Add room creation checks to spam checker

Lets the spam checker deny attempts to create rooms and add aliases to them.
2024-10-01 08:25:44 -04:00 · 2017-10-04 10:47:54 +01:00 · 2017-10-04 10:47:54 +01:00 · 197c14dbcf
commit 197c14dbcf
parent 5f20a91fa1
3 changed files with 47 additions and 0 deletions
--- a/synapse/events/spamcheck.py
+++ b/synapse/events/spamcheck.py
@ -61,3 +61,35 @@ class SpamChecker(object):
            return True

        return self.spam_checker.user_may_invite(userid, room_id)
+
+    def user_may_create_room(self, userid):
+        """Checks if a given user may create a room
+
+        If this method returns false, the creation request will be rejected.
+
+        Args:
+            userid (string): The sender's user ID
+
+        Returns:
+            bool: True if the user may create a room, otherwise False
+        """
+        if self.spam_checker is None:
+            return True
+
+        return self.spam_checker.user_may_create_room(userid)
+
+    def user_may_create_room_alias(self, userid, room_alias):
+        """Checks if a given user may create a room alias
+
+        If this method returns false, the association request will be rejected.
+
+        Args:
+            userid (string): The sender's user ID
+
+        Returns:
+            bool: True if the user may create a room alias, otherwise False
+        """
+        if self.spam_checker is None:
+            return True
+
+        return self.spam_checker.user_may_create_room_alias(userid, room_alias)
--- a/synapse/handlers/directory.py
+++ b/synapse/handlers/directory.py
@ -40,6 +40,8 @@ class DirectoryHandler(BaseHandler):
            "directory", self.on_directory_query
        )

+        self.spam_checker = hs.get_spam_checker()
+
    @defer.inlineCallbacks
    def _create_association(self, room_alias, room_id, servers=None, creator=None):
        # general association creation for both human users and app services
@ -73,6 +75,11 @@ class DirectoryHandler(BaseHandler):
        # association creation for human users
        # TODO(erikj): Do user auth.

+        if not self.spam_checker.user_may_create_room_alias(user_id, room_alias):
+            raise SynapseError(
+                403, "This user is not permitted to create this alias",
+            )
+
        can_create = yield self.can_modify_alias(
            room_alias,
            user_id=user_id
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@ -60,6 +60,11 @@ class RoomCreationHandler(BaseHandler):
        },
    }

+    def __init__(self, hs):
+        super(RoomCreationHandler, self).__init__(hs)
+
+        self.spam_checker = hs.get_spam_checker()
+
    @defer.inlineCallbacks
    def create_room(self, requester, config, ratelimit=True):
        """ Creates a new room.
@ -75,6 +80,9 @@ class RoomCreationHandler(BaseHandler):
        """
        user_id = requester.user.to_string()

+        if not self.spam_checker.user_may_create_room(user_id):
+                raise SynapseError(403, "You are not permitted to create rooms")
+
        if ratelimit:
            yield self.ratelimit(requester)