forked-synapse/synapse/handlers/_base.py

# -*- coding: utf-8 -*-
# Copyright 2014 - 2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import logging

from twisted.internet import defer

import synapse.types
from synapse.api.constants import EventTypes, Membership
from synapse.api.errors import LimitExceededError
from synapse.types import UserID

logger = logging.getLogger(__name__)


class BaseHandler(object):
    """
    Common base class for the event handlers.

    Attributes:
        store (synapse.storage.DataStore):
        state_handler (synapse.state.StateHandler):
    """

    def __init__(self, hs):
        """
        Args:
            hs (synapse.server.HomeServer):
        """
        self.store = hs.get_datastore()
        self.auth = hs.get_auth()
        self.notifier = hs.get_notifier()
        self.state_handler = hs.get_state_handler()
        self.distributor = hs.get_distributor()
        self.ratelimiter = hs.get_ratelimiter()
        self.clock = hs.get_clock()
        self.hs = hs

        self.server_name = hs.hostname

        self.event_builder_factory = hs.get_event_builder_factory()

    @defer.inlineCallbacks
    def ratelimit(self, requester, update=True):
        """Ratelimits requests.

        Args:
            requester (Requester)
            update (bool): Whether to record that a request is being processed.
                Set to False when doing multiple checks for one request (e.g.
                to check up front if we would reject the request), and set to
                True for the last call for a given request.

        Raises:
            LimitExceededError if the request should be ratelimited
        """
        time_now = self.clock.time()
        user_id = requester.user.to_string()

        # The AS user itself is never rate limited.
        app_service = self.store.get_app_service_by_user_id(user_id)
        if app_service is not None:
            return  # do not ratelimit app service senders

        # Disable rate limiting of users belonging to any AS that is configured
        # not to be rate limited in its registration file (rate_limited: true|false).
        if requester.app_service and not requester.app_service.is_rate_limited():
            return

        # Check if there is a per user override in the DB.
        override = yield self.store.get_ratelimit_for_user(user_id)
        if override:
            # If overriden with a null Hz then ratelimiting has been entirely
            # disabled for the user
            if not override.messages_per_second:
                return

            messages_per_second = override.messages_per_second
            burst_count = override.burst_count
        else:
            messages_per_second = self.hs.config.rc_message.per_second
            burst_count = self.hs.config.rc_message.burst_count

        allowed, time_allowed = self.ratelimiter.can_do_action(
            user_id, time_now,
            rate_hz=messages_per_second,
            burst_count=burst_count,
            update=update,
        )
        if not allowed:
            raise LimitExceededError(
                retry_after_ms=int(1000 * (time_allowed - time_now)),
            )

    @defer.inlineCallbacks
    def maybe_kick_guest_users(self, event, context=None):
        # Technically this function invalidates current_state by changing it.
        # Hopefully this isn't that important to the caller.
        if event.type == EventTypes.GuestAccess:
            guest_access = event.content.get("guest_access", "forbidden")
            if guest_access != "can_join":
                if context:
                    current_state_ids = yield context.get_current_state_ids(self.store)
                    current_state = yield self.store.get_events(
                        list(current_state_ids.values())
                    )
                else:
                    current_state = yield self.state_handler.get_current_state(
                        event.room_id
                    )

                current_state = list(current_state.values())

                logger.info("maybe_kick_guest_users %r", current_state)
                yield self.kick_guest_users(current_state)

    @defer.inlineCallbacks
    def kick_guest_users(self, current_state):
        for member_event in current_state:
            try:
                if member_event.type != EventTypes.Member:
                    continue

                target_user = UserID.from_string(member_event.state_key)
                if not self.hs.is_mine(target_user):
                    continue

                if member_event.content["membership"] not in {
                    Membership.JOIN,
                    Membership.INVITE
                }:
                    continue

                if (
                    "kind" not in member_event.content
                    or member_event.content["kind"] != "guest"
                ):
                    continue

                # We make the user choose to leave, rather than have the
                # event-sender kick them. This is partially because we don't
                # need to worry about power levels, and partially because guest
                # users are a concept which doesn't hugely work over federation,
                # and having homeservers have their own users leave keeps more
                # of that decision-making and control local to the guest-having
                # homeserver.
                requester = synapse.types.create_requester(
                    target_user, is_guest=True)
                handler = self.hs.get_room_member_handler()
                yield handler.update_membership(
                    requester,
                    target_user,
                    member_event.room_id,
                    "leave",
                    ratelimit=False,
                    require_consent=False,
                )
            except Exception as e:
                logger.exception("Error kicking guest user: %s" % (e,))
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`# -- coding: utf-8 --`
Skip, rather than erroring, invalid guest requests Erroring causes problems when people make illegal requests, because they don't know what limit parameter they should pass. This is definitely buggy. It leaks message counts for rooms people don't have permission to see, via tokens. But apparently we already consciously decided to allow that as a team, so this preserves that behaviour. 2016-01-05 13:12:37 -05:00			`# Copyright 2014 - 2016 OpenMarket Ltd`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`#`
			`# Licensed under the Apache License, Version 2.0 (the "License");`
			`# you may not use this file except in compliance with the License.`
			`# You may obtain a copy of the License at`
			`#`
			`# http://www.apache.org/licenses/LICENSE-2.0`
			`#`
			`# Unless required by applicable law or agreed to in writing, software`
			`# distributed under the License is distributed on an "AS IS" BASIS,`
			`# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`# See the License for the specific language governing permissions and`
			`# limitations under the License.`

Add `create_requester` function Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout 2016-07-26 11:46:53 -04:00			`import logging`

Move new event boilerplate in room handlers into a method on a base clase. 2014-08-26 13:49:51 -04:00			`from twisted.internet import defer`
add in whitespace after copyright statements to improve legibility 2014-08-12 22:14:34 -04:00
Add `create_requester` function Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout 2016-07-26 11:46:53 -04:00			`import synapse.types`
run isort 2018-07-09 02:09:20 -04:00			`from synapse.api.constants import EventTypes, Membership`
Add `create_requester` function Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout 2016-07-26 11:46:53 -04:00			`from synapse.api.errors import LimitExceededError`
			`from synapse.types import UserID`
Fix auth checks to all use the given old_event_state 2014-11-05 06:07:54 -05:00
			`logger = logging.getLogger(__name__)`


Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`class BaseHandler(object):`
Update some comments Add a couple of type annotations, docstrings, and other comments, in the interest of keeping track of what types I have. Merged from pull request #370. 2015-11-13 05:31:15 -05:00			`"""`
			`Common base class for the event handlers.`

Use google style doc strings. pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format. 2016-04-01 11:08:59 -04:00			`Attributes:`
Fix a doc-comment The `store` in a handler is a generic DataStore, not just an events.StateStore. 2016-07-18 04:47:33 -04:00			`store (synapse.storage.DataStore):`
Use google style doc strings. pycharm supports them so there is no need to use the other format. Might as well convert the existing strings to reduce the risk of people accidentally cargo culting the wrong doc string format. 2016-04-01 11:08:59 -04:00			`state_handler (synapse.state.StateHandler):`
Update some comments Add a couple of type annotations, docstrings, and other comments, in the interest of keeping track of what types I have. Merged from pull request #370. 2015-11-13 05:31:15 -05:00			`"""`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00
			`def __init__(self, hs):`
Type annotations Add some type annotations to help PyCharm (in particular) to figure out the types of a bunch of things. 2016-07-19 05:21:42 -04:00			`"""`
			`Args:`
			`hs (synapse.server.HomeServer):`
			`"""`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`self.store = hs.get_datastore()`
			`self.auth = hs.get_auth()`
			`self.notifier = hs.get_notifier()`
			`self.state_handler = hs.get_state_handler()`
Wait for getting a Join in response to an invite/join dance. 2014-08-21 09:38:22 -04:00			`self.distributor = hs.get_distributor()`
Add ratelimiting function to basehandler 2014-09-02 12:57:04 -04:00			`self.ratelimiter = hs.get_ratelimiter()`
			`self.clock = hs.get_clock()`
Reference Matrix Home Server 2014-08-12 10:10:52 -04:00			`self.hs = hs`
Move new event boilerplate in room handlers into a method on a base clase. 2014-08-26 13:49:51 -04:00
Sign events we create. 2014-11-03 06:33:28 -05:00			`self.server_name = hs.hostname`

Convert rest and handlers to use new event structure 2014-12-04 10:50:01 -05:00			`self.event_builder_factory = hs.get_event_builder_factory()`

Add per user ratelimiting overrides 2017-05-10 06:05:43 -04:00			`@defer.inlineCallbacks`
			`def ratelimit(self, requester, update=True):`
			`"""Ratelimits requests.`

			`Args:`
			`requester (Requester)`
			`update (bool): Whether to record that a request is being processed.`
			`Set to False when doing multiple checks for one request (e.g.`
			`to check up front if we would reject the request), and set to`
			`True for the last call for a given request.`

			`Raises:`
			`LimitExceededError if the request should be ratelimited`
			`"""`
Add ratelimiting function to basehandler 2014-09-02 12:57:04 -04:00			`time_now = self.clock.time()`
handers: do not ratelimit app service senders Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> 2016-10-04 15:53:35 -04:00			`user_id = requester.user.to_string()`

Allow Configurable Rate Limiting Per AS This adds a flag loaded from the registration file of an AS that will determine whether or not its users are rate limited (by ratelimit in _base.py). Needed for IRC bridge reasons - see https://github.com/matrix-org/matrix-appservice-irc/issues/240. 2016-10-18 12:04:09 -04:00			`# The AS user itself is never rate limited.`
handers: do not ratelimit app service senders Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> 2016-10-04 15:53:35 -04:00			`app_service = self.store.get_app_service_by_user_id(user_id)`
			`if app_service is not None:`
			`return # do not ratelimit app service senders`

as_user->app_service, less redundant comments, better positioned comments 2016-10-20 07:04:54 -04:00			`# Disable rate limiting of users belonging to any AS that is configured`
			`# not to be rate limited in its registration file (rate_limited: true\|false).`
			`if requester.app_service and not requester.app_service.is_rate_limited():`
Allow Configurable Rate Limiting Per AS This adds a flag loaded from the registration file of an AS that will determine whether or not its users are rate limited (by ratelimit in _base.py). Needed for IRC bridge reasons - see https://github.com/matrix-org/matrix-appservice-irc/issues/240. 2016-10-18 12:04:09 -04:00			`return`

Add per user ratelimiting overrides 2017-05-10 06:05:43 -04:00			`# Check if there is a per user override in the DB.`
			`override = yield self.store.get_ratelimit_for_user(user_id)`
			`if override:`
			`# If overriden with a null Hz then ratelimiting has been entirely`
			`# disabled for the user`
			`if not override.messages_per_second:`
			`return`

			`messages_per_second = override.messages_per_second`
			`burst_count = override.burst_count`
			`else:`
Make all the rate limiting options more consistent (#5181) 2019-05-15 13:06:04 -04:00			`messages_per_second = self.hs.config.rc_message.per_second`
			`burst_count = self.hs.config.rc_message.burst_count`
Add per user ratelimiting overrides 2017-05-10 06:05:43 -04:00
Add rate-limiting on registration (#4735) * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test 2019-03-05 09:25:33 -05:00			`allowed, time_allowed = self.ratelimiter.can_do_action(`
handers: do not ratelimit app service senders Signed-off-by: Patrik Oldsberg <patrik.oldsberg@ericsson.com> 2016-10-04 15:53:35 -04:00			`user_id, time_now,`
Add rate-limiting on registration (#4735) * Rate-limiting for registration * Add unit test for registration rate limiting * Add config parameters for rate limiting on auth endpoints * Doc * Fix doc of rate limiting function Co-Authored-By: babolivier <contact@brendanabolivier.com> * Incorporate review * Fix config parsing * Fix linting errors * Set default config for auth rate limiting * Fix tests * Add changelog * Advance reactor instead of mocked clock * Move parameters to registration specific config and give them more sensible default values * Remove unused config options * Don't mock the rate limiter un MAU tests * Rename _register_with_store into register_with_store * Make CI happy * Remove unused import * Update sample config * Fix ratelimiting test for py2 * Add non-guest test 2019-03-05 09:25:33 -05:00			`rate_hz=messages_per_second,`
Add per user ratelimiting overrides 2017-05-10 06:05:43 -04:00			`burst_count=burst_count,`
			`update=update,`
Add ratelimiting function to basehandler 2014-09-02 12:57:04 -04:00			`)`
			`if not allowed:`
Raise LimitExceedError when the ratelimiting is throttling requests 2014-09-03 03:58:48 -04:00			`raise LimitExceededError(`
Fix flake8 warnings for new flake8 2016-02-02 12:18:50 -05:00			`retry_after_ms=int(1000 * (time_allowed - time_now)),`
Add ratelimiting function to basehandler 2014-09-02 12:57:04 -04:00			`)`

Allow guest users to join and message rooms 2015-11-10 11:57:13 -05:00			`@defer.inlineCallbacks`
Replace context.current_state with context.current_state_ids 2016-08-25 12:32:22 -04:00			`def maybe_kick_guest_users(self, event, context=None):`
Allow guest users to join and message rooms 2015-11-10 11:57:13 -05:00			`# Technically this function invalidates current_state by changing it.`
			`# Hopefully this isn't that important to the caller.`
			`if event.type == EventTypes.GuestAccess:`
			`guest_access = event.content.get("guest_access", "forbidden")`
			`if guest_access != "can_join":`
Replace context.current_state with context.current_state_ids 2016-08-25 12:32:22 -04:00			`if context:`
Use new getters 2018-07-23 08:00:22 -04:00			`current_state_ids = yield context.get_current_state_ids(self.store)`
Replace context.current_state with context.current_state_ids 2016-08-25 12:32:22 -04:00			`current_state = yield self.store.get_events(`
Use new getters 2018-07-23 08:00:22 -04:00			`list(current_state_ids.values())`
Replace context.current_state with context.current_state_ids 2016-08-25 12:32:22 -04:00			`)`
			`else:`
Insert delta of current_state_events to be more efficient 2017-01-20 10:40:04 -05:00			`current_state = yield self.state_handler.get_current_state(`
			`event.room_id`
			`)`

Consistently use six's iteritems and wrap lazy keys/values in list() if they're not meant to be lazy (#3307) 2018-05-31 05:03:47 -04:00			`current_state = list(current_state.values())`
Insert delta of current_state_events to be more efficient 2017-01-20 10:40:04 -05:00
Replace context.current_state with context.current_state_ids 2016-08-25 12:32:22 -04:00			`logger.info("maybe_kick_guest_users %r", current_state)`
Allow guest users to join and message rooms 2015-11-10 11:57:13 -05:00			`yield self.kick_guest_users(current_state)`

			`@defer.inlineCallbacks`
			`def kick_guest_users(self, current_state):`
			`for member_event in current_state:`
			`try:`
			`if member_event.type != EventTypes.Member:`
			`continue`

Use update_membership to kick guests 2016-02-15 11:40:22 -05:00			`target_user = UserID.from_string(member_event.state_key)`
			`if not self.hs.is_mine(target_user):`
Allow guest users to join and message rooms 2015-11-10 11:57:13 -05:00			`continue`

			`if member_event.content["membership"] not in {`
			`Membership.JOIN,`
			`Membership.INVITE`
			`}:`
			`continue`

			`if (`
			`"kind" not in member_event.content`
			`or member_event.content["kind"] != "guest"`
			`):`
			`continue`

			`# We make the user choose to leave, rather than have the`
			`# event-sender kick them. This is partially because we don't`
			`# need to worry about power levels, and partially because guest`
			`# users are a concept which doesn't hugely work over federation,`
			`# and having homeservers have their own users leave keeps more`
			`# of that decision-making and control local to the guest-having`
			`# homeserver.`
Add `create_requester` function Wrap the `Requester` constructor with a function which provides sensible defaults, and use it throughout 2016-07-26 11:46:53 -04:00			`requester = synapse.types.create_requester(`
			`target_user, is_guest=True)`
Move RoomMemberHandler out of Handlers 2018-03-01 05:54:37 -05:00			`handler = self.hs.get_room_member_handler()`
Use update_membership to kick guests 2016-02-15 11:40:22 -05:00			`yield handler.update_membership(`
			`requester,`
			`target_user,`
			`member_event.room_id,`
			`"leave",`
Allow guest users to join and message rooms 2015-11-10 11:57:13 -05:00			`ratelimit=False,`
Use flags 2019-03-20 13:39:29 -04:00			`require_consent=False,`
Allow guest users to join and message rooms 2015-11-10 11:57:13 -05:00			`)`
			`except Exception as e:`
Fix kicking guest users in worker mode When guest_access changes from allowed to forbidden all local guest users should be kicked from the room. This did not happen when revocation was received from federation on a worker. Presumably broken in #4141 2019-02-18 09:08:13 -05:00			`logger.exception("Error kicking guest user: %s" % (e,))`