diff --git a/synapse/config/_base.py b/synapse/config/_base.py
index 1d268a1817..69a8318127 100644
--- a/synapse/config/_base.py
+++ b/synapse/config/_base.py
@@ -186,9 +186,9 @@ class Config:
TypeError, if given something other than an integer or a string
ValueError: if given a string not of the form described above.
"""
- if type(value) is int:
+ if type(value) is int: # noqa: E721
return value
- elif type(value) is str:
+ elif isinstance(value, str):
sizes = {"K": 1024, "M": 1024 * 1024}
size = 1
suffix = value[-1]
@@ -218,9 +218,9 @@ class Config:
TypeError, if given something other than an integer or a string
ValueError: if given a string not of the form described above.
"""
- if type(value) is int:
+ if type(value) is int: # noqa: E721
return value
- elif type(value) is str:
+ elif isinstance(value, str):
second = 1000
minute = 60 * second
hour = 60 * minute
diff --git a/synapse/config/appservice.py b/synapse/config/appservice.py
index 919f81a9b7..a70dfbf41f 100644
--- a/synapse/config/appservice.py
+++ b/synapse/config/appservice.py
@@ -34,7 +34,7 @@ class AppServiceConfig(Config):
def read_config(self, config: JsonDict, **kwargs: Any) -> None:
self.app_service_config_files = config.get("app_service_config_files", [])
if not isinstance(self.app_service_config_files, list) or not all(
- type(x) is str for x in self.app_service_config_files
+ isinstance(x, str) for x in self.app_service_config_files
):
raise ConfigError(
"Expected '%s' to be a list of AS config files:"
diff --git a/synapse/config/cas.py b/synapse/config/cas.py
index c4e63e7411..6e2d9addbf 100644
--- a/synapse/config/cas.py
+++ b/synapse/config/cas.py
@@ -18,7 +18,7 @@ from typing import Any, List
from synapse.config.sso import SsoAttributeRequirement
from synapse.types import JsonDict
-from ._base import Config
+from ._base import Config, ConfigError
from ._util import validate_config
@@ -41,6 +41,16 @@ class CasConfig(Config):
public_baseurl = self.root.server.public_baseurl
self.cas_service_url = public_baseurl + "_matrix/client/r0/login/cas/ticket"
+ self.cas_protocol_version = cas_config.get("protocol_version")
+ if (
+ self.cas_protocol_version is not None
+ and self.cas_protocol_version not in [1, 2, 3]
+ ):
+ raise ConfigError(
+ "Unsupported CAS protocol version %s (only versions 1, 2, 3 are supported)"
+ % (self.cas_protocol_version,),
+ ("cas_config", "protocol_version"),
+ )
self.cas_displayname_attribute = cas_config.get("displayname_attribute")
required_attributes = cas_config.get("required_attributes") or {}
self.cas_required_attributes = _parsed_required_attributes_def(
@@ -54,6 +64,7 @@ class CasConfig(Config):
else:
self.cas_server_url = None
self.cas_service_url = None
+ self.cas_protocol_version = None
self.cas_displayname_attribute = None
self.cas_required_attributes = []
diff --git a/synapse/config/experimental.py b/synapse/config/experimental.py
index 277ea4675b..cabe0d4397 100644
--- a/synapse/config/experimental.py
+++ b/synapse/config/experimental.py
@@ -18,6 +18,7 @@ from typing import TYPE_CHECKING, Any, Optional
import attr
import attr.validators
+from synapse.api.errors import LimitExceededError
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersions
from synapse.config import ConfigError
from synapse.config._base import Config, RootConfig
@@ -383,11 +384,6 @@ class ExperimentalConfig(Config):
# MSC3391: Removing account data.
self.msc3391_enabled = experimental.get("msc3391_enabled", False)
- # MSC3959: Do not generate notifications for edits.
- self.msc3958_supress_edit_notifs = experimental.get(
- "msc3958_supress_edit_notifs", False
- )
-
# MSC3967: Do not require UIA when first uploading cross signing keys
self.msc3967_enabled = experimental.get("msc3967_enabled", False)
@@ -411,3 +407,11 @@ class ExperimentalConfig(Config):
self.msc4010_push_rules_account_data = experimental.get(
"msc4010_push_rules_account_data", False
)
+
+ # MSC4041: Use HTTP header Retry-After to enable library-assisted retry handling
+ #
+ # This is a bit hacky, but the most reasonable way to *alway* include the
+ # headers.
+ LimitExceededError.include_retry_after_header = experimental.get(
+ "msc4041_enabled", False
+ )
diff --git a/synapse/config/ratelimiting.py b/synapse/config/ratelimiting.py
index a5514e70a2..4efbaeac0d 100644
--- a/synapse/config/ratelimiting.py
+++ b/synapse/config/ratelimiting.py
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-from typing import Any, Dict, Optional
+from typing import Any, Dict, Optional, cast
import attr
@@ -21,16 +21,47 @@ from synapse.types import JsonDict
from ._base import Config
+@attr.s(slots=True, frozen=True, auto_attribs=True)
class RatelimitSettings:
- def __init__(
- self,
- config: Dict[str, float],
+ key: str
+ per_second: float
+ burst_count: int
+
+ @classmethod
+ def parse(
+ cls,
+ config: Dict[str, Any],
+ key: str,
defaults: Optional[Dict[str, float]] = None,
- ):
+ ) -> "RatelimitSettings":
+ """Parse config[key] as a new-style rate limiter config.
+
+ The key may refer to a nested dictionary using a full stop (.) to separate
+ each nested key. For example, use the key "a.b.c" to parse the following:
+
+ a:
+ b:
+ c:
+ per_second: 10
+ burst_count: 200
+
+ If this lookup fails, we'll fallback to the defaults.
+ """
defaults = defaults or {"per_second": 0.17, "burst_count": 3.0}
- self.per_second = config.get("per_second", defaults["per_second"])
- self.burst_count = int(config.get("burst_count", defaults["burst_count"]))
+ rl_config = config
+ for part in key.split("."):
+ rl_config = rl_config.get(part, {})
+
+ # By this point we should have hit the rate limiter parameters.
+ # We don't actually check this though!
+ rl_config = cast(Dict[str, float], rl_config)
+
+ return cls(
+ key=key,
+ per_second=rl_config.get("per_second", defaults["per_second"]),
+ burst_count=int(rl_config.get("burst_count", defaults["burst_count"])),
+ )
@attr.s(auto_attribs=True)
@@ -49,15 +80,14 @@ class RatelimitConfig(Config):
# Load the new-style messages config if it exists. Otherwise fall back
# to the old method.
if "rc_message" in config:
- self.rc_message = RatelimitSettings(
- config["rc_message"], defaults={"per_second": 0.2, "burst_count": 10.0}
+ self.rc_message = RatelimitSettings.parse(
+ config, "rc_message", defaults={"per_second": 0.2, "burst_count": 10.0}
)
else:
self.rc_message = RatelimitSettings(
- {
- "per_second": config.get("rc_messages_per_second", 0.2),
- "burst_count": config.get("rc_message_burst_count", 10.0),
- }
+ key="rc_messages",
+ per_second=config.get("rc_messages_per_second", 0.2),
+ burst_count=config.get("rc_message_burst_count", 10.0),
)
# Load the new-style federation config, if it exists. Otherwise, fall
@@ -79,51 +109,59 @@ class RatelimitConfig(Config):
}
)
- self.rc_registration = RatelimitSettings(config.get("rc_registration", {}))
+ self.rc_registration = RatelimitSettings.parse(config, "rc_registration", {})
- self.rc_registration_token_validity = RatelimitSettings(
- config.get("rc_registration_token_validity", {}),
+ self.rc_registration_token_validity = RatelimitSettings.parse(
+ config,
+ "rc_registration_token_validity",
defaults={"per_second": 0.1, "burst_count": 5},
)
# It is reasonable to login with a bunch of devices at once (i.e. when
# setting up an account), but it is *not* valid to continually be
# logging into new devices.
- rc_login_config = config.get("rc_login", {})
- self.rc_login_address = RatelimitSettings(
- rc_login_config.get("address", {}),
+ self.rc_login_address = RatelimitSettings.parse(
+ config,
+ "rc_login.address",
defaults={"per_second": 0.003, "burst_count": 5},
)
- self.rc_login_account = RatelimitSettings(
- rc_login_config.get("account", {}),
+ self.rc_login_account = RatelimitSettings.parse(
+ config,
+ "rc_login.account",
defaults={"per_second": 0.003, "burst_count": 5},
)
- self.rc_login_failed_attempts = RatelimitSettings(
- rc_login_config.get("failed_attempts", {})
+ self.rc_login_failed_attempts = RatelimitSettings.parse(
+ config,
+ "rc_login.failed_attempts",
+ {},
)
self.federation_rr_transactions_per_room_per_second = config.get(
"federation_rr_transactions_per_room_per_second", 50
)
- rc_admin_redaction = config.get("rc_admin_redaction")
self.rc_admin_redaction = None
- if rc_admin_redaction:
- self.rc_admin_redaction = RatelimitSettings(rc_admin_redaction)
+ if "rc_admin_redaction" in config:
+ self.rc_admin_redaction = RatelimitSettings.parse(
+ config, "rc_admin_redaction", {}
+ )
- self.rc_joins_local = RatelimitSettings(
- config.get("rc_joins", {}).get("local", {}),
+ self.rc_joins_local = RatelimitSettings.parse(
+ config,
+ "rc_joins.local",
defaults={"per_second": 0.1, "burst_count": 10},
)
- self.rc_joins_remote = RatelimitSettings(
- config.get("rc_joins", {}).get("remote", {}),
+ self.rc_joins_remote = RatelimitSettings.parse(
+ config,
+ "rc_joins.remote",
defaults={"per_second": 0.01, "burst_count": 10},
)
# Track the rate of joins to a given room. If there are too many, temporarily
# prevent local joins and remote joins via this server.
- self.rc_joins_per_room = RatelimitSettings(
- config.get("rc_joins_per_room", {}),
+ self.rc_joins_per_room = RatelimitSettings.parse(
+ config,
+ "rc_joins_per_room",
defaults={"per_second": 1, "burst_count": 10},
)
@@ -132,31 +170,37 @@ class RatelimitConfig(Config):
# * For requests received over federation this is keyed by the origin.
#
# Note that this isn't exposed in the configuration as it is obscure.
- self.rc_key_requests = RatelimitSettings(
- config.get("rc_key_requests", {}),
+ self.rc_key_requests = RatelimitSettings.parse(
+ config,
+ "rc_key_requests",
defaults={"per_second": 20, "burst_count": 100},
)
- self.rc_3pid_validation = RatelimitSettings(
- config.get("rc_3pid_validation") or {},
+ self.rc_3pid_validation = RatelimitSettings.parse(
+ config,
+ "rc_3pid_validation",
defaults={"per_second": 0.003, "burst_count": 5},
)
- self.rc_invites_per_room = RatelimitSettings(
- config.get("rc_invites", {}).get("per_room", {}),
+ self.rc_invites_per_room = RatelimitSettings.parse(
+ config,
+ "rc_invites.per_room",
defaults={"per_second": 0.3, "burst_count": 10},
)
- self.rc_invites_per_user = RatelimitSettings(
- config.get("rc_invites", {}).get("per_user", {}),
+ self.rc_invites_per_user = RatelimitSettings.parse(
+ config,
+ "rc_invites.per_user",
defaults={"per_second": 0.003, "burst_count": 5},
)
- self.rc_invites_per_issuer = RatelimitSettings(
- config.get("rc_invites", {}).get("per_issuer", {}),
+ self.rc_invites_per_issuer = RatelimitSettings.parse(
+ config,
+ "rc_invites.per_issuer",
defaults={"per_second": 0.3, "burst_count": 10},
)
- self.rc_third_party_invite = RatelimitSettings(
- config.get("rc_third_party_invite", {}),
+ self.rc_third_party_invite = RatelimitSettings.parse(
+ config,
+ "rc_third_party_invite",
defaults={"per_second": 0.0025, "burst_count": 5},
)
|
