def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
@ -289,12 +298,36 @@ class RoomMemberHandler(object):
            is_blocked = yield self.store.is_room_blocked(room_id)
            if is_blocked:
                raise SynapseError(403, "This room has been blocked on this server")
+        else:
+            # we don't allow people to reject invites to, or leave, the
+            # server notice room.
+            is_blocked = yield self._is_server_notice_room(room_id)
+            if is_blocked:
+                raise SynapseError(
+                    http_client.FORBIDDEN,
+                    "You cannot leave this room",
+                )
+
+        if effective_membership_state == Membership.INVITE:
+            # block any attempts to invite the server notices mxid
+            if target.to_string() == self._server_notices_mxid:
+                raise SynapseError(
+                    http_client.FORBIDDEN,
+                    "Cannot invite this user",
+                )

-        if effective_membership_state == "invite":
            block_invite = False
-            is_requester_admin = yield self.auth.is_server_admin(
-                requester.user,
-            )
+
+            if (self._server_notices_mxid is not None and
+                    requester.user.to_string() == self._server_notices_mxid):
+                # allow the server notices mxid to send invites
+                is_requester_admin = True
+
+            else:
+                is_requester_admin = yield self.auth.is_server_admin(
+                    requester.user,
+                )
+
            if not is_requester_admin:
                if self.config.block_non_admin_invites:
                    logger.info(
@ -844,6 +877,13 @@ class RoomMemberHandler(object):

        defer.returnValue(False)

+    @defer.inlineCallbacks
+    def _is_server_notice_room(self, room_id):
+        if self._server_notices_mxid is None:
+            defer.returnValue(False)
+        user_ids = yield self.store.get_users_in_room(room_id)
+        defer.returnValue(self._server_notices_mxid in user_ids)
+

 class RoomMemberMasterHandler(RoomMemberHandler):
    def __init__(self, hs):