diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 1b3b55d517..c0bd0890fa 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -603,10 +603,10 @@ class Auth(object):
"""
# Can optionally look elsewhere in the request (e.g. headers)
try:
- user_id = yield self._get_appservice_user_id(request)
+ user_id, as_user = yield self._get_appservice_user_id(request)
if user_id:
request.authenticated_entity = user_id
- defer.returnValue(synapse.types.create_requester(user_id))
+ defer.returnValue(synapse.types.create_requester(user_id, as_user=as_user))
access_token = get_access_token_from_request(
request, self.TOKEN_NOT_FOUND_HTTP_STATUS
@@ -644,7 +644,7 @@ class Auth(object):
request.authenticated_entity = user.to_string()
defer.returnValue(synapse.types.create_requester(
- user, token_id, is_guest, device_id))
+ user, token_id, is_guest, device_id, as_user=as_user))
except KeyError:
raise AuthError(
self.TOKEN_NOT_FOUND_HTTP_STATUS, "Missing access token.",
@@ -659,14 +659,14 @@ class Auth(object):
)
)
if app_service is None:
- defer.returnValue(None)
+ defer.returnValue((None, None))
if "user_id" not in request.args:
- defer.returnValue(app_service.sender)
+ defer.returnValue((app_service.sender, app_service))
user_id = request.args["user_id"][0]
if app_service.sender == user_id:
- defer.returnValue(app_service.sender)
+ defer.returnValue((app_service.sender, app_service))
if not app_service.is_interested_in_user(user_id):
raise AuthError(
@@ -678,7 +678,7 @@ class Auth(object):
403,
"Application service has not registered this user"
)
- defer.returnValue(user_id)
+ defer.returnValue((user_id, app_service))
@defer.inlineCallbacks
def get_user_by_access_token(self, token, rights="access"):
diff --git a/synapse/handlers/_base.py b/synapse/handlers/_base.py
index a377b1225b..ba62746214 100644
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -65,14 +65,9 @@ class BaseHandler(object):
if app_service is not None:
return # do not ratelimit app service senders
- should_rate_limit = True
-
- for service in self.store.get_app_services():
- if service.is_interested_in_user(user_id):
- should_rate_limit = service.is_rate_limited()
- break
-
- if not should_rate_limit:
+ if requester.as_user and not requester.as_user.is_rate_limited():
+ # do not ratelimit users of which a non-rate-limited AS is
+ # acting on behalf
return
allowed, time_allowed = self.ratelimiter.send_message(
diff --git a/synapse/types.py b/synapse/types.py
index 1694af1250..35e05b9c41 100644
--- a/synapse/types.py
+++ b/synapse/types.py
@@ -19,7 +19,7 @@ from collections import namedtuple
Requester = namedtuple("Requester",
- ["user", "access_token_id", "is_guest", "device_id"])
+ ["user", "access_token_id", "is_guest", "device_id", "as_user"])
"""
Represents the user making a request
@@ -29,11 +29,12 @@ Attributes:
request, or None if it came via the appservice API or similar
is_guest (bool): True if the user making this request is a guest user
device_id (str|None): device_id which was set at authentication time
+ as_user (ApplicationService|None): the AS requesting on behalf of the user
"""
def create_requester(user_id, access_token_id=None, is_guest=False,
- device_id=None):
+ device_id=None, as_user=None):
"""
Create a new ``Requester`` object
@@ -43,13 +44,14 @@ def create_requester(user_id, access_token_id=None, is_guest=False,
request, or None if it came via the appservice API or similar
is_guest (bool): True if the user making this request is a guest user
device_id (str|None): device_id which was set at authentication time
+ as_user (ApplicationService|None): the AS requesting on behalf of the user
Returns:
Requester
"""
if not isinstance(user_id, UserID):
user_id = UserID.from_string(user_id)
- return Requester(user_id, access_token_id, is_guest, device_id)
+ return Requester(user_id, access_token_id, is_guest, device_id, as_user)
def get_domain_from_id(string):
|
