diff options
| author | Andrew Morgan <andrew@amorgan.xyz> | 2020-05-28 22:43:58 +0100 |
|---|---|---|
| committer | Andrew Morgan <andrew@amorgan.xyz> | 2020-05-28 22:53:23 +0100 |
| commit | 6a07c2d9ad4bcc35627f6d3f48941efd58c9a62d (patch) | |
| tree | 0865220cccf82e991121ebf396989ef66e446769 | |
| parent | Update unittests (diff) | |
| download | synapse-6a07c2d9ad4bcc35627f6d3f48941efd58c9a62d.tar.xz | |
lint
| -rw-r--r-- | synapse/api/ratelimiting.py | 18 | ||||
| -rw-r--r-- | synapse/config/ratelimiting.py | 4 | ||||
| -rw-r--r-- | synapse/handlers/auth.py | 8 | ||||
| -rw-r--r-- | synapse/handlers/register.py | 3 | ||||
| -rw-r--r-- | synapse/rest/client/v1/login.py | 25 | ||||
| -rw-r--r-- | synapse/rest/client/v2_alpha/register.py | 4 | ||||
| -rw-r--r-- | synapse/server.py | 5 | ||||
| -rw-r--r-- | tests/api/test_ratelimiting.py | 20 | ||||
| -rw-r--r-- | tests/handlers/test_profile.py | 1 | ||||
| -rw-r--r-- | tests/replication/slave/storage/_base.py | 4 | ||||
| -rw-r--r-- | tests/rest/client/v1/test_events.py | 3 | ||||
| -rw-r--r-- | tests/rest/client/v1/test_rooms.py | 1 | ||||
| -rw-r--r-- | tests/rest/client/v1/test_typing.py | 1 |
13 files changed, 30 insertions, 67 deletions
diff --git a/synapse/api/ratelimiting.py b/synapse/api/ratelimiting.py index 38d744fd94..13fff302fe 100644 --- a/synapse/api/ratelimiting.py +++ b/synapse/api/ratelimiting.py @@ -40,10 +40,7 @@ class Ratelimiter(object): self.burst_count = burst_count def can_do_action( - self, - key: Any, - time_now_s: int, - update: bool = True, + self, key: Any, time_now_s: int, update: bool = True, ) -> Tuple[bool, float]: """Can the entity (e.g. user or IP address) perform the action? @@ -62,9 +59,7 @@ class Ratelimiter(object): self._prune_message_counts(time_now_s) # Check if there is an existing count entry for this key - action_count, time_start, = self.actions.get( - key, (0.0, time_now_s) - ) + action_count, time_start, = self.actions.get(key, (0.0, time_now_s)) # Check whether performing another action is allowed time_delta = time_now_s - time_start @@ -119,10 +114,7 @@ class Ratelimiter(object): del self.actions[key] def ratelimit( - self, - key: Any, - time_now_s: int, - update: bool = True, + self, key: Any, time_now_s: int, update: bool = True, ): """Checks if an action can be performed. If not, raises a LimitExceededError @@ -135,9 +127,7 @@ class Ratelimiter(object): LimitExceededError: If an action could not be performed, along with the time in milliseconds until the action can be performed again """ - allowed, time_allowed = self.can_do_action( - key, time_now_s, update - ) + allowed, time_allowed = self.can_do_action(key, time_now_s, update) if not allowed: raise LimitExceededError( diff --git a/synapse/config/ratelimiting.py b/synapse/config/ratelimiting.py index 8e42d15fa4..2dd94bae2b 100644 --- a/synapse/config/ratelimiting.py +++ b/synapse/config/ratelimiting.py @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -from ._base import Config - from typing import Dict +from ._base import Config + class RateLimitConfig(object): def __init__( diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 9aab4692f1..089c94f8b6 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -201,9 +201,7 @@ class AuthHandler(BaseHandler): # Check if we should be ratelimited due to too many previous failed attempts self._failed_uia_attempts_ratelimiter.ratelimit( - user_id, - time_now_s=self._clock.time(), - update=False, + user_id, time_now_s=self._clock.time(), update=False, ) # build a list of supported flows @@ -216,9 +214,7 @@ class AuthHandler(BaseHandler): except LoginError: # Update the ratelimite to say we failed (`can_do_action` doesn't raise). self._failed_uia_attempts_ratelimiter.can_do_action( - user_id, - time_now_s=self._clock.time(), - update=True, + user_id, time_now_s=self._clock.time(), update=True, ) raise diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py index 99e2b3fb2c..ce18b33a63 100644 --- a/synapse/handlers/register.py +++ b/synapse/handlers/register.py @@ -428,8 +428,7 @@ class RegistrationHandler(BaseHandler): time_now = self.clock.time() self.ratelimiter.ratelimit( - address, - time_now_s=time_now, + address, time_now_s=time_now, ) def register_with_store( diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index 2754a04669..19c392849a 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -16,7 +16,6 @@ import logging from synapse.api.errors import Codes, LoginError, SynapseError -from synapse.api.ratelimiting import Ratelimiter from synapse.http.server import finish_request from synapse.http.servlet import ( RestServlet, @@ -129,9 +128,7 @@ class LoginRestServlet(RestServlet): async def on_POST(self, request): self._account_ratelimiter.ratelimit( - request.getClientIP(), - time_now_s=self.hs.clock.time(), - update=True, + request.getClientIP(), time_now_s=self.hs.clock.time(), update=True, ) login_submission = parse_json_object_from_request(request) @@ -201,9 +198,7 @@ class LoginRestServlet(RestServlet): # We also apply account rate limiting using the 3PID as a key, as # otherwise using 3PID bypasses the ratelimiting based on user ID. self._failed_attempts_ratelimiter.ratelimit( - (medium, address), - time_now_s=self._clock.time(), - update=False, + (medium, address), time_now_s=self._clock.time(), update=False, ) # Check for login providers that support 3pid login types @@ -239,9 +234,7 @@ class LoginRestServlet(RestServlet): # this code path, which is fine as then the per-user ratelimit # will kick in below. self._failed_attempts_ratelimiter.can_do_action( - (medium, address), - time_now_s=self._clock.time(), - update=True, + (medium, address), time_now_s=self._clock.time(), update=True, ) raise LoginError(403, "", errcode=Codes.FORBIDDEN) @@ -261,9 +254,7 @@ class LoginRestServlet(RestServlet): # Check if we've hit the failed ratelimit (but don't update it) self._failed_attempts_ratelimiter.ratelimit( - qualified_user_id.lower(), - time_now_s=self._clock.time(), - update=False, + qualified_user_id.lower(), time_now_s=self._clock.time(), update=False, ) try: @@ -276,9 +267,7 @@ class LoginRestServlet(RestServlet): # exception and masking the LoginError. The actual ratelimiting # should have happened above. self._failed_attempts_ratelimiter.can_do_action( - qualified_user_id.lower(), - time_now_s=self._clock.time(), - update=True, + qualified_user_id.lower(), time_now_s=self._clock.time(), update=True, ) raise @@ -313,9 +302,7 @@ class LoginRestServlet(RestServlet): # too often. This happens here rather than before as we don't # necessarily know the user before now. self._account_ratelimiter.ratelimit( - user_id.lower(), - time_now_s=self._clock.time(), - update=True, + user_id.lower(), time_now_s=self._clock.time(), update=True, ) if create_non_existant_users: diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py index 7800604938..8567cbcab3 100644 --- a/synapse/rest/client/v2_alpha/register.py +++ b/synapse/rest/client/v2_alpha/register.py @@ -399,9 +399,7 @@ class RegisterRestServlet(RestServlet): time_now = self.clock.time() allowed, time_allowed = self.ratelimiter.can_do_action( - client_addr, - time_now_s=time_now, - update=False, + client_addr, time_now_s=time_now, update=False, ) if not allowed: diff --git a/synapse/server.py b/synapse/server.py index 440c6807d0..fc39b57135 100644 --- a/synapse/server.py +++ b/synapse/server.py @@ -244,10 +244,7 @@ class HomeServer(object): self.clock = Clock(reactor) self.distributor = Distributor() # The rate_hz and burst_count is overridden on a per-user basis - self.request_ratelimiter = Ratelimiter( - rate_hz=0, - burst_count=0, - ) + self.request_ratelimiter = Ratelimiter(rate_hz=0, burst_count=0,) if config.rc_admin_redaction: self.admin_redaction_ratelimiter = Ratelimiter( rate_hz=config.rc_admin_redaction.per_second, diff --git a/tests/api/test_ratelimiting.py b/tests/api/test_ratelimiting.py index 98336a0907..973c7e007c 100644 --- a/tests/api/test_ratelimiting.py +++ b/tests/api/test_ratelimiting.py @@ -6,34 +6,24 @@ from tests import unittest class TestRatelimiter(unittest.TestCase): def test_allowed(self): limiter = Ratelimiter(rate_hz=0.1, burst_count=1) - allowed, time_allowed = limiter.can_do_action( - key="test_id", time_now_s=0 - ) + allowed, time_allowed = limiter.can_do_action(key="test_id", time_now_s=0) self.assertTrue(allowed) self.assertEquals(10.0, time_allowed) - allowed, time_allowed = limiter.can_do_action( - key="test_id", time_now_s=5 - ) + allowed, time_allowed = limiter.can_do_action(key="test_id", time_now_s=5) self.assertFalse(allowed) self.assertEquals(10.0, time_allowed) - allowed, time_allowed = limiter.can_do_action( - key="test_id", time_now_s=10 - ) + allowed, time_allowed = limiter.can_do_action(key="test_id", time_now_s=10) self.assertTrue(allowed) self.assertEquals(20.0, time_allowed) def test_pruning(self): limiter = Ratelimiter(rate_hz=0.1, burst_count=1) - _, _ = limiter.can_do_action( - key="test_id_1", time_now_s=0 - ) + _, _ = limiter.can_do_action(key="test_id_1", time_now_s=0) self.assertIn("test_id_1", limiter.actions) - _, _ = limiter.can_do_action( - key="test_id_2", time_now_s=10 - ) + _, _ = limiter.can_do_action(key="test_id_2", time_now_s=10) self.assertNotIn("test_id_1", limiter.actions) diff --git a/tests/handlers/test_profile.py b/tests/handlers/test_profile.py index a34c70f5a7..5b2dcde2ba 100644 --- a/tests/handlers/test_profile.py +++ b/tests/handlers/test_profile.py @@ -56,6 +56,7 @@ class ProfileTestCase(unittest.TestCase): federation_server=Mock(), federation_registry=self.mock_registry, request_ratelimiter=NonCallableMock( + # rate_hz and burst_count are overridden in BaseHandler spec_set=["can_do_action", "ratelimit", "rate_hz", "burst_count"] ), login_ratelimiter=NonCallableMock(spec_set=["can_do_action", "ratelimit"]), diff --git a/tests/replication/slave/storage/_base.py b/tests/replication/slave/storage/_base.py index 928a3da223..49d22d9487 100644 --- a/tests/replication/slave/storage/_base.py +++ b/tests/replication/slave/storage/_base.py @@ -23,7 +23,9 @@ class BaseSlavedStoreTestCase(BaseStreamTestCase): hs = self.setup_test_homeserver( federation_client=Mock(), - request_ratelimiter=NonCallableMock(spec_set=["can_do_action", "ratelimit"]), + request_ratelimiter=NonCallableMock( + spec_set=["can_do_action", "ratelimit"] + ), login_ratelimiter=NonCallableMock(spec_set=["can_do_action", "ratelimit"]), ) diff --git a/tests/rest/client/v1/test_events.py b/tests/rest/client/v1/test_events.py index 1c42f4063f..1ceba01494 100644 --- a/tests/rest/client/v1/test_events.py +++ b/tests/rest/client/v1/test_events.py @@ -43,9 +43,10 @@ class EventStreamPermissionsTestCase(unittest.HomeserverTestCase): hs = self.setup_test_homeserver( config=config, request_ratelimiter=NonCallableMock( + # rate_hz and burst_count are overridden in BaseHandler spec_set=["can_do_action", "ratelimit", "rate_hz", "burst_count"] ), - login_ratelimiter = NonCallableMock(spec_set=["can_do_action", "ratelimit"]), + login_ratelimiter=NonCallableMock(spec_set=["can_do_action", "ratelimit"]), ) self.request_ratelimiter = hs.get_request_ratelimiter() self.request_ratelimiter.can_do_action.return_value = (True, 0) diff --git a/tests/rest/client/v1/test_rooms.py b/tests/rest/client/v1/test_rooms.py index a07884f20d..28b7ce085b 100644 --- a/tests/rest/client/v1/test_rooms.py +++ b/tests/rest/client/v1/test_rooms.py @@ -50,6 +50,7 @@ class RoomBase(unittest.HomeserverTestCase): http_client=None, federation_client=Mock(), request_ratelimiter=NonCallableMock( + # rate_hz and burst_count are overridden in BaseHandler spec_set=["can_do_action", "ratelimit", "rate_hz", "burst_count"] ), login_ratelimiter=NonCallableMock(spec_set=["can_do_action", "ratelimit"]), diff --git a/tests/rest/client/v1/test_typing.py b/tests/rest/client/v1/test_typing.py index 30bb6bd34a..27d38d354a 100644 --- a/tests/rest/client/v1/test_typing.py +++ b/tests/rest/client/v1/test_typing.py @@ -43,6 +43,7 @@ class RoomTypingTestCase(unittest.HomeserverTestCase): http_client=None, federation_client=Mock(), request_ratelimiter=NonCallableMock( + # rate_hz and burst_count are overridden in BaseHandler spec_set=["can_do_action", "ratelimit", "rate_hz", "burst_count"] ), login_ratelimiter=NonCallableMock(spec_set=["can_do_action", "ratelimit"]), |