summary refs log tree commit diff
diff options
context:
space:
mode:
authorAndrew Morgan <andrew@amorgan.xyz>2019-11-06 12:01:54 +0000
committerAndrew Morgan <andrew@amorgan.xyz>2019-11-06 12:01:54 +0000
commit4059d61e2608ac823ef04fe37f23fcac2387a37b (patch)
tree813a1ac5f2b4407545fe4a91ab03adc0f3817d17
parentNumeric ID checker now checks @0, don't ratelimit on checking (diff)
downloadsynapse-4059d61e2608ac823ef04fe37f23fcac2387a37b.tar.xz
Don't forget to ratelimit calls outside of RegistrationHandler
-rw-r--r--synapse/handlers/register.py4
-rw-r--r--synapse/replication/http/register.py2
2 files changed, 4 insertions, 2 deletions
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index 3c142a4395..8be82e3754 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -168,7 +168,7 @@ class RegistrationHandler(BaseHandler):
         Raises:
             RegistrationError if there was a problem registering.
         """
-        yield self._check_registration_ratelimit(address)
+        yield self.check_registration_ratelimit(address)
 
         yield self.auth.check_auth_blocking(threepid=threepid)
         password_hash = None
@@ -415,7 +415,7 @@ class RegistrationHandler(BaseHandler):
             ratelimit=False,
         )
 
-    def _check_registration_ratelimit(self, address):
+    def check_registration_ratelimit(self, address):
         """A simple helper method to check whether the registration rate limit has been hit
         for a given IP address
 
diff --git a/synapse/replication/http/register.py b/synapse/replication/http/register.py
index 915cfb9430..6f4bba7aa4 100644
--- a/synapse/replication/http/register.py
+++ b/synapse/replication/http/register.py
@@ -75,6 +75,8 @@ class ReplicationRegisterServlet(ReplicationEndpoint):
     async def _handle_request(self, request, user_id):
         content = parse_json_object_from_request(request)
 
+        await self.registration_handler.check_registration_ratelimit(content["address"])
+
         await self.registration_handler.register_with_store(
             user_id=user_id,
             password_hash=content["password_hash"],