diff options
| author | Andrew Morgan <andrew@amorgan.xyz> | 2020-05-28 22:43:58 +0100 |
|---|---|---|
| committer | Andrew Morgan <andrew@amorgan.xyz> | 2020-05-28 22:53:23 +0100 |
| commit | 6a07c2d9ad4bcc35627f6d3f48941efd58c9a62d (patch) | |
| tree | 0865220cccf82e991121ebf396989ef66e446769 /synapse | |
| parent | Update unittests (diff) | |
| download | synapse-6a07c2d9ad4bcc35627f6d3f48941efd58c9a62d.tar.xz | |
lint
Diffstat (limited to 'synapse')
| -rw-r--r-- | synapse/api/ratelimiting.py | 18 | ||||
| -rw-r--r-- | synapse/config/ratelimiting.py | 4 | ||||
| -rw-r--r-- | synapse/handlers/auth.py | 8 | ||||
| -rw-r--r-- | synapse/handlers/register.py | 3 | ||||
| -rw-r--r-- | synapse/rest/client/v1/login.py | 25 | ||||
| -rw-r--r-- | synapse/rest/client/v2_alpha/register.py | 4 | ||||
| -rw-r--r-- | synapse/server.py | 5 |
7 files changed, 17 insertions, 50 deletions
diff --git a/synapse/api/ratelimiting.py b/synapse/api/ratelimiting.py index 38d744fd94..13fff302fe 100644 --- a/synapse/api/ratelimiting.py +++ b/synapse/api/ratelimiting.py @@ -40,10 +40,7 @@ class Ratelimiter(object): self.burst_count = burst_count def can_do_action( - self, - key: Any, - time_now_s: int, - update: bool = True, + self, key: Any, time_now_s: int, update: bool = True, ) -> Tuple[bool, float]: """Can the entity (e.g. user or IP address) perform the action? @@ -62,9 +59,7 @@ class Ratelimiter(object): self._prune_message_counts(time_now_s) # Check if there is an existing count entry for this key - action_count, time_start, = self.actions.get( - key, (0.0, time_now_s) - ) + action_count, time_start, = self.actions.get(key, (0.0, time_now_s)) # Check whether performing another action is allowed time_delta = time_now_s - time_start @@ -119,10 +114,7 @@ class Ratelimiter(object): del self.actions[key] def ratelimit( - self, - key: Any, - time_now_s: int, - update: bool = True, + self, key: Any, time_now_s: int, update: bool = True, ): """Checks if an action can be performed. If not, raises a LimitExceededError @@ -135,9 +127,7 @@ class Ratelimiter(object): LimitExceededError: If an action could not be performed, along with the time in milliseconds until the action can be performed again """ - allowed, time_allowed = self.can_do_action( - key, time_now_s, update - ) + allowed, time_allowed = self.can_do_action(key, time_now_s, update) if not allowed: raise LimitExceededError( diff --git a/synapse/config/ratelimiting.py b/synapse/config/ratelimiting.py index 8e42d15fa4..2dd94bae2b 100644 --- a/synapse/config/ratelimiting.py +++ b/synapse/config/ratelimiting.py @@ -12,10 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. -from ._base import Config - from typing import Dict +from ._base import Config + class RateLimitConfig(object): def __init__( diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py index 9aab4692f1..089c94f8b6 100644 --- a/synapse/handlers/auth.py +++ b/synapse/handlers/auth.py @@ -201,9 +201,7 @@ class AuthHandler(BaseHandler): # Check if we should be ratelimited due to too many previous failed attempts self._failed_uia_attempts_ratelimiter.ratelimit( - user_id, - time_now_s=self._clock.time(), - update=False, + user_id, time_now_s=self._clock.time(), update=False, ) # build a list of supported flows @@ -216,9 +214,7 @@ class AuthHandler(BaseHandler): except LoginError: # Update the ratelimite to say we failed (`can_do_action` doesn't raise). self._failed_uia_attempts_ratelimiter.can_do_action( - user_id, - time_now_s=self._clock.time(), - update=True, + user_id, time_now_s=self._clock.time(), update=True, ) raise diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py index 99e2b3fb2c..ce18b33a63 100644 --- a/synapse/handlers/register.py +++ b/synapse/handlers/register.py @@ -428,8 +428,7 @@ class RegistrationHandler(BaseHandler): time_now = self.clock.time() self.ratelimiter.ratelimit( - address, - time_now_s=time_now, + address, time_now_s=time_now, ) def register_with_store( diff --git a/synapse/rest/client/v1/login.py b/synapse/rest/client/v1/login.py index 2754a04669..19c392849a 100644 --- a/synapse/rest/client/v1/login.py +++ b/synapse/rest/client/v1/login.py @@ -16,7 +16,6 @@ import logging from synapse.api.errors import Codes, LoginError, SynapseError -from synapse.api.ratelimiting import Ratelimiter from synapse.http.server import finish_request from synapse.http.servlet import ( RestServlet, @@ -129,9 +128,7 @@ class LoginRestServlet(RestServlet): async def on_POST(self, request): self._account_ratelimiter.ratelimit( - request.getClientIP(), - time_now_s=self.hs.clock.time(), - update=True, + request.getClientIP(), time_now_s=self.hs.clock.time(), update=True, ) login_submission = parse_json_object_from_request(request) @@ -201,9 +198,7 @@ class LoginRestServlet(RestServlet): # We also apply account rate limiting using the 3PID as a key, as # otherwise using 3PID bypasses the ratelimiting based on user ID. self._failed_attempts_ratelimiter.ratelimit( - (medium, address), - time_now_s=self._clock.time(), - update=False, + (medium, address), time_now_s=self._clock.time(), update=False, ) # Check for login providers that support 3pid login types @@ -239,9 +234,7 @@ class LoginRestServlet(RestServlet): # this code path, which is fine as then the per-user ratelimit # will kick in below. self._failed_attempts_ratelimiter.can_do_action( - (medium, address), - time_now_s=self._clock.time(), - update=True, + (medium, address), time_now_s=self._clock.time(), update=True, ) raise LoginError(403, "", errcode=Codes.FORBIDDEN) @@ -261,9 +254,7 @@ class LoginRestServlet(RestServlet): # Check if we've hit the failed ratelimit (but don't update it) self._failed_attempts_ratelimiter.ratelimit( - qualified_user_id.lower(), - time_now_s=self._clock.time(), - update=False, + qualified_user_id.lower(), time_now_s=self._clock.time(), update=False, ) try: @@ -276,9 +267,7 @@ class LoginRestServlet(RestServlet): # exception and masking the LoginError. The actual ratelimiting # should have happened above. self._failed_attempts_ratelimiter.can_do_action( - qualified_user_id.lower(), - time_now_s=self._clock.time(), - update=True, + qualified_user_id.lower(), time_now_s=self._clock.time(), update=True, ) raise @@ -313,9 +302,7 @@ class LoginRestServlet(RestServlet): # too often. This happens here rather than before as we don't # necessarily know the user before now. self._account_ratelimiter.ratelimit( - user_id.lower(), - time_now_s=self._clock.time(), - update=True, + user_id.lower(), time_now_s=self._clock.time(), update=True, ) if create_non_existant_users: diff --git a/synapse/rest/client/v2_alpha/register.py b/synapse/rest/client/v2_alpha/register.py index 7800604938..8567cbcab3 100644 --- a/synapse/rest/client/v2_alpha/register.py +++ b/synapse/rest/client/v2_alpha/register.py @@ -399,9 +399,7 @@ class RegisterRestServlet(RestServlet): time_now = self.clock.time() allowed, time_allowed = self.ratelimiter.can_do_action( - client_addr, - time_now_s=time_now, - update=False, + client_addr, time_now_s=time_now, update=False, ) if not allowed: diff --git a/synapse/server.py b/synapse/server.py index 440c6807d0..fc39b57135 100644 --- a/synapse/server.py +++ b/synapse/server.py @@ -244,10 +244,7 @@ class HomeServer(object): self.clock = Clock(reactor) self.distributor = Distributor() # The rate_hz and burst_count is overridden on a per-user basis - self.request_ratelimiter = Ratelimiter( - rate_hz=0, - burst_count=0, - ) + self.request_ratelimiter = Ratelimiter(rate_hz=0, burst_count=0,) if config.rc_admin_redaction: self.admin_redaction_ratelimiter = Ratelimiter( rate_hz=config.rc_admin_redaction.per_second, |