summary refs log tree commit diff
path: root/synapse/api/auth.py
diff options
context:
space:
mode:
authorJason Robinson <jasonr@matrix.org>2019-09-11 20:22:18 +0300
committerJason Robinson <jasonr@matrix.org>2019-09-11 20:48:31 +0300
commit6d847d8ce69f2cb849633265aaeb4a9df4ff713d (patch)
tree91574da19ab927f1d6ccc2e7122c2c6c4ad172aa /synapse/api/auth.py
parentUse the v2 Identity Service API for lookups (MSC2134 + MSC2140) (#5976) (diff)
downloadsynapse-6d847d8ce69f2cb849633265aaeb4a9df4ff713d.tar.xz
Ensure support users can be registered even if MAU limit is reached
This allows support users to be created even on MAU limits via
the admin API. Support users are excluded from MAU after creation,
so it makes sense to exclude them in creation - except if the
whole host is in disabled state.

Signed-off-by: Jason Robinson <jasonr@matrix.org>
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r--synapse/api/auth.py11
1 files changed, 9 insertions, 2 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index ddc195bc32..9e445cd808 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -25,7 +25,7 @@ from twisted.internet import defer
 import synapse.logging.opentracing as opentracing
 import synapse.types
 from synapse import event_auth
-from synapse.api.constants import EventTypes, JoinRules, Membership
+from synapse.api.constants import EventTypes, JoinRules, Membership, UserTypes
 from synapse.api.errors import (
     AuthError,
     Codes,
@@ -709,7 +709,7 @@ class Auth(object):
             )
 
     @defer.inlineCallbacks
-    def check_auth_blocking(self, user_id=None, threepid=None):
+    def check_auth_blocking(self, user_id=None, threepid=None, user_type=None):
         """Checks if the user should be rejected for some external reason,
         such as monthly active user limiting or global disable flag
 
@@ -722,6 +722,9 @@ class Auth(object):
                 with a MAU blocked server, normally they would be rejected but their
                 threepid is on the reserved list. user_id and
                 threepid should never be set at the same time.
+
+            user_type(str|None): If present, is used to decide whether to check against
+                certain blocking reasons like MAU.
         """
 
         # Never fail an auth check for the server notices users or support user
@@ -759,6 +762,10 @@ class Auth(object):
                     self.hs.config.mau_limits_reserved_threepids, threepid
                 ):
                     return
+            elif user_type == UserTypes.SUPPORT:
+                # If the user does not exist yet and is of type "support",
+                # allow registration. Support users are excluded from MAU checks.
+                return
             # Else if there is no room in the MAU bucket, bail
             current_mau = yield self.store.get_monthly_active_count()
             if current_mau >= self.hs.config.max_mau_value: