Commit Graph

73 Commits

Author SHA1 Message Date
Jess Porter
f108935d07
support compound consequences, switch WordList to consequences (#351) 2022-09-26 16:57:21 +01:00
Gnuxie
4d5447cb50
Rework the banning and unbanning of entities in PolicyLists. (#345)
* Rework the banning and unbanning of entities in PolicyLists.

1. We keep track of the event that created a list rule so that we
can remove the rule by having a way to determine the original state key for the rule.
This is because the state key of rules can be anything and should not be
relied on by Mjolnir to unban things (which it was doing).

2. The old scheme for producing a state key was causing for some entities to escape bans
https://github.com/matrix-org/mjolnir/issues/322.

We could have used a hash or something similar, but we know that
the reason for the `rule:${entity}` scheme existed was for ease of debugging
and finding rules in devtools. So instead we have followed a scheme simalar to
bridges where the first character of an mxid is replaced with an underscore.
Everything else just gets put into the state key. Since domains can't have '@'
and room ids, aliases can't either.

3. We have stopped the need for Mjolnir to wait for the next response from sync after banning,
unbanning an entity so that we can apply ACL's sooner.

* Use PolicyList's `banEntity` method to create imported rules.
2022-08-19 13:09:08 +01:00
Gnuxie
8bafa16495
Missing awaits on floating promises in tests. (#359)
If you add `"no-floating-promises": true` it's very easy
to find where this is done accidentally.
Not sure we can keep that on all the time yet though..
2022-08-18 13:09:03 +01:00
Jess Porter
10b7233e48
matrix.to urls for aliases don't need a via param (#348) 2022-08-18 09:37:30 +01:00
Gnuxie
9bcb0b7a59
Replace acceptInvitesFromGroup with acceptInvitesFromSpace. (#338)
Replace acceptInvitesFromGroup with acceptInvitesFromSpace.

https://github.com/matrix-org/mjolnir/issues/125
https://github.com/matrix-org/mjolnir/issues/99

acceptInvitesFromGroup was implemented with an experimental api
that was a precursor to spaces which was refereed to
as either communities or groups.
Support for communities/groups ended in Synapse 1.61.0
https://github.com/matrix-org/synapse/releases/tag/v1.61.0.

To test we just edit the config dynamically which changes how the join room listener functions
though idk, shouldn't we have just made a new mjolnir instance
for this test, or changed the config before the test started somehow?


Co-authored-by: jesopo <github@lolnerd.net>
2022-08-17 10:05:23 +01:00
Jess Porter
4376679b99
load config yaml manually, remove more references to static config (#347) 2022-08-16 15:51:18 +01:00
gnuxie
899a8bd784 Reduce number of rooms involved in banListTest.ts
apparently this takes over 5 minutes on the little github acitons VM.
Starting to wonder if this is really a sustainable setup.
2022-08-16 12:55:50 +01:00
gnuxie
b9284f0167 Reduce the throttle test theshold even more.
The implementation is rubbish, as it doesn't avoid the exponential backoff

Remove default rate limit testing.

It doesn't work. No there really isn't more to say about it
you're welcome to dispute it if you're going to do the work investigating. I'm not.

We used to have a test here that tested whether Mjolnir was going to carry out a redact order the default limits in a reasonable time scale.
Now I think that's never going to happen without writing a new algorithm for respecting rate limiting.
Which is not something there is time for.

https://github.com/matrix-org/synapse/pull/13018

Synapse rate limits were broken and very permitting so that's why the current hack worked so well.
Now it is not broken, so our rate limit handling is.

b850e4554c

Honestly I don't think we can expect anyone to be able to use Mjolnir under default rate limits.

well, it's not quite simple as broken, but it is broken. With the default level in synapse (which is what matrix.org uses) it is struggling to redact 15 messages within 5 minutes. that means 5 messages over the burst count. This is ofc ontop mjolnir sending reactions / responding to replies (which isn't much but... enough to mess with the rate limiter since ofc, Synapse tells requests to wait x amount of time before trying again, but that doesn't help for concurrent requests since ofc there's only 1 slot available at that future time.  This means Synapse just wacks everything with exponentially longer shit without many (or any?) events going through
it used to be fine
because rate limiting in synapse used to be a lot more liberal because it was "broken" or something, that's not me saying it's broken that's just what synapse devs say which is probably true.
if all requests went into a queue then yeah you could eliminate one problem
but that's a lot of work and i don't think we should be doing it
cos no one uses mjolnir like this anyways
2022-08-16 12:55:30 +01:00
gnuxie
d5171bd299 Activity tracker wouldn't update for recently joined/parted protected rooms. 2022-08-15 13:29:19 +01:00
Gnuxie
21aabc879a
Stop the config being global (in almost all contexts). (#334)
* Stop the config being global (in almost all contexts).

* make sure unit test has a config

* Make failing word list more visible

* Only use Healthz from index.ts

Not really sure how useful it is anyways?
2022-08-09 11:29:27 +01:00
Gnuxie
121d4cf98f
Mjolnir would apply stale ACL to rooms during batching (#331)
* banListTest would applyACL before rules appeared in `/state`.

Mjolnir will call applyServerAcls several times while a policy list is being updated, sometimes concurrently. This means a request to set a server ACL in a room which has old data can finish after a more recent recent request with the correct ACL. This means that the old ACL gets applied to the rooms (for a moment).

This is a follow up from 551065815e

* Only allow one invocation of applyServerAcls at a time as to not conflict with each other by using a promise chain.

We don't use the throttle queue because we don't want to be blocked by other background tasks.
We don't make another throttle queue because we don't want throttling and we don't want to delay the ACL application, which can happen even with throttle time of 0.
2022-08-09 10:57:38 +01:00
David Teller
829e1bd0aa
Towards opinions in PolicyLists. (#336)
Towards opinions in PolicyLists.

This changeset is part of an ongoing effort to implement "opinions"
within policy lists, as per MSC3847.

For the time being:
- we rename BanList into PolicyList;
- we cleanup a little dead code;
- we replace a few `string`s with `enum`;
- `ListRule` becomes an abstract class with two concrete subclasses `ListRuleBan` and `ListRuleOpinion`.
2022-07-26 21:47:26 +02:00
Gnuxie
b850e4554c
Remove debug leftovers from a test. (#314)
* Remove debug leftovers from a test.

This is really terrible and has meant whenever anyone has run `yarn test:integration` they have only been running this test.
💀💀💀
https://www.youtube.com/watch?v=jmX-tzSOFE0

* Set a default timeout for integration tests that is 5 minutes long.

Seriously, I don't think there is much to gain by making people guess
a reasnoble time for a test to complete in all the time, especially
with how much Synapse changes in response time and all of the machines
involved in running these tests.

* Warn when giving up on being throttled

* For some reason it takes longer for events to appear in /state

no i am not going to track down why yet.

* Rate limiting got a lot more aggresive.

https://github.com/matrix-org/synapse/pull/13018

Rate limiting in Synapse used to reset the burst count and remove
the backoff when you were spamming continuously, now it doesn't.
Ideally we'd rewrite the rate limiting logic to back off for longer
than suggested so we could get burst again, but for now
lets just unblock CI by reducing the number of events we send in these
tests.
2022-07-06 14:20:25 +01:00
Gnuxie
ac2e736e96
Report polling test temporality (#325)
So the test before sometimes sent the report *before*
the protection (that is used to check whether we have received
the report) was registered.
This of course meant that we didn't ever receive the report from
the perspectivee of the test.
This PR should now mean we always send the report after
registering the protection.
2022-07-05 16:58:29 +01:00
David Teller
6e5d520566
Fix: roomMemberTest off-by-one error (#324) 2022-07-05 15:33:53 +02:00
David Teller
cb34af02c6
Revert "Fix: roomMemberTest off-by-one error (#319)" (#323)
This reverts commit d8aac434f1.
2022-07-05 15:29:01 +02:00
David Teller
d8aac434f1
Fix: roomMemberTest off-by-one error (#319) 2022-07-05 14:38:53 +02:00
Jess Porter
ed68e02c4e
implement polling reports in synapse (#259) 2022-07-04 15:06:36 +01:00
David Teller
0eea04bd69
A background queue for kicking (#296)
A background queue for kicking
2022-06-08 11:49:43 +02:00
David Teller
74d8caa7e7
Since command: adding the ability to mute (#272) 2022-05-10 17:19:16 +02:00
Gnuxie
c8caf744c5
Apply members and server bans to the most recently active rooms first. (#274)
* Apply members and server bans to the most recently active rooms first.

https://github.com/matrix-org/mjolnir/issues/273
2022-05-03 12:36:53 +01:00
Jonathan de Jong
cc9f393ed7
fix CI (#282)
ts-mocha has also been updated to make running locally possible (else it gives a confusing error that tsconfig.json is not "json" or the likes)
2022-05-03 11:20:40 +01:00
David Teller
e05616b327
New command !mjolnir since <date or duration> <kick | ban | show> <limit> [reason] [...rooms] (#238)
A new command `since` to affect all users who have joined a protected room since a given date.
2022-03-21 10:39:15 +01:00
Jess Porter
1880287ac4
standard protection consequences (#232)
* standard protection consequences

* add integration test to make sure good users aren't banned

* the less far `event` propagates, the better

* better document consequence.ts

* improve innocent user integration test

* switch to room.event emit
2022-03-18 10:11:23 +00:00
David Teller
26ae55cd24
A command to show when users in a given room have joined (#225) 2022-03-07 11:34:25 +01:00
Marco Cirillo
97df4d5f61
Add command to elevate a user (or the bot) as room administrator (#219) 2022-03-07 10:14:06 +01:00
jesopo
65af82d46f send whole channel shutdown reason, not just the first word 2022-03-02 10:20:43 +00:00
Gnuxie
17dd0aa173
Fix the test script yarn test:manual and add it to tsconfig (#234)
* Add test:manual launch script to tsconfig

this is so we won't keep breaking it
2022-02-24 14:46:15 +00:00
Gnuxie
7353ba4919
Make limit for ACL batcher more leniant for CI (#235) 2022-02-24 14:27:53 +00:00
David Teller
82a2e63d23
A room Protection designed to measure lag in a room (#217) 2022-02-24 13:43:31 +01:00
Gnuxie
332da15d0d
Remove old rules when unbanning entities from BanLists. (#227)
* Remove old rules when unbanning entities from BanLists.

Fixes #220
2022-02-21 16:51:14 +00:00
Jess Porter
a58c7d3f1a
move LogProxy.logMessage to Mjolnir.logMessage (#194) 2022-02-15 15:44:41 +00:00
Gnuxie
e9dff8fd5a
Batch events from ban lists together during sync (#221)
* Test for batching ACL.

* Batch events from sync within BanList.

* Introduce the BanList.batch event to the BanList emitter to let Mjolnir sync after new events have been added from sync.

Fixes #203
2022-02-15 13:51:20 +00:00
Gnuxie
ff9a7db159
Make ACL safe so that Mjolnir will not ban itself. (#213) 2022-02-07 17:02:06 +00:00
jesopo
813741c42c refactor (and simplify) how protections are stored in-memory 2022-02-07 13:48:32 +00:00
jesopo
8b23f93b71 splice returns removed items, not a new list with items removed 2022-02-07 13:33:44 +00:00
Jess Porter
58e228be7d
make roomIds param on replaceRoomIdsWithPills a Set<string> (#146) 2022-02-02 17:35:02 +00:00
Gnuxie
e52b59df6e
Fix bad teardowns that hang in tests. (#202)
* Fix bad teardowns and hanging test.
2022-01-28 11:03:20 +00:00
gnuxie
f481ec84d3 Make sure we stop clients after they have started, not before.
Yeah it's a long story.
2022-01-26 16:25:43 +00:00
gnuxie
17a1d02af8 Fix uses of old interface for registration helper in tests. 2022-01-25 18:23:14 +00:00
gnuxie
9e96d399c0 Remove axios from the test suite, it is unnecessary.
It's probably also got problems.
2022-01-25 18:22:34 +00:00
Jess Porter
423a34bebe
runtime persistent settings system (#158) 2022-01-25 14:47:50 +00:00
David Teller
c7a96a3afe
Retry requests in case of throttling (#178)
* Retry requests in case of throttling


Co-authored-by: gnuxie <gnuxie@element.io>
2022-01-25 12:19:44 +00:00
David Teller
baa9129fa5 [CI] We need to wait until Mjölnir's start is complete before proceeding with tests.
Hopefully, this should fix the (latest) race conditions we've been seeing during CI.
2022-01-24 16:13:18 +01:00
gnuxie
afb0fd5a23 Skip policy consumption test when the rule server is not enabled 2022-01-21 12:28:59 +00:00
gnuxie
4537cf0d8a Add test for ruleserver policy consumption.
Ensures that the consumer of the ruleserver rules is enforcing them.
2022-01-21 12:13:04 +00:00
gnuxie
7ee3ce1dd2 rename onReactionTo to getFirstReaction 2022-01-21 12:13:04 +00:00
gnuxie
9048322709 Improvements to manual testing with the test:manual script.
- Use the configured username & password when registering the test user to run Mjolnir with (was hardcoded).
- Remove bogus imports from the helper that have accidentally been introduced with VSCode.
- Keep `enable_registration: true` in the homeserver config to save time.
2022-01-21 10:11:01 +00:00
Jess Porter
941d10b015
never mutate config.managementRoom in-place (#184) 2022-01-17 16:24:12 +00:00
David Teller
7f07caca3f [CI] Retry registration attempts 2022-01-07 14:06:10 +01:00