mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-12-21 12:17:44 -05:00
Admin API endpoint to delete a reported event (#15116)
* Admin api to delete event report * lint + tests * newsfile * Apply suggestions from code review Co-authored-by: David Robertson <david.m.robertson1@gmail.com> * revert changes - move to WorkerStore * update unit test * Note that timestamp is in millseconds --------- Co-authored-by: David Robertson <david.m.robertson1@gmail.com>
This commit is contained in:
parent
1cd4fbc51d
commit
93f7955eba
1
changelog.d/15116.feature
Normal file
1
changelog.d/15116.feature
Normal file
@ -0,0 +1 @@
|
|||||||
|
Add an [admin API](https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/index.html) to delete a [specific event report](https://spec.matrix.org/v1.6/client-server-api/#reporting-content).
|
@ -169,3 +169,17 @@ The following fields are returned in the JSON response body:
|
|||||||
* `canonical_alias`: string - The canonical alias of the room. `null` if the room does not
|
* `canonical_alias`: string - The canonical alias of the room. `null` if the room does not
|
||||||
have a canonical alias set.
|
have a canonical alias set.
|
||||||
* `event_json`: object - Details of the original event that was reported.
|
* `event_json`: object - Details of the original event that was reported.
|
||||||
|
|
||||||
|
# Delete a specific event report
|
||||||
|
|
||||||
|
This API deletes a specific event report. If the request is successful, the response body
|
||||||
|
will be an empty JSON object.
|
||||||
|
|
||||||
|
The api is:
|
||||||
|
```
|
||||||
|
DELETE /_synapse/admin/v1/event_reports/<report_id>
|
||||||
|
```
|
||||||
|
|
||||||
|
**URL parameters:**
|
||||||
|
|
||||||
|
* `report_id`: string - The ID of the event report.
|
||||||
|
@ -53,11 +53,11 @@ class EventReportsRestServlet(RestServlet):
|
|||||||
PATTERNS = admin_patterns("/event_reports$")
|
PATTERNS = admin_patterns("/event_reports$")
|
||||||
|
|
||||||
def __init__(self, hs: "HomeServer"):
|
def __init__(self, hs: "HomeServer"):
|
||||||
self.auth = hs.get_auth()
|
self._auth = hs.get_auth()
|
||||||
self.store = hs.get_datastores().main
|
self._store = hs.get_datastores().main
|
||||||
|
|
||||||
async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
async def on_GET(self, request: SynapseRequest) -> Tuple[int, JsonDict]:
|
||||||
await assert_requester_is_admin(self.auth, request)
|
await assert_requester_is_admin(self._auth, request)
|
||||||
|
|
||||||
start = parse_integer(request, "from", default=0)
|
start = parse_integer(request, "from", default=0)
|
||||||
limit = parse_integer(request, "limit", default=100)
|
limit = parse_integer(request, "limit", default=100)
|
||||||
@ -79,7 +79,7 @@ class EventReportsRestServlet(RestServlet):
|
|||||||
errcode=Codes.INVALID_PARAM,
|
errcode=Codes.INVALID_PARAM,
|
||||||
)
|
)
|
||||||
|
|
||||||
event_reports, total = await self.store.get_event_reports_paginate(
|
event_reports, total = await self._store.get_event_reports_paginate(
|
||||||
start, limit, direction, user_id, room_id
|
start, limit, direction, user_id, room_id
|
||||||
)
|
)
|
||||||
ret = {"event_reports": event_reports, "total": total}
|
ret = {"event_reports": event_reports, "total": total}
|
||||||
@ -108,13 +108,13 @@ class EventReportDetailRestServlet(RestServlet):
|
|||||||
PATTERNS = admin_patterns("/event_reports/(?P<report_id>[^/]*)$")
|
PATTERNS = admin_patterns("/event_reports/(?P<report_id>[^/]*)$")
|
||||||
|
|
||||||
def __init__(self, hs: "HomeServer"):
|
def __init__(self, hs: "HomeServer"):
|
||||||
self.auth = hs.get_auth()
|
self._auth = hs.get_auth()
|
||||||
self.store = hs.get_datastores().main
|
self._store = hs.get_datastores().main
|
||||||
|
|
||||||
async def on_GET(
|
async def on_GET(
|
||||||
self, request: SynapseRequest, report_id: str
|
self, request: SynapseRequest, report_id: str
|
||||||
) -> Tuple[int, JsonDict]:
|
) -> Tuple[int, JsonDict]:
|
||||||
await assert_requester_is_admin(self.auth, request)
|
await assert_requester_is_admin(self._auth, request)
|
||||||
|
|
||||||
message = (
|
message = (
|
||||||
"The report_id parameter must be a string representing a positive integer."
|
"The report_id parameter must be a string representing a positive integer."
|
||||||
@ -131,8 +131,33 @@ class EventReportDetailRestServlet(RestServlet):
|
|||||||
HTTPStatus.BAD_REQUEST, message, errcode=Codes.INVALID_PARAM
|
HTTPStatus.BAD_REQUEST, message, errcode=Codes.INVALID_PARAM
|
||||||
)
|
)
|
||||||
|
|
||||||
ret = await self.store.get_event_report(resolved_report_id)
|
ret = await self._store.get_event_report(resolved_report_id)
|
||||||
if not ret:
|
if not ret:
|
||||||
raise NotFoundError("Event report not found")
|
raise NotFoundError("Event report not found")
|
||||||
|
|
||||||
return HTTPStatus.OK, ret
|
return HTTPStatus.OK, ret
|
||||||
|
|
||||||
|
async def on_DELETE(
|
||||||
|
self, request: SynapseRequest, report_id: str
|
||||||
|
) -> Tuple[int, JsonDict]:
|
||||||
|
await assert_requester_is_admin(self._auth, request)
|
||||||
|
|
||||||
|
message = (
|
||||||
|
"The report_id parameter must be a string representing a positive integer."
|
||||||
|
)
|
||||||
|
try:
|
||||||
|
resolved_report_id = int(report_id)
|
||||||
|
except ValueError:
|
||||||
|
raise SynapseError(
|
||||||
|
HTTPStatus.BAD_REQUEST, message, errcode=Codes.INVALID_PARAM
|
||||||
|
)
|
||||||
|
|
||||||
|
if resolved_report_id < 0:
|
||||||
|
raise SynapseError(
|
||||||
|
HTTPStatus.BAD_REQUEST, message, errcode=Codes.INVALID_PARAM
|
||||||
|
)
|
||||||
|
|
||||||
|
if await self._store.delete_event_report(resolved_report_id):
|
||||||
|
return HTTPStatus.OK, {}
|
||||||
|
|
||||||
|
raise NotFoundError("Event report not found")
|
||||||
|
@ -1417,6 +1417,27 @@ class RoomWorkerStore(CacheInvalidationWorkerStore):
|
|||||||
get_un_partial_stated_rooms_from_stream_txn,
|
get_un_partial_stated_rooms_from_stream_txn,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
async def delete_event_report(self, report_id: int) -> bool:
|
||||||
|
"""Remove an event report from database.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
report_id: Report to delete
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
Whether the report was successfully deleted or not.
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
await self.db_pool.simple_delete_one(
|
||||||
|
table="event_reports",
|
||||||
|
keyvalues={"id": report_id},
|
||||||
|
desc="delete_event_report",
|
||||||
|
)
|
||||||
|
except StoreError:
|
||||||
|
# Deletion failed because report does not exist
|
||||||
|
return False
|
||||||
|
|
||||||
|
return True
|
||||||
|
|
||||||
|
|
||||||
class _BackgroundUpdates:
|
class _BackgroundUpdates:
|
||||||
REMOVE_TOMESTONED_ROOMS_BG_UPDATE = "remove_tombstoned_rooms_from_directory"
|
REMOVE_TOMESTONED_ROOMS_BG_UPDATE = "remove_tombstoned_rooms_from_directory"
|
||||||
@ -2139,7 +2160,19 @@ class RoomStore(RoomBackgroundUpdateStore, RoomWorkerStore):
|
|||||||
reason: Optional[str],
|
reason: Optional[str],
|
||||||
content: JsonDict,
|
content: JsonDict,
|
||||||
received_ts: int,
|
received_ts: int,
|
||||||
) -> None:
|
) -> int:
|
||||||
|
"""Add an event report
|
||||||
|
|
||||||
|
Args:
|
||||||
|
room_id: Room that contains the reported event.
|
||||||
|
event_id: The reported event.
|
||||||
|
user_id: User who reports the event.
|
||||||
|
reason: Description that the user specifies.
|
||||||
|
content: Report request body (score and reason).
|
||||||
|
received_ts: Time when the user submitted the report (milliseconds).
|
||||||
|
Returns:
|
||||||
|
Id of the event report.
|
||||||
|
"""
|
||||||
next_id = self._event_reports_id_gen.get_next()
|
next_id = self._event_reports_id_gen.get_next()
|
||||||
await self.db_pool.simple_insert(
|
await self.db_pool.simple_insert(
|
||||||
table="event_reports",
|
table="event_reports",
|
||||||
@ -2154,6 +2187,7 @@ class RoomStore(RoomBackgroundUpdateStore, RoomWorkerStore):
|
|||||||
},
|
},
|
||||||
desc="add_event_report",
|
desc="add_event_report",
|
||||||
)
|
)
|
||||||
|
return next_id
|
||||||
|
|
||||||
async def get_event_report(self, report_id: int) -> Optional[Dict[str, Any]]:
|
async def get_event_report(self, report_id: int) -> Optional[Dict[str, Any]]:
|
||||||
"""Retrieve an event report
|
"""Retrieve an event report
|
||||||
|
@ -78,7 +78,7 @@ class EventReportsTestCase(unittest.HomeserverTestCase):
|
|||||||
"""
|
"""
|
||||||
Try to get an event report without authentication.
|
Try to get an event report without authentication.
|
||||||
"""
|
"""
|
||||||
channel = self.make_request("GET", self.url, b"{}")
|
channel = self.make_request("GET", self.url, {})
|
||||||
|
|
||||||
self.assertEqual(401, channel.code, msg=channel.json_body)
|
self.assertEqual(401, channel.code, msg=channel.json_body)
|
||||||
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
|
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
|
||||||
@ -473,7 +473,7 @@ class EventReportDetailTestCase(unittest.HomeserverTestCase):
|
|||||||
"""
|
"""
|
||||||
Try to get event report without authentication.
|
Try to get event report without authentication.
|
||||||
"""
|
"""
|
||||||
channel = self.make_request("GET", self.url, b"{}")
|
channel = self.make_request("GET", self.url, {})
|
||||||
|
|
||||||
self.assertEqual(401, channel.code, msg=channel.json_body)
|
self.assertEqual(401, channel.code, msg=channel.json_body)
|
||||||
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
|
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
|
||||||
@ -599,3 +599,142 @@ class EventReportDetailTestCase(unittest.HomeserverTestCase):
|
|||||||
self.assertIn("room_id", content["event_json"])
|
self.assertIn("room_id", content["event_json"])
|
||||||
self.assertIn("sender", content["event_json"])
|
self.assertIn("sender", content["event_json"])
|
||||||
self.assertIn("content", content["event_json"])
|
self.assertIn("content", content["event_json"])
|
||||||
|
|
||||||
|
|
||||||
|
class DeleteEventReportTestCase(unittest.HomeserverTestCase):
|
||||||
|
servlets = [
|
||||||
|
synapse.rest.admin.register_servlets,
|
||||||
|
login.register_servlets,
|
||||||
|
]
|
||||||
|
|
||||||
|
def prepare(self, reactor: MemoryReactor, clock: Clock, hs: HomeServer) -> None:
|
||||||
|
self._store = hs.get_datastores().main
|
||||||
|
|
||||||
|
self.admin_user = self.register_user("admin", "pass", admin=True)
|
||||||
|
self.admin_user_tok = self.login("admin", "pass")
|
||||||
|
|
||||||
|
self.other_user = self.register_user("user", "pass")
|
||||||
|
self.other_user_tok = self.login("user", "pass")
|
||||||
|
|
||||||
|
# create report
|
||||||
|
event_id = self.get_success(
|
||||||
|
self._store.add_event_report(
|
||||||
|
"room_id",
|
||||||
|
"event_id",
|
||||||
|
self.other_user,
|
||||||
|
"this makes me sad",
|
||||||
|
{},
|
||||||
|
self.clock.time_msec(),
|
||||||
|
)
|
||||||
|
)
|
||||||
|
|
||||||
|
self.url = f"/_synapse/admin/v1/event_reports/{event_id}"
|
||||||
|
|
||||||
|
def test_no_auth(self) -> None:
|
||||||
|
"""
|
||||||
|
Try to delete event report without authentication.
|
||||||
|
"""
|
||||||
|
channel = self.make_request("DELETE", self.url)
|
||||||
|
|
||||||
|
self.assertEqual(401, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.MISSING_TOKEN, channel.json_body["errcode"])
|
||||||
|
|
||||||
|
def test_requester_is_no_admin(self) -> None:
|
||||||
|
"""
|
||||||
|
If the user is not a server admin, an error 403 is returned.
|
||||||
|
"""
|
||||||
|
|
||||||
|
channel = self.make_request(
|
||||||
|
"DELETE",
|
||||||
|
self.url,
|
||||||
|
access_token=self.other_user_tok,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(403, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
|
||||||
|
|
||||||
|
def test_delete_success(self) -> None:
|
||||||
|
"""
|
||||||
|
Testing delete a report.
|
||||||
|
"""
|
||||||
|
|
||||||
|
channel = self.make_request(
|
||||||
|
"DELETE",
|
||||||
|
self.url,
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(200, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual({}, channel.json_body)
|
||||||
|
|
||||||
|
channel = self.make_request(
|
||||||
|
"GET",
|
||||||
|
self.url,
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
|
||||||
|
# check that report was deleted
|
||||||
|
self.assertEqual(404, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])
|
||||||
|
|
||||||
|
def test_invalid_report_id(self) -> None:
|
||||||
|
"""
|
||||||
|
Testing that an invalid `report_id` returns a 400.
|
||||||
|
"""
|
||||||
|
|
||||||
|
# `report_id` is negative
|
||||||
|
channel = self.make_request(
|
||||||
|
"DELETE",
|
||||||
|
"/_synapse/admin/v1/event_reports/-123",
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(400, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
|
||||||
|
self.assertEqual(
|
||||||
|
"The report_id parameter must be a string representing a positive integer.",
|
||||||
|
channel.json_body["error"],
|
||||||
|
)
|
||||||
|
|
||||||
|
# `report_id` is a non-numerical string
|
||||||
|
channel = self.make_request(
|
||||||
|
"DELETE",
|
||||||
|
"/_synapse/admin/v1/event_reports/abcdef",
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(400, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
|
||||||
|
self.assertEqual(
|
||||||
|
"The report_id parameter must be a string representing a positive integer.",
|
||||||
|
channel.json_body["error"],
|
||||||
|
)
|
||||||
|
|
||||||
|
# `report_id` is undefined
|
||||||
|
channel = self.make_request(
|
||||||
|
"DELETE",
|
||||||
|
"/_synapse/admin/v1/event_reports/",
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(400, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.INVALID_PARAM, channel.json_body["errcode"])
|
||||||
|
self.assertEqual(
|
||||||
|
"The report_id parameter must be a string representing a positive integer.",
|
||||||
|
channel.json_body["error"],
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_report_id_not_found(self) -> None:
|
||||||
|
"""
|
||||||
|
Testing that a not existing `report_id` returns a 404.
|
||||||
|
"""
|
||||||
|
|
||||||
|
channel = self.make_request(
|
||||||
|
"DELETE",
|
||||||
|
"/_synapse/admin/v1/event_reports/123",
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.assertEqual(404, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.NOT_FOUND, channel.json_body["errcode"])
|
||||||
|
self.assertEqual("Event report not found", channel.json_body["error"])
|
||||||
|
Loading…
Reference in New Issue
Block a user