Add an admin API for shadow-banning users. (#9209)

This expands the current shadow-banning feature to be usable via the admin API and adds documentation for it. A shadow-banned users receives successful responses to their client-server API requests, but the events are not propagated into rooms. Shadow-banning a user should be used as a tool of last resort and may lead to confusing or broken behaviour for the client.
author: Patrick Cloke <clokep@users.noreply.github.com> 2021-01-25 14:49:39 -0500
committer: GitHub <noreply@github.com> 2021-01-25 14:49:39 -0500
commit: 4a55d267eef1388690e6781b580910e341358f95 (patch)
tree: 15a03146d09d0b8c3c2f7ef51a3c9ab9123e61ba /synapse/rest
parent: Fix Python 3.5 old deps build by using a compatible pip version. (#9217) (diff)
download: synapse-4a55d267eef1388690e6781b580910e341358f95.tar.xz
2 files changed, 38 insertions, 0 deletions
diff --git a/synapse/rest/admin/__init__.py b/synapse/rest/admin/__init__.py
index 6f7dc06503..f04740cd38 100644
--- a/synapse/rest/admin/__init__.py
+++ b/synapse/rest/admin/__init__.py
@@ -51,6 +51,7 @@ from synapse.rest.admin.users import (
     PushersRestServlet,
     ResetPasswordRestServlet,
     SearchUsersRestServlet,
+    ShadowBanRestServlet,
     UserAdminServlet,
     UserMediaRestServlet,
     UserMembershipRestServlet,
@@ -230,6 +231,7 @@ def register_servlets(hs, http_server):
     EventReportsRestServlet(hs).register(http_server)
     PushersRestServlet(hs).register(http_server)
     MakeRoomAdminRestServlet(hs).register(http_server)
+    ShadowBanRestServlet(hs).register(http_server)
 
 
 def register_servlets_for_client_rest_resource(hs, http_server):
diff --git a/synapse/rest/admin/users.py b/synapse/rest/admin/users.py
index 86198bab30..68c3c64a0d 100644
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@@ -890,3 +890,39 @@ class UserTokenRestServlet(RestServlet):
         )
 
         return 200, {"access_token": token}
+
+
+class ShadowBanRestServlet(RestServlet):
+    """An admin API for shadow-banning a user.
+
+    A shadow-banned users receives successful responses to their client-server
+    API requests, but the events are not propagated into rooms.
+
+    Shadow-banning a user should be used as a tool of last resort and may lead
+    to confusing or broken behaviour for the client.
+
+    Example:
+
+        POST /_synapse/admin/v1/users/@test:example.com/shadow_ban
+        {}
+
+        200 OK
+        {}
+    """
+
+    PATTERNS = admin_patterns("/users/(?P<user_id>[^/]*)/shadow_ban")
+
+    def __init__(self, hs: "HomeServer"):
+        self.hs = hs
+        self.store = hs.get_datastore()
+        self.auth = hs.get_auth()
+
+    async def on_POST(self, request, user_id):
+        await assert_requester_is_admin(self.auth, request)
+
+        if not self.hs.is_mine_id(user_id):
+            raise SynapseError(400, "Only local users can be shadow-banned")
+
+        await self.store.set_shadow_banned(UserID.from_string(user_id), True)
+
+        return 200, {}
author	Patrick Cloke <clokep@users.noreply.github.com>	2021-01-25 14:49:39 -0500
committer	GitHub <noreply@github.com>	2021-01-25 14:49:39 -0500
commit	4a55d267eef1388690e6781b580910e341358f95 (patch)
tree	15a03146d09d0b8c3c2f7ef51a3c9ab9123e61ba /synapse/rest
parent	Fix Python 3.5 old deps build by using a compatible pip version. (#9217) (diff)
download	synapse-4a55d267eef1388690e6781b580910e341358f95.tar.xz