From 313a489fc99f18773131814bc1f3843ccb45ad11 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Mon, 22 Jan 2018 14:54:46 +0100 Subject: [PATCH] incorporate PR feedback --- synapse/config/server.py | 15 +++++++++------ synapse/federation/federation_client.py | 2 +- synapse/federation/transaction_queue.py | 2 +- synapse/federation/transport/server.py | 2 +- synapse/handlers/device.py | 2 +- synapse/handlers/federation.py | 2 +- synapse/rest/key/v2/remote_key_resource.py | 2 +- synapse/rest/media/v1/media_repository.py | 8 ++++---- 8 files changed, 19 insertions(+), 16 deletions(-) diff --git a/synapse/config/server.py b/synapse/config/server.py index b413a91c7..f9c38199c 100644 --- a/synapse/config/server.py +++ b/synapse/config/server.py @@ -55,14 +55,16 @@ class ServerConfig(Config): "block_non_admin_invites", False, ) + # FIXME: federation_domain_whitelist needs sytests + self.federation_domain_whitelist = None federation_domain_whitelist = config.get( - "federation_domain_whitelist", [] + "federation_domain_whitelist", None ) # turn the whitelist into a hash for speed of lookup - self.federation_domain_whitelist = {} - for domain in federation_domain_whitelist: - self.federation_domain_whitelist[domain] = True - # FIXME: federation_domain_whitelist needs sytests + if federation_domain_whitelist is not None: + self.federation_domain_whitelist = {} + for domain in federation_domain_whitelist: + self.federation_domain_whitelist[domain] = True if self.public_baseurl is not None: if self.public_baseurl[-1] != '/': @@ -222,7 +224,8 @@ class ServerConfig(Config): # Restrict federation to the following whitelist of domains. # N.B. we recommend also firewalling your federation listener to limit # inbound federation traffic as early as possible, rather than relying - # purely on this application-layer restriction. + # purely on this application-layer restriction. If not specified, the + # default is to whitelist nothing. # # federation_domain_whitelist: # - lon.example.com diff --git a/synapse/federation/federation_client.py b/synapse/federation/federation_client.py index 22e1ba6ef..813907f7f 100644 --- a/synapse/federation/federation_client.py +++ b/synapse/federation/federation_client.py @@ -267,7 +267,7 @@ class FederationClient(FederationBase): logger.info(e.message) continue except FederationDeniedError as e: - logger.debug(e.message) + logger.info(e.message) continue except Exception as e: pdu_attempts[destination] = now diff --git a/synapse/federation/transaction_queue.py b/synapse/federation/transaction_queue.py index 343e5f75a..a141ec995 100644 --- a/synapse/federation/transaction_queue.py +++ b/synapse/federation/transaction_queue.py @@ -491,7 +491,7 @@ class TransactionQueue(object): ), ) except FederationDeniedError as e: - logger.debug(e) + logger.info(e) except Exception as e: logger.warn( "TX [%s] Failed to send transaction: %s", diff --git a/synapse/federation/transport/server.py b/synapse/federation/transport/server.py index 38b445604..06c16ba4f 100644 --- a/synapse/federation/transport/server.py +++ b/synapse/federation/transport/server.py @@ -94,7 +94,7 @@ class Authenticator(object): } if ( - self.federation_domain_whitelist and + self.federation_domain_whitelist is not None and self.server_name not in self.federation_domain_whitelist ): raise FederationDeniedError(self.server_name) diff --git a/synapse/handlers/device.py b/synapse/handlers/device.py index 7e150b19b..0e8345385 100644 --- a/synapse/handlers/device.py +++ b/synapse/handlers/device.py @@ -515,7 +515,7 @@ class DeviceListEduUpdater(object): # eventually become consistent. return except FederationDeniedError as e: - logger.debug(e) + logger.info(e) return except Exception: # TODO: Remember that we are now out of sync and try again diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index c6344f322..677532c87 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -784,7 +784,7 @@ class FederationHandler(BaseHandler): logger.info(e.message) continue except FederationDeniedError as e: - logger.debug(e) + logger.info(e) continue except Exception as e: logger.exception( diff --git a/synapse/rest/key/v2/remote_key_resource.py b/synapse/rest/key/v2/remote_key_resource.py index 94110bf59..17e6079cb 100644 --- a/synapse/rest/key/v2/remote_key_resource.py +++ b/synapse/rest/key/v2/remote_key_resource.py @@ -139,7 +139,7 @@ class RemoteKey(Resource): store_queries = [] for server_name, key_ids in query.items(): if ( - self.federation_domain_whitelist and + self.federation_domain_whitelist is not None and server_name not in self.federation_domain_whitelist ): logger.debug("Federation denied with %s", server_name) diff --git a/synapse/rest/media/v1/media_repository.py b/synapse/rest/media/v1/media_repository.py index 7cd7a8ec1..332ba4b12 100644 --- a/synapse/rest/media/v1/media_repository.py +++ b/synapse/rest/media/v1/media_repository.py @@ -226,7 +226,7 @@ class MediaRepository(object): to request """ if ( - self.federation_domain_whitelist and + self.federation_domain_whitelist is not None and server_name not in self.federation_domain_whitelist ): raise FederationDeniedError(server_name) @@ -266,7 +266,7 @@ class MediaRepository(object): Deferred[dict]: The media_info of the file """ if ( - self.federation_domain_whitelist and + self.federation_domain_whitelist is not None and server_name not in self.federation_domain_whitelist ): raise FederationDeniedError(server_name) @@ -387,8 +387,8 @@ class MediaRepository(object): logger.warn("Not retrying destination %r", server_name) raise SynapseError(502, "Failed to fetch remote media") except FederationDeniedError as e: - logger.debug(e) - raise SynapseError(403, e.message) + logger.info(e) + raise e except Exception: logger.exception("Failed to fetch remote media %s/%s", server_name, media_id)