diff options
| author | Erik Johnston <erik@matrix.org> | 2019-03-18 13:17:49 +0000 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2019-03-18 15:51:00 +0000 |
| commit | b85ff4b894576d6b35a6985a1812c0affe7aa9bf (patch) | |
| tree | 594f8da797334cf63c548858d629a1d0e443e45d | |
| parent | Add invite_list and cloning param to create room rule (diff) | |
| download | synapse-b85ff4b894576d6b35a6985a1812c0affe7aa9bf.tar.xz | |
Add user_may_join_room spam check
| -rw-r--r-- | synapse/events/spamcheck.py | 18 | ||||
| -rw-r--r-- | synapse/handlers/room_member.py | 13 | ||||
| -rw-r--r-- | synapse/rulecheck/domain_rule_checker.py | 5 |
3 files changed, 35 insertions, 1 deletions
diff --git a/synapse/events/spamcheck.py b/synapse/events/spamcheck.py index aa559e1f50..e4fc988cfc 100644 --- a/synapse/events/spamcheck.py +++ b/synapse/events/spamcheck.py @@ -122,3 +122,21 @@ class SpamChecker(object): return True return self.spam_checker.user_may_publish_room(userid, room_id) + + def user_may_join_room(self, userid, room_id, is_invited): + """Checks if a given users is allowed to join a room. + + Is not called when the user creates a room. + + Args: + userid (str) + room_id (str) + is_invited (bool): Whether the user is invited into the room + + Returns: + bool: Whether the user may join the room + """ + if self.spam_checker is None: + return True + + return self.spam_checker.user_may_join_room(userid, room_id, is_invited) diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 1bf500776a..cc673e940a 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -487,8 +487,19 @@ class RoomMemberHandler(object): # so don't really fit into the general auth process. raise AuthError(403, "Guest access not allowed") + inviter = yield self._get_inviter(target.to_string(), room_id) + # We assume that if the spam checker allowed the user to create + # a room then they're allowed to join it. + if not new_room and not self.spam_checker.user_may_join_room( + target.to_string(), room_id, + is_invited=inviter is not None, + new_room=new_room, + ): + raise SynapseError( + 403, "Not allowed to join this room", + ) + if not is_host_in_room: - inviter = yield self._get_inviter(target.to_string(), room_id) if inviter and not self.hs.is_mine(inviter): remote_room_hosts.append(inviter.domain) diff --git a/synapse/rulecheck/domain_rule_checker.py b/synapse/rulecheck/domain_rule_checker.py index ed56f16c6f..9addfd1c1c 100644 --- a/synapse/rulecheck/domain_rule_checker.py +++ b/synapse/rulecheck/domain_rule_checker.py @@ -75,6 +75,11 @@ class DomainRuleChecker(object): """ return True + def user_may_join_room(self, userid, room_id, is_invited, new_room): + """Implements synapse.events.SpamChecker.user_may_join_room + """ + return True + @staticmethod def parse_config(config): """Implements synapse.events.SpamChecker.parse_config |