summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2020-12-17 12:04:14 +0000
committerErik Johnston <erik@matrix.org>2020-12-17 12:04:14 +0000
commit7932d4e9f7e140ef05a3099e18120101019ec3e1 (patch)
tree0a1e67cd20b3c6729d09e4ffbbc96868783b05b0
parent 1.24.0 (diff)
downloadsynapse-7932d4e9f7e140ef05a3099e18120101019ec3e1.tar.xz
Don't MAU limit AS ghost users
-rw-r--r--synapse/api/auth_blocking.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/api/auth_blocking.py b/synapse/api/auth_blocking.py
index 9c227218e0..d8088f524a 100644
--- a/synapse/api/auth_blocking.py
+++ b/synapse/api/auth_blocking.py
@@ -36,6 +36,7 @@ class AuthBlocking:
         self._limit_usage_by_mau = hs.config.limit_usage_by_mau
         self._mau_limits_reserved_threepids = hs.config.mau_limits_reserved_threepids
         self._server_name = hs.hostname
+        self._track_appservice_user_ips = hs.config.appservice.track_appservice_user_ips
 
     async def check_auth_blocking(
         self,
@@ -76,6 +77,12 @@ class AuthBlocking:
                 # We never block the server from doing actions on behalf of
                 # users.
                 return
+            elif requester.app_service and not self._track_appservice_user_ips:
+                # If we're authenticated as an appservice then we only block
+                # auth if `track_appservice_user_ips` is set, as that option
+                # implicitly means that application services are part of MAU
+                # limits.
+                return
 
         # Never fail an auth check for the server notices users or support user
         # This can be a problem where event creation is prohibited due to blocking