Matrix-Mirrors/synapse-product
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse-product.git synced 2025-04-25 13:29:07 -04:00
Code Issues Packages Projects Releases Wiki Activity

Replace also_allow_user with a global config option

Browse Source 
Basically reverts 088977f67607186da8e14232f9f17fa22ccc16c9.

This way is more suitable for self-hosting where there's no gateway to
manage the query parameter.
This commit is contained in:
Tulir Asokan 2021-10-30 14:06:15 +03:00
parent cf45cfd314
commit dbafb7c906
7 changed files with 20 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -29,6 +29,7 @@ use the specific release tags.
filtered away (e.g. `org.matrix.dummy_event` and `m.room.aliases`). filtered away (e.g. `org.matrix.dummy_event` and `m.room.aliases`).
* Config option to allow specific users to use timestamp massaging without * Config option to allow specific users to use timestamp massaging without
being appservice users. being appservice users.
* Config option to allow appservices to use MSC2716 batch sending as any local user.
* Removed bad pusher URL validation. * Removed bad pusher URL validation.
* webp images are thumbnailed to webp instead of jpeg to avoid losing * webp images are thumbnailed to webp instead of jpeg to avoid losing
transparency. transparency.
@ -53,4 +54,6 @@ meow:
# List of users who can use timestamp massaging without being appservices # List of users who can use timestamp massaging without being appservices
timestamp_override: timestamp_override:
- "@you:example.com" - "@you:example.com"
# Whether appservices should be allowed to use MSC2716 batch sending as any local user.
appservice_batch_send_any: false
``` ```

6
synapse/api/auth.py
View File

@ -244,7 +244,7 @@ class Auth:
raise MissingClientTokenError() raise MissingClientTokenError()
async def validate_appservice_can_control_user_id( async def validate_appservice_can_control_user_id(
self, app_service: ApplicationService, user_id: str, also_allow_user: Optional[str] = None self, app_service: ApplicationService, user_id: str, allow_any: bool = False
) -> None: ) -> None:
"""Validates that the app service is allowed to control """Validates that the app service is allowed to control
the given user. the given user.
@ -252,7 +252,7 @@ class Auth:
Args: Args:
app_service: The app service that controls the user app_service: The app service that controls the user
user_id: The author MXID that the app service is controlling user_id: The author MXID that the app service is controlling
also_allow_user: An additional user ID that the appservice can temporarily control allow_any: Allow the appservice to control any local user
Raises: Raises:
AuthError: If the application service is not allowed to control the user AuthError: If the application service is not allowed to control the user
@ -264,7 +264,7 @@ class Auth:
if app_service.sender == user_id: if app_service.sender == user_id:
pass pass
# Check to make sure the app service is allowed to control the user # Check to make sure the app service is allowed to control the user
elif not app_service.is_interested_in_user(user_id) and user_id != also_allow_user: elif not app_service.is_interested_in_user(user_id) and not allow_any:
raise AuthError( raise AuthError(
403, 403,
"Application service cannot masquerade as this user (%s)." % user_id, "Application service cannot masquerade as this user (%s)." % user_id,

2
synapse/config/_base.pyi
View File

@ -17,6 +17,7 @@ from synapse.config import (
jwt, jwt,
key, key,
logger, logger,
meow,
metrics, metrics,
modules, modules,
oidc, oidc,
@ -65,6 +66,7 @@ class RootConfig:
voip: voip.VoipConfig voip: voip.VoipConfig
registration: registration.RegistrationConfig registration: registration.RegistrationConfig
account_validity: account_validity.AccountValidityConfig account_validity: account_validity.AccountValidityConfig
meow: meow.MeowConfig
metrics: metrics.MetricsConfig metrics: metrics.MetricsConfig
api: api.ApiConfig api: api.ApiConfig
appservice: appservice.AppServiceConfig appservice: appservice.AppServiceConfig

2
synapse/config/experimental.py
View File

@ -35,8 +35,6 @@ class ExperimentalConfig(Config):
# MSC2716 (backfill existing history) # MSC2716 (backfill existing history)
self.msc2716_enabled: bool = experimental.get("msc2716_enabled", False) self.msc2716_enabled: bool = experimental.get("msc2716_enabled", False)
self.msc2716_also_allow_user: bool = experimental.get("com.beeper.msc2716_also_allow_user", False)
# MSC2285 (hidden read receipts) # MSC2285 (hidden read receipts)
self.msc2285_enabled: bool = experimental.get("msc2285_enabled", False) self.msc2285_enabled: bool = experimental.get("msc2285_enabled", False)

3
synapse/config/meow.py
View File

@ -29,6 +29,7 @@ class MeowConfig(Config):
self.filter_override = set(meow_config.get("filter_override", [])) self.filter_override = set(meow_config.get("filter_override", []))
self.timestamp_override = set(meow_config.get("timestamp_override", [])) self.timestamp_override = set(meow_config.get("timestamp_override", []))
self.admin_api_register_invalid = meow_config.get("admin_api_register_invalid", True) self.admin_api_register_invalid = meow_config.get("admin_api_register_invalid", True)
self.appservice_batch_send_any = meow_config.get("appservice_batch_send_any", False)
def generate_config_section(self, config_dir_path, server_name, **kwargs): def generate_config_section(self, config_dir_path, server_name, **kwargs):
return """ return """
@ -46,4 +47,6 @@ class MeowConfig(Config):
# - "@you:example.com" # - "@you:example.com"
# # Whether or not the admin API should be able to register invalid user IDs. # # Whether or not the admin API should be able to register invalid user IDs.
# admin_api_register_invalid: true # admin_api_register_invalid: true
# # Whether appservices should be allowed to use MSC2716 batch sending as any local user.
# appservice_batch_send_any: false
""" """

26
synapse/handlers/room_batch.py
View File

@ -1,5 +1,5 @@
import logging import logging
from typing import TYPE_CHECKING, List, Tuple, Optional from typing import TYPE_CHECKING, List, Tuple
from synapse.api.constants import EventContentFields, EventTypes from synapse.api.constants import EventContentFields, EventTypes
from synapse.appservice import ApplicationService from synapse.appservice import ApplicationService
@ -25,6 +25,7 @@ class RoomBatchHandler:
self.event_creation_handler = hs.get_event_creation_handler() self.event_creation_handler = hs.get_event_creation_handler()
self.room_member_handler = hs.get_room_member_handler() self.room_member_handler = hs.get_room_member_handler()
self.auth = hs.get_auth() self.auth = hs.get_auth()
self.allow_send_any = self.hs.config.meow.appservice_batch_send_any
async def inherit_depth_from_prev_ids(self, prev_event_ids: List[str]) -> int: async def inherit_depth_from_prev_ids(self, prev_event_ids: List[str]) -> int:
"""Finds the depth which would sort it after the most-recent """Finds the depth which would sort it after the most-recent
@ -107,7 +108,7 @@ class RoomBatchHandler:
return insertion_event return insertion_event
async def create_requester_for_user_id_from_app_service( async def create_requester_for_user_id_from_app_service(
self, user_id: str, app_service: ApplicationService, also_allow_user: Optional[str] = None, self, user_id: str, app_service: ApplicationService
) -> Requester: ) -> Requester:
"""Creates a new requester for the given user_id """Creates a new requester for the given user_id
and validates that the app service is allowed to control and validates that the app service is allowed to control
@ -116,13 +117,13 @@ class RoomBatchHandler:
Args: Args:
user_id: The author MXID that the app service is controlling user_id: The author MXID that the app service is controlling
app_service: The app service that controls the user app_service: The app service that controls the user
also_allow_user: An additional user ID that the appservice can temporarily control
Returns: Returns:
Requester object Requester object
""" """
await self.auth.validate_appservice_can_control_user_id(app_service, user_id, also_allow_user) await self.auth.validate_appservice_can_control_user_id(app_service, user_id,
allow_any=self.allow_send_any)
return create_requester(user_id, app_service=app_service) return create_requester(user_id, app_service=app_service)
@ -160,7 +161,6 @@ class RoomBatchHandler:
room_id: str, room_id: str,
initial_auth_event_ids: List[str], initial_auth_event_ids: List[str],
app_service_requester: Requester, app_service_requester: Requester,
also_allow_user: Optional[str],
) -> List[str]: ) -> List[str]:
"""Takes all `state_events_at_start` event dictionaries and creates/persists """Takes all `state_events_at_start` event dictionaries and creates/persists
them as floating state events which don't resolve into the current room state. them as floating state events which don't resolve into the current room state.
@ -175,7 +175,6 @@ class RoomBatchHandler:
added to the list of auth events for the next state event added to the list of auth events for the next state event
created. created.
app_service_requester: The requester of an application service. app_service_requester: The requester of an application service.
also_allow_user: An additional user ID that the appservice can temporarily control
Returns: Returns:
List of state event ID's we just persisted List of state event ID's we just persisted
@ -217,8 +216,7 @@ class RoomBatchHandler:
membership = event_dict["content"].get("membership", None) membership = event_dict["content"].get("membership", None)
event_id, _ = await self.room_member_handler.update_membership( event_id, _ = await self.room_member_handler.update_membership(
await self.create_requester_for_user_id_from_app_service( await self.create_requester_for_user_id_from_app_service(
state_event["sender"], app_service_requester.app_service, state_event["sender"], app_service_requester.app_service
also_allow_user,
), ),
target=UserID.from_string(event_dict["state_key"]), target=UserID.from_string(event_dict["state_key"]),
room_id=room_id, room_id=room_id,
@ -240,8 +238,7 @@ class RoomBatchHandler:
_, _,
) = await self.event_creation_handler.create_and_send_nonmember_event( ) = await self.event_creation_handler.create_and_send_nonmember_event(
await self.create_requester_for_user_id_from_app_service( await self.create_requester_for_user_id_from_app_service(
state_event["sender"], app_service_requester.app_service, state_event["sender"], app_service_requester.app_service
also_allow_user,
), ),
event_dict, event_dict,
outlier=True, outlier=True,
@ -268,7 +265,6 @@ class RoomBatchHandler:
inherited_depth: int, inherited_depth: int,
auth_event_ids: List[str], auth_event_ids: List[str],
app_service_requester: Requester, app_service_requester: Requester,
also_allow_user: Optional[str],
) -> List[str]: ) -> List[str]:
"""Create and persists all events provided sequentially. Handles the """Create and persists all events provided sequentially. Handles the
complexity of creating events in chronological order so they can complexity of creating events in chronological order so they can
@ -289,7 +285,6 @@ class RoomBatchHandler:
auth_event_ids: Define which events allow you to create the given auth_event_ids: Define which events allow you to create the given
event in the room. event in the room.
app_service_requester: The requester of an application service. app_service_requester: The requester of an application service.
also_allow_user: An additional user ID that the appservice can temporarily control
Returns: Returns:
List of persisted event IDs List of persisted event IDs
@ -321,7 +316,7 @@ class RoomBatchHandler:
event, context = await self.event_creation_handler.create_event( event, context = await self.event_creation_handler.create_event(
await self.create_requester_for_user_id_from_app_service( await self.create_requester_for_user_id_from_app_service(
ev["sender"], app_service_requester.app_service, also_allow_user, ev["sender"], app_service_requester.app_service
), ),
event_dict, event_dict,
prev_event_ids=event_dict.get("prev_events"), prev_event_ids=event_dict.get("prev_events"),
@ -362,7 +357,7 @@ class RoomBatchHandler:
for (event, context) in reversed(events_to_persist): for (event, context) in reversed(events_to_persist):
await self.event_creation_handler.handle_new_client_event( await self.event_creation_handler.handle_new_client_event(
await self.create_requester_for_user_id_from_app_service( await self.create_requester_for_user_id_from_app_service(
event["sender"], app_service_requester.app_service, also_allow_user, event["sender"], app_service_requester.app_service
), ),
event=event, event=event,
context=context, context=context,
@ -379,7 +374,6 @@ class RoomBatchHandler:
inherited_depth: int, inherited_depth: int,
auth_event_ids: List[str], auth_event_ids: List[str],
app_service_requester: Requester, app_service_requester: Requester,
also_allow_user: Optional[str],
) -> Tuple[List[str], str]: ) -> Tuple[List[str], str]:
""" """
Handles creating and persisting all of the historical events as well Handles creating and persisting all of the historical events as well
@ -399,7 +393,6 @@ class RoomBatchHandler:
auth_event_ids: Define which events allow you to create the given auth_event_ids: Define which events allow you to create the given
event in the room. event in the room.
app_service_requester: The requester of an application service. app_service_requester: The requester of an application service.
also_allow_user: An additional user ID that the appservice can temporarily control
Returns: Returns:
Tuple containing a list of created events and the next_batch_id Tuple containing a list of created events and the next_batch_id
@ -447,7 +440,6 @@ class RoomBatchHandler:
inherited_depth=inherited_depth, inherited_depth=inherited_depth,
auth_event_ids=auth_event_ids, auth_event_ids=auth_event_ids,
app_service_requester=app_service_requester, app_service_requester=app_service_requester,
also_allow_user=also_allow_user,
) )
return event_ids, next_batch_id return event_ids, next_batch_id

5
synapse/rest/client/room_batch.py
View File

@ -80,7 +80,6 @@ class RoomBatchSendEventRestServlet(RestServlet):
self.auth = hs.get_auth() self.auth = hs.get_auth()
self.room_batch_handler = hs.get_room_batch_handler() self.room_batch_handler = hs.get_room_batch_handler()
self.txns = HttpTransactionCache(hs) self.txns = HttpTransactionCache(hs)
self.enable_also_allow_user = hs.config.experimental.msc2716_also_allow_user
async def on_POST( async def on_POST(
self, request: SynapseRequest, room_id: str self, request: SynapseRequest, room_id: str
@ -101,8 +100,6 @@ class RoomBatchSendEventRestServlet(RestServlet):
request.args, "prev_event_id" request.args, "prev_event_id"
) )
batch_id_from_query = parse_string(request, "batch_id") batch_id_from_query = parse_string(request, "batch_id")
also_allow_from_query = (parse_string(request, "com.beeper.also_allow_user")
if self.enable_also_allow_user else None)
if prev_event_ids_from_query is None: if prev_event_ids_from_query is None:
raise SynapseError( raise SynapseError(
@ -143,7 +140,6 @@ class RoomBatchSendEventRestServlet(RestServlet):
room_id=room_id, room_id=room_id,
initial_auth_event_ids=auth_event_ids, initial_auth_event_ids=auth_event_ids,
app_service_requester=requester, app_service_requester=requester,
also_allow_user=also_allow_from_query,
) )
) )
# Update our ongoing auth event ID list with all of the new state we # Update our ongoing auth event ID list with all of the new state we
@ -214,7 +210,6 @@ class RoomBatchSendEventRestServlet(RestServlet):
inherited_depth=inherited_depth, inherited_depth=inherited_depth,
auth_event_ids=auth_event_ids, auth_event_ids=auth_event_ids,
app_service_requester=requester, app_service_requester=requester,
also_allow_user=also_allow_from_query,
) )
insertion_event_id = event_ids[0] insertion_event_id = event_ids[0]