fix bug where preserved threepid user comes to sign up and server is mau blocked

author: Neil Johnson <neil@matrix.org> 2018-08-31 10:49:14 +0100
committer: Neil Johnson <neil@matrix.org> 2018-08-31 10:49:14 +0100
commit: ea068d6f3cd5ed1bc9a39b2fd43e19d6d40f18da (patch)
tree: 149068aa0096858c2ad9ff661da4b5108f3a8f98
parent: Port storage/ to Python 3 (#3725) (diff)
download: synapse-ea068d6f3cd5ed1bc9a39b2fd43e19d6d40f18da.tar.xz
5 files changed, 38 insertions, 3 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index a7e3f7a7ac..9c207b9537 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -775,7 +775,7 @@ class Auth(object):
             )
 
     @defer.inlineCallbacks
-    def check_auth_blocking(self, user_id=None):
+    def check_auth_blocking(self, user_id=None, threepid=None):
         """Checks if the user should be rejected for some external reason,
         such as monthly active user limiting or global disable flag
 
@@ -806,6 +806,14 @@ class Auth(object):
                 is_trial = yield self.store.is_trial_user(user_id)
                 if is_trial:
                     return
+            elif threepid:
+                # If the user does not exist yet, but is signing up with a
+                # reserved threepid then pass auth check
+                for tp in self.hs.config.mau_limits_reserved_threepids:
+                    if (threepid['medium'] == tp['medium']
+                            and threepid['address'] == tp['address']):
+                        return
+
             # Else if there is no room in the MAU bucket, bail
             current_mau = yield self.store.get_monthly_active_count()
             if current_mau >= self.hs.config.max_mau_value:
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index f03ee1476b..1e53f2c635 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -125,6 +125,7 @@ class RegistrationHandler(BaseHandler):
         guest_access_token=None,
         make_guest=False,
         admin=False,
+        threepid=None,
     ):
         """Registers a new client on the server.
 
@@ -145,7 +146,7 @@ class RegistrationHandler(BaseHandler):
             RegistrationError if there was a problem registering.
         """
 
-        yield self.auth.check_auth_blocking()
+        yield self.auth.check_auth_blocking(threepid=threepid)
         password_hash = None
         if password:
             password_hash = yield self.auth_handler().hash(password)
diff --git a/synapse/rest/client/v1_only/register.py b/synapse/rest/client/v1_only/register.py
index 5e99cffbcb..2c7bbcb171 100644
--- a/synapse/rest/client/v1_only/register.py
+++ b/synapse/rest/client/v1_only/register.py
@@ -281,11 +281,15 @@ class RegisterRestServlet(ClientV1RestServlet):
             register_json["user"].encode("utf-8")
             if "user" in register_json else None
         )
+        threepid = None
+        if session[LoginType.EMAIL_IDENTITY]:
+            threepid = session["threepidCreds"]
 
         handler = self.handlers.registration_handler
         (user_id, token) = yield handler.register(
             localpart=desired_user_id,
-            password=password
+            password=password,
+            threepid=threepid,
         )
 
         if session[LoginType.EMAIL_IDENTITY]:
diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py
index 2f64155d13..45113e5386 100644
--- a/synapse/rest/client/v2_alpha/register.py
+++ b/synapse/rest/client/v2_alpha/register.py
@@ -395,11 +395,16 @@ class RegisterRestServlet(RestServlet):
             if desired_username is not None:
                 desired_username = desired_username.lower()
 
+            threepid = None
+            if auth_result:
+                threepid = auth_result.get(LoginType.EMAIL_IDENTITY)
+
             (registered_user_id, _) = yield self.registration_handler.register(
                 localpart=desired_username,
                 password=new_password,
                 guest_access_token=guest_access_token,
                 generate_token=False,
+                threepid=threepid,
             )
 
             # remember that we've now registered that user account, and with
diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py
index 54e396d19d..f65a27e5f1 100644
--- a/tests/api/test_auth.py
+++ b/tests/api/test_auth.py
@@ -468,6 +468,23 @@ class AuthTestCase(unittest.TestCase):
         yield self.auth.check_auth_blocking()
 
     @defer.inlineCallbacks
+    def test_reserved_threepid(self):
+        self.hs.config.limit_usage_by_mau = True
+        self.hs.config.max_mau_value = 1
+        threepid = {'medium': 'email', 'address': 'reserved@server.com'}
+        unknown_threepid = {'medium': 'email', 'address': 'unreserved@server.com'}
+        self.hs.config.mau_limits_reserved_threepids = [threepid]
+
+        yield self.store.register(user_id='user1', token="123", password_hash=None)
+        with self.assertRaises(ResourceLimitError):
+            yield self.auth.check_auth_blocking()
+
+        with self.assertRaises(ResourceLimitError):
+            yield self.auth.check_auth_blocking(threepid=unknown_threepid)
+
+        yield self.auth.check_auth_blocking(threepid=threepid)
+
+    @defer.inlineCallbacks
     def test_hs_disabled(self):
         self.hs.config.hs_disabled = True
         self.hs.config.hs_disabled_message = "Reason for being disabled"
author	Neil Johnson <neil@matrix.org>	2018-08-31 10:49:14 +0100
committer	Neil Johnson <neil@matrix.org>	2018-08-31 10:49:14 +0100
commit	ea068d6f3cd5ed1bc9a39b2fd43e19d6d40f18da (patch)
tree	149068aa0096858c2ad9ff661da4b5108f3a8f98
parent	Port storage/ to Python 3 (#3725) (diff)
download	synapse-ea068d6f3cd5ed1bc9a39b2fd43e19d6d40f18da.tar.xz