From 112cf5a73a12c1618414f0e2ef4153bf6d4a89f9 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Mon, 17 Jun 2019 16:27:47 +0100 Subject: [PATCH 1/3] Add third party rules hook for 3PID invites --- synapse/events/third_party_rules.py | 32 ++++++++++++++++++++++++++++- synapse/handlers/room_member.py | 10 +++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) diff --git a/synapse/events/third_party_rules.py b/synapse/events/third_party_rules.py index ee7b97ad3..768cfa8e9 100644 --- a/synapse/events/third_party_rules.py +++ b/synapse/events/third_party_rules.py @@ -35,7 +35,10 @@ class ThirdPartyEventRules(object): module, config = hs.config.third_party_event_rules if module is not None: - self.third_party_rules = module(config=config) + self.third_party_rules = module( + config=config, + http_client=hs.get_simple_http_client(), + ) @defer.inlineCallbacks def check_event_allowed(self, event, context): @@ -81,3 +84,30 @@ class ThirdPartyEventRules(object): yield self.third_party_rules.on_create_room( requester, config, is_requester_admin ) + + def check_threepid_can_be_invited(self, medium, address, room_id): + """Check if a provided 3PID can be invited in the given room. + + Args: + medium (str): The 3PID's medium. + address (str): The 3PID's address. + room_id (str): The room we want to invite the threepid to. + + Returns: + defer.Deferred[bool], True if the 3PID can be invited, False if not. + """ + + if self.third_party_rules is None: + defer.returnValue(True) + + state_ids = yield self.store.get_filtered_current_state_ids(room_id) + room_state_events = yield self.store.get_events(state_ids.values()) + + state_events = {} + for key, event_id in state_ids.items(): + state_events[key] = room_state_events[event_id] + + ret = yield self.third_party_rules.check_threepid_can_be_invited( + medium, address, state_events, + ) + defer.returnValue(ret) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 93ac986c8..458902bb7 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -72,6 +72,7 @@ class RoomMemberHandler(object): self.clock = hs.get_clock() self.spam_checker = hs.get_spam_checker() + self.third_party_event_rules = hs.get_third_party_event_rules() self._server_notices_mxid = self.config.server_notices_mxid self._enable_lookup = hs.config.enable_3pid_lookup self.allow_per_room_profiles = self.config.allow_per_room_profiles @@ -723,6 +724,15 @@ class RoomMemberHandler(object): # can't just rely on the standard ratelimiting of events. yield self.base_handler.ratelimit(requester) + can_invite = yield self.third_party_event_rules.check_threepid_can_be_invited( + medium, address, room_id, + ) + if not can_invite: + raise SynapseError( + 403, "This third-party identifier can not be invited in this room", + Codes.FORBIDDEN, + ) + invitee = yield self._lookup_3pid( id_server, medium, address ) From 9ce4220d6ca96644b00e4c014d7ee35505ca8b84 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Mon, 17 Jun 2019 16:33:16 +0100 Subject: [PATCH 2/3] Changelog --- changelog.d/5477.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/5477.feature diff --git a/changelog.d/5477.feature b/changelog.d/5477.feature new file mode 100644 index 000000000..63d9b5873 --- /dev/null +++ b/changelog.d/5477.feature @@ -0,0 +1 @@ +Allow server admins to define implementations of extra rules for allowing or denying incoming events. From 33ea87be3926c2cf5bd57170a808a20217433ad6 Mon Sep 17 00:00:00 2001 From: Brendan Abolivier Date: Mon, 17 Jun 2019 17:39:38 +0100 Subject: [PATCH 3/3] Make check_threepid_can_be_invited async --- synapse/events/third_party_rules.py | 1 + 1 file changed, 1 insertion(+) diff --git a/synapse/events/third_party_rules.py b/synapse/events/third_party_rules.py index 768cfa8e9..50ceeb1e8 100644 --- a/synapse/events/third_party_rules.py +++ b/synapse/events/third_party_rules.py @@ -85,6 +85,7 @@ class ThirdPartyEventRules(object): requester, config, is_requester_admin ) + @defer.inlineCallbacks def check_threepid_can_be_invited(self, medium, address, room_id): """Check if a provided 3PID can be invited in the given room.