summary refs log tree commit diff
path: root/synapse/api
diff options
context:
space:
mode:
authorJason Robinson <jasonr@element.io>2022-01-12 18:09:36 +0200
committerGitHub <noreply@github.com>2022-01-12 16:09:36 +0000
commit2560b1b6b2f74b5724253396c0e3665fa1f7968c (patch)
treefca16f002a9b0b287afab75dc7e0a35deb23087f /synapse/api
parentFix documentation of supported PostgreSQL version (#11725) (diff)
downloadsynapse-2560b1b6b2f74b5724253396c0e3665fa1f7968c.tar.xz
Allow tracking puppeted users for MAU (#11561)
Currently when puppeting another user, the user doing the puppeting is
tracked for client IPs and MAU (if configured).

When tracking MAU is important, it becomes necessary to be possible to
also track the client IPs and MAU of puppeted users. As an example a
client that manages user creation and creation of tokens via the Synapse
admin API, passing those tokens for the client to use.

This PR adds optional configuration to enable tracking of puppeted users
into monthly active users. The default behaviour stays the same.

Signed-off-by: Jason Robinson <jasonr@matrix.org>
Diffstat (limited to 'synapse/api')
-rw-r--r--synapse/api/auth.py13
1 files changed, 13 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 4a32d430bd..683241201c 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -71,6 +71,7 @@ class Auth:
         self._auth_blocking = AuthBlocking(self.hs)
 
         self._track_appservice_user_ips = hs.config.appservice.track_appservice_user_ips
+        self._track_puppeted_user_ips = hs.config.api.track_puppeted_user_ips
         self._macaroon_secret_key = hs.config.key.macaroon_secret_key
         self._force_tracing_for_users = hs.config.tracing.force_tracing_for_users
 
@@ -246,6 +247,18 @@ class Auth:
                     user_agent=user_agent,
                     device_id=device_id,
                 )
+                # Track also the puppeted user client IP if enabled and the user is puppeting
+                if (
+                    user_info.user_id != user_info.token_owner
+                    and self._track_puppeted_user_ips
+                ):
+                    await self.store.insert_client_ip(
+                        user_id=user_info.user_id,
+                        access_token=access_token,
+                        ip=ip_addr,
+                        user_agent=user_agent,
+                        device_id=device_id,
+                    )
 
             if is_guest and not allow_guest:
                 raise AuthError(