only block on sync where user is not part of the mau cohort

author: Neil Johnson <neil@matrix.org> 2018-08-09 17:39:12 +0100
committer: Neil Johnson <neil@matrix.org> 2018-08-09 17:39:12 +0100
commit: 09cf13089858902f3cdcb49b9f9bc3d214ba6337 (patch)
tree: 41ecc0970aa2d09fb0f2c775b2e079638ad608e6 /synapse
parent: Where server is disabled, block ability for locked out users to read new mess... (diff)
download: synapse-09cf13089858902f3cdcb49b9f9bc3d214ba6337.tar.xz
2 files changed, 17 insertions, 3 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 9c62ec4374..170039fc82 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -775,17 +775,26 @@ class Auth(object):
             )
 
     @defer.inlineCallbacks
-    def check_auth_blocking(self):
+    def check_auth_blocking(self, user_id=None):
         """Checks if the user should be rejected for some external reason,
         such as monthly active user limiting or global disable flag
+
+        Args:
+            user_id(str): If present, checks for presence against existing MAU cohort
         """
         if self.hs.config.hs_disabled:
             raise AuthError(
                 403, self.hs.config.hs_disabled_message, errcode=Codes.HS_DISABLED
             )
         if self.hs.config.limit_usage_by_mau is True:
+            # If the user is already part of the MAU cohort
+            if user_id:
+                timestamp = yield self.store._user_last_seen_monthly_active(user_id)
+                if timestamp:
+                    return
+            # Else if there is no room in the MAU bucket, bail
             current_mau = yield self.store.get_monthly_active_count()
             if current_mau >= self.hs.config.max_mau_value:
                 raise AuthError(
                     403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
-                )
+            )
diff --git a/synapse/handlers/sync.py b/synapse/handlers/sync.py
index 776ddca638..d3b26a4106 100644
--- a/synapse/handlers/sync.py
+++ b/synapse/handlers/sync.py
@@ -208,7 +208,12 @@ class SyncHandler(object):
         Returns:
             Deferred[SyncResult]
         """
-        yield self.auth.check_auth_blocking()
+        # If the user is not part of the mau group, then check that limits have
+        # not been exceeded (if not part of the group by this point, almost certain
+        # auth_blocking will occur)
+        user_id = sync_config.user.to_string()
+        yield self.auth.check_auth_blocking(user_id)
+
         res = yield self.response_cache.wrap(
             sync_config.request_key,
             self._wait_for_sync_for_user,
author	Neil Johnson <neil@matrix.org>	2018-08-09 17:39:12 +0100
committer	Neil Johnson <neil@matrix.org>	2018-08-09 17:39:12 +0100
commit	09cf13089858902f3cdcb49b9f9bc3d214ba6337 (patch)
tree	41ecc0970aa2d09fb0f2c775b2e079638ad608e6 /synapse
parent	Where server is disabled, block ability for locked out users to read new mess... (diff)
download	synapse-09cf13089858902f3cdcb49b9f9bc3d214ba6337.tar.xz