Add room creation checks to spam checker

Lets the spam checker deny attempts to create rooms and add aliases
to them.
This commit is contained in:
David Baker 2017-10-04 10:47:54 +01:00
parent 5f20a91fa1
commit 197c14dbcf
3 changed files with 47 additions and 0 deletions

View File

@ -61,3 +61,35 @@ class SpamChecker(object):
return True return True
return self.spam_checker.user_may_invite(userid, room_id) return self.spam_checker.user_may_invite(userid, room_id)
def user_may_create_room(self, userid):
"""Checks if a given user may create a room
If this method returns false, the creation request will be rejected.
Args:
userid (string): The sender's user ID
Returns:
bool: True if the user may create a room, otherwise False
"""
if self.spam_checker is None:
return True
return self.spam_checker.user_may_create_room(userid)
def user_may_create_room_alias(self, userid, room_alias):
"""Checks if a given user may create a room alias
If this method returns false, the association request will be rejected.
Args:
userid (string): The sender's user ID
Returns:
bool: True if the user may create a room alias, otherwise False
"""
if self.spam_checker is None:
return True
return self.spam_checker.user_may_create_room_alias(userid, room_alias)

View File

@ -40,6 +40,8 @@ class DirectoryHandler(BaseHandler):
"directory", self.on_directory_query "directory", self.on_directory_query
) )
self.spam_checker = hs.get_spam_checker()
@defer.inlineCallbacks @defer.inlineCallbacks
def _create_association(self, room_alias, room_id, servers=None, creator=None): def _create_association(self, room_alias, room_id, servers=None, creator=None):
# general association creation for both human users and app services # general association creation for both human users and app services
@ -73,6 +75,11 @@ class DirectoryHandler(BaseHandler):
# association creation for human users # association creation for human users
# TODO(erikj): Do user auth. # TODO(erikj): Do user auth.
if not self.spam_checker.user_may_create_room_alias(user_id, room_alias):
raise SynapseError(
403, "This user is not permitted to create this alias",
)
can_create = yield self.can_modify_alias( can_create = yield self.can_modify_alias(
room_alias, room_alias,
user_id=user_id user_id=user_id

View File

@ -60,6 +60,11 @@ class RoomCreationHandler(BaseHandler):
}, },
} }
def __init__(self, hs):
super(RoomCreationHandler, self).__init__(hs)
self.spam_checker = hs.get_spam_checker()
@defer.inlineCallbacks @defer.inlineCallbacks
def create_room(self, requester, config, ratelimit=True): def create_room(self, requester, config, ratelimit=True):
""" Creates a new room. """ Creates a new room.
@ -75,6 +80,9 @@ class RoomCreationHandler(BaseHandler):
""" """
user_id = requester.user.to_string() user_id = requester.user.to_string()
if not self.spam_checker.user_may_create_room(user_id):
raise SynapseError(403, "You are not permitted to create rooms")
if ratelimit: if ratelimit:
yield self.ratelimit(requester) yield self.ratelimit(requester)