diff options
| author | Erik Johnston <erik@matrix.org> | 2018-08-17 14:15:48 +0100 |
|---|---|---|
| committer | Erik Johnston <erik@matrix.org> | 2018-08-17 14:15:48 +0100 |
| commit | 782689bd408b7d291fef913a318e1a6dda6f13e1 (patch) | |
| tree | 50502568cd0b9966e8c42d48d8db5d6cdf73fe1c /synapse/api | |
| parent | Split ProfileHandler into master and worker (diff) | |
| parent | Merge pull request #3708 from matrix-org/neilj/resource_Limit_block_event_cre... (diff) | |
| download | synapse-782689bd408b7d291fef913a318e1a6dda6f13e1.tar.xz | |
Merge branch 'develop' of github.com:matrix-org/synapse into erikj/split_profiles
Diffstat (limited to 'synapse/api')
| -rw-r--r-- | synapse/api/auth.py | 22 | ||||
| -rw-r--r-- | synapse/api/errors.py | 15 |
2 files changed, 30 insertions, 7 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 91b23ff1d7..ab1e3a4e35 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -775,13 +775,31 @@ class Auth(object): ) @defer.inlineCallbacks - def check_auth_blocking(self): + def check_auth_blocking(self, user_id=None): """Checks if the user should be rejected for some external reason, such as monthly active user limiting or global disable flag + + Args: + user_id(str|None): If present, checks for presence against existing + MAU cohort """ + if self.hs.config.hs_disabled: + raise AuthError( + 403, self.hs.config.hs_disabled_message, + errcode=Codes.RESOURCE_LIMIT_EXCEED, + admin_uri=self.hs.config.admin_uri, + ) if self.hs.config.limit_usage_by_mau is True: + # If the user is already part of the MAU cohort + if user_id: + timestamp = yield self.store.user_last_seen_monthly_active(user_id) + if timestamp: + return + # Else if there is no room in the MAU bucket, bail current_mau = yield self.store.get_monthly_active_count() if current_mau >= self.hs.config.max_mau_value: raise AuthError( - 403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED + 403, "Monthly Active User Limit Exceeded", + admin_uri=self.hs.config.admin_uri, + errcode=Codes.RESOURCE_LIMIT_EXCEED ) diff --git a/synapse/api/errors.py b/synapse/api/errors.py index 70400347bc..08f0cb5554 100644 --- a/synapse/api/errors.py +++ b/synapse/api/errors.py @@ -56,7 +56,7 @@ class Codes(object): SERVER_NOT_TRUSTED = "M_SERVER_NOT_TRUSTED" CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN" CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM" - MAU_LIMIT_EXCEEDED = "M_MAU_LIMIT_EXCEEDED" + RESOURCE_LIMIT_EXCEED = "M_RESOURCE_LIMIT_EXCEED" UNSUPPORTED_ROOM_VERSION = "M_UNSUPPORTED_ROOM_VERSION" INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION" @@ -224,11 +224,16 @@ class NotFoundError(SynapseError): class AuthError(SynapseError): """An error raised when there was a problem authorising an event.""" + def __init__(self, code, msg, errcode=Codes.FORBIDDEN, admin_uri=None): + self.admin_uri = admin_uri + super(AuthError, self).__init__(code, msg, errcode=errcode) - def __init__(self, *args, **kwargs): - if "errcode" not in kwargs: - kwargs["errcode"] = Codes.FORBIDDEN - super(AuthError, self).__init__(*args, **kwargs) + def error_dict(self): + return cs_error( + self.msg, + self.errcode, + admin_uri=self.admin_uri, + ) class EventSizeError(SynapseError): |