mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-12-23 16:19:27 -05:00
Merge pull request #720 from matrix-org/erikj/auth_chec
Don't auto log failed auth checks
This commit is contained in:
commit
f613a3e332
@ -25,6 +25,7 @@ from synapse.api.errors import AuthError, Codes, SynapseError, EventSizeError
|
|||||||
from synapse.types import Requester, RoomID, UserID, EventID
|
from synapse.types import Requester, RoomID, UserID, EventID
|
||||||
from synapse.util.logutils import log_function
|
from synapse.util.logutils import log_function
|
||||||
from synapse.util.logcontext import preserve_context_over_fn
|
from synapse.util.logcontext import preserve_context_over_fn
|
||||||
|
from synapse.util.metrics import Measure
|
||||||
from unpaddedbase64 import decode_base64
|
from unpaddedbase64 import decode_base64
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
@ -44,6 +45,7 @@ class Auth(object):
|
|||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
self.hs = hs
|
self.hs = hs
|
||||||
|
self.clock = hs.get_clock()
|
||||||
self.store = hs.get_datastore()
|
self.store = hs.get_datastore()
|
||||||
self.state = hs.get_state_handler()
|
self.state = hs.get_state_handler()
|
||||||
self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
|
self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
|
||||||
@ -66,9 +68,9 @@ class Auth(object):
|
|||||||
Returns:
|
Returns:
|
||||||
True if the auth checks pass.
|
True if the auth checks pass.
|
||||||
"""
|
"""
|
||||||
self.check_size_limits(event)
|
with Measure(self.clock, "auth.check"):
|
||||||
|
self.check_size_limits(event)
|
||||||
|
|
||||||
try:
|
|
||||||
if not hasattr(event, "room_id"):
|
if not hasattr(event, "room_id"):
|
||||||
raise AuthError(500, "Event has no room_id: %s" % event)
|
raise AuthError(500, "Event has no room_id: %s" % event)
|
||||||
if auth_events is None:
|
if auth_events is None:
|
||||||
@ -127,13 +129,6 @@ class Auth(object):
|
|||||||
self.check_redaction(event, auth_events)
|
self.check_redaction(event, auth_events)
|
||||||
|
|
||||||
logger.debug("Allowing! %s", event)
|
logger.debug("Allowing! %s", event)
|
||||||
except AuthError as e:
|
|
||||||
logger.info(
|
|
||||||
"Event auth check failed on event %s with msg: %s",
|
|
||||||
event, e.msg
|
|
||||||
)
|
|
||||||
logger.info("Denying! %s", event)
|
|
||||||
raise
|
|
||||||
|
|
||||||
def check_size_limits(self, event):
|
def check_size_limits(self, event):
|
||||||
def too_big(field):
|
def too_big(field):
|
||||||
|
@ -316,7 +316,11 @@ class BaseHandler(object):
|
|||||||
if ratelimit:
|
if ratelimit:
|
||||||
self.ratelimit(requester)
|
self.ratelimit(requester)
|
||||||
|
|
||||||
self.auth.check(event, auth_events=context.current_state)
|
try:
|
||||||
|
self.auth.check(event, auth_events=context.current_state)
|
||||||
|
except AuthError as err:
|
||||||
|
logger.warn("Denying new event %r because %s", event, err)
|
||||||
|
raise err
|
||||||
|
|
||||||
yield self.maybe_kick_guest_users(event, context.current_state.values())
|
yield self.maybe_kick_guest_users(event, context.current_state.values())
|
||||||
|
|
||||||
|
@ -681,9 +681,13 @@ class FederationHandler(BaseHandler):
|
|||||||
"state_key": user_id,
|
"state_key": user_id,
|
||||||
})
|
})
|
||||||
|
|
||||||
event, context = yield self._create_new_client_event(
|
try:
|
||||||
builder=builder,
|
event, context = yield self._create_new_client_event(
|
||||||
)
|
builder=builder,
|
||||||
|
)
|
||||||
|
except AuthError as e:
|
||||||
|
logger.warn("Failed to create join %r because %s", event, e)
|
||||||
|
raise e
|
||||||
|
|
||||||
self.auth.check(event, auth_events=context.current_state)
|
self.auth.check(event, auth_events=context.current_state)
|
||||||
|
|
||||||
@ -915,7 +919,11 @@ class FederationHandler(BaseHandler):
|
|||||||
builder=builder,
|
builder=builder,
|
||||||
)
|
)
|
||||||
|
|
||||||
self.auth.check(event, auth_events=context.current_state)
|
try:
|
||||||
|
self.auth.check(event, auth_events=context.current_state)
|
||||||
|
except AuthError as e:
|
||||||
|
logger.warn("Failed to create new leave %r because %s", event, e)
|
||||||
|
raise e
|
||||||
|
|
||||||
defer.returnValue(event)
|
defer.returnValue(event)
|
||||||
|
|
||||||
@ -1512,8 +1520,9 @@ class FederationHandler(BaseHandler):
|
|||||||
|
|
||||||
try:
|
try:
|
||||||
self.auth.check(event, auth_events=auth_events)
|
self.auth.check(event, auth_events=auth_events)
|
||||||
except AuthError:
|
except AuthError as e:
|
||||||
raise
|
logger.warn("Failed auth resolution for %r because %s", event, e)
|
||||||
|
raise e
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def construct_auth_difference(self, local_auth, remote_auth):
|
def construct_auth_difference(self, local_auth, remote_auth):
|
||||||
@ -1689,7 +1698,12 @@ class FederationHandler(BaseHandler):
|
|||||||
event_dict, event, context
|
event_dict, event, context
|
||||||
)
|
)
|
||||||
|
|
||||||
self.auth.check(event, context.current_state)
|
try:
|
||||||
|
self.auth.check(event, context.current_state)
|
||||||
|
except AuthError as e:
|
||||||
|
logger.warn("Denying new third party invite %r because %s", event, e)
|
||||||
|
raise e
|
||||||
|
|
||||||
yield self._check_signature(event, auth_events=context.current_state)
|
yield self._check_signature(event, auth_events=context.current_state)
|
||||||
member_handler = self.hs.get_handlers().room_member_handler
|
member_handler = self.hs.get_handlers().room_member_handler
|
||||||
yield member_handler.send_membership_event(None, event, context)
|
yield member_handler.send_membership_event(None, event, context)
|
||||||
@ -1714,7 +1728,11 @@ class FederationHandler(BaseHandler):
|
|||||||
event_dict, event, context
|
event_dict, event, context
|
||||||
)
|
)
|
||||||
|
|
||||||
self.auth.check(event, auth_events=context.current_state)
|
try:
|
||||||
|
self.auth.check(event, auth_events=context.current_state)
|
||||||
|
except AuthError as e:
|
||||||
|
logger.warn("Denying third party invite %r because %s", event, e)
|
||||||
|
raise e
|
||||||
yield self._check_signature(event, auth_events=context.current_state)
|
yield self._check_signature(event, auth_events=context.current_state)
|
||||||
|
|
||||||
returned_invite = yield self.send_invite(origin, event)
|
returned_invite = yield self.send_invite(origin, event)
|
||||||
|
Loading…
Reference in New Issue
Block a user