From 1737753a62c90365b8886b9fd3317608a6c402ea Mon Sep 17 00:00:00 2001 From: Travis Ralston Date: Tue, 4 Dec 2018 04:44:41 -0700 Subject: [PATCH] Add an option to enable recording IPs for appservice users (#3831) --- changelog.d/3831.feature | 1 + synapse/api/auth.py | 33 ++++++++++++++++++++++----------- synapse/config/appservice.py | 5 +++++ 3 files changed, 28 insertions(+), 11 deletions(-) create mode 100644 changelog.d/3831.feature diff --git a/changelog.d/3831.feature b/changelog.d/3831.feature new file mode 100644 index 000000000..639558645 --- /dev/null +++ b/changelog.d/3831.feature @@ -0,0 +1 @@ +Add an option to enable recording IPs for appservice users diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 34382e4e3..530989970 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -188,17 +188,33 @@ class Auth(object): """ # Can optionally look elsewhere in the request (e.g. headers) try: - user_id, app_service = yield self._get_appservice_user_id(request) - if user_id: - request.authenticated_entity = user_id - defer.returnValue( - synapse.types.create_requester(user_id, app_service=app_service) - ) + ip_addr = self.hs.get_ip_from_request(request) + user_agent = request.requestHeaders.getRawHeaders( + b"User-Agent", + default=[b""] + )[0].decode('ascii', 'surrogateescape') access_token = self.get_access_token_from_request( request, self.TOKEN_NOT_FOUND_HTTP_STATUS ) + user_id, app_service = yield self._get_appservice_user_id(request) + if user_id: + request.authenticated_entity = user_id + + if ip_addr and self.hs.config.track_appservice_user_ips: + yield self.store.insert_client_ip( + user_id=user_id, + access_token=access_token, + ip=ip_addr, + user_agent=user_agent, + device_id="dummy-device", # stubbed + ) + + defer.returnValue( + synapse.types.create_requester(user_id, app_service=app_service) + ) + user_info = yield self.get_user_by_access_token(access_token, rights) user = user_info["user"] token_id = user_info["token_id"] @@ -208,11 +224,6 @@ class Auth(object): # stubbed out. device_id = user_info.get("device_id") - ip_addr = self.hs.get_ip_from_request(request) - user_agent = request.requestHeaders.getRawHeaders( - b"User-Agent", - default=[b""] - )[0].decode('ascii', 'surrogateescape') if user and access_token and ip_addr: yield self.store.insert_client_ip( user_id=user.to_string(), diff --git a/synapse/config/appservice.py b/synapse/config/appservice.py index 3b161d708..c21cb3dd8 100644 --- a/synapse/config/appservice.py +++ b/synapse/config/appservice.py @@ -33,11 +33,16 @@ class AppServiceConfig(Config): def read_config(self, config): self.app_service_config_files = config.get("app_service_config_files", []) self.notify_appservices = config.get("notify_appservices", True) + self.track_appservice_user_ips = config.get("track_appservice_user_ips", False) def default_config(cls, **kwargs): return """\ # A list of application service config file to use app_service_config_files: [] + + # Whether or not to track application service IP addresses. Implicitly + # enables MAU tracking for application service users. + track_appservice_user_ips: False """