Merge remote-tracking branch 'origin/erikj/as_mau_block' into develop

2025-12-15 23:13:50 -05:00 · 2020-12-18 09:51:56 +00:00 · 2020-12-18 09:51:56 +00:00 · a7a913918c
commit a7a913918c
parent 70586aa63e 14eab1b4d2
7 changed files with 86 additions and 9 deletions
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@ -738,6 +738,7 @@ class AuthHandler(BaseHandler):
        device_id: Optional[str],
        valid_until_ms: Optional[int],
        puppets_user_id: Optional[str] = None,
+        is_appservice_ghost: bool = False,
    ) -> str:
        """
        Creates a new access token for the user with the given user ID.
@ -754,6 +755,7 @@ class AuthHandler(BaseHandler):
               we should always have a device ID)
            valid_until_ms: when the token is valid until. None for
                no expiry.
+            is_appservice_ghost: Whether the user is an application ghost user
        Returns:
              The access token for the user's session.
        Raises:
@ -774,7 +776,11 @@ class AuthHandler(BaseHandler):
                "Logging in user %s on device %s%s", user_id, device_id, fmt_expiry
            )

-        await self.auth.check_auth_blocking(user_id)
+        if (
+            not is_appservice_ghost
+            or self.hs.config.appservice.track_appservice_user_ips
+        ):
+            await self.auth.check_auth_blocking(user_id)

        access_token = self.macaroon_gen.generate_access_token(user_id)
        await self.store.add_access_token_to_user(
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@ -630,6 +630,7 @@ class RegistrationHandler(BaseHandler):
        device_id: Optional[str],
        initial_display_name: Optional[str],
        is_guest: bool = False,
+        is_appservice_ghost: bool = False,
    ) -> Tuple[str, str]:
        """Register a device for a user and generate an access token.

@ -651,6 +652,7 @@ class RegistrationHandler(BaseHandler):
                device_id=device_id,
                initial_display_name=initial_display_name,
                is_guest=is_guest,
+                is_appservice_ghost=is_appservice_ghost,
            )
            return r["device_id"], r["access_token"]

@ -672,7 +674,10 @@ class RegistrationHandler(BaseHandler):
            )
        else:
            access_token = await self._auth_handler.get_access_token_for_user_id(
-                user_id, device_id=registered_device_id, valid_until_ms=valid_until_ms
+                user_id,
+                device_id=registered_device_id,
+                valid_until_ms=valid_until_ms,
+                is_appservice_ghost=is_appservice_ghost,
            )

        return (registered_device_id, access_token)