summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
authorDavid Baker <dbkr@users.noreply.github.com>2017-10-03 18:10:23 +0100
committerGitHub <noreply@github.com>2017-10-03 18:10:23 +0100
commit5f20a91fa1e74794c34ba47415e47d3b07be37af (patch)
tree1ac5c80af280727951f6385d88890623a2be2c26 /synapse
parentMerge pull request #2491 from matrix-org/rav/port_db_fixes (diff)
parents/roomid/room_id/ (diff)
downloadsynapse-5f20a91fa1e74794c34ba47415e47d3b07be37af.tar.xz
Merge pull request #2492 from matrix-org/dbkr/spam_check_invites
Allow spam checker to reject invites too
Diffstat (limited to 'synapse')
-rw-r--r--synapse/events/spamcheck.py16
-rw-r--r--synapse/handlers/federation.py6
-rw-r--r--synapse/handlers/room_member.py19
3 files changed, 39 insertions, 2 deletions
diff --git a/synapse/events/spamcheck.py b/synapse/events/spamcheck.py
index e739f105b2..8b01c091e9 100644
--- a/synapse/events/spamcheck.py
+++ b/synapse/events/spamcheck.py
@@ -45,3 +45,19 @@ class SpamChecker(object):
             return False
 
         return self.spam_checker.check_event_for_spam(event)
+
+    def user_may_invite(self, userid, room_id):
+        """Checks if a given user may send an invite
+
+        If this method returns false, the invite will be rejected.
+
+        Args:
+            userid (string): The sender's user ID
+
+        Returns:
+            bool: True if the user may send an invite, otherwise False
+        """
+        if self.spam_checker is None:
+            return True
+
+        return self.spam_checker.user_may_invite(userid, room_id)
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index 18f87cad67..737fe518ef 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -77,6 +77,7 @@ class FederationHandler(BaseHandler):
         self.action_generator = hs.get_action_generator()
         self.is_mine_id = hs.is_mine_id
         self.pusher_pool = hs.get_pusherpool()
+        self.spam_checker = hs.get_spam_checker()
 
         self.replication_layer.set_handler(self)
 
@@ -1077,6 +1078,11 @@ class FederationHandler(BaseHandler):
         if self.hs.config.block_non_admin_invites:
             raise SynapseError(403, "This server does not accept room invites")
 
+        if not self.spam_checker.user_may_invite(event.sender, event.room_id):
+            raise SynapseError(
+                403, "This user is not permitted to send invites to this server"
+            )
+
         membership = event.content.get("membership")
         if event.type != EventTypes.Member or membership != Membership.INVITE:
             raise SynapseError(400, "The event was not an m.room.member invite event")
diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py
index 9a498c2d3e..37985fa1f9 100644
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@@ -48,6 +48,7 @@ class RoomMemberHandler(BaseHandler):
         self.member_linearizer = Linearizer(name="member")
 
         self.clock = hs.get_clock()
+        self.spam_checker = hs.get_spam_checker()
 
         self.distributor = hs.get_distributor()
         self.distributor.declare("user_joined_room")
@@ -210,12 +211,26 @@ class RoomMemberHandler(BaseHandler):
             if is_blocked:
                 raise SynapseError(403, "This room has been blocked on this server")
 
-        if (effective_membership_state == "invite" and
-                self.hs.config.block_non_admin_invites):
+        if effective_membership_state == "invite":
+            block_invite = False
             is_requester_admin = yield self.auth.is_server_admin(
                 requester.user,
             )
             if not is_requester_admin:
+                if self.hs.config.block_non_admin_invites:
+                    logger.info(
+                        "Blocking invite: user is not admin and non-admin "
+                        "invites disabled"
+                    )
+                    block_invite = True
+
+                if not self.spam_checker.user_may_invite(
+                    requester.user.to_string(), room_id,
+                ):
+                    logger.info("Blocking invite due to spam checker")
+                    block_invite = True
+
+            if block_invite:
                 raise SynapseError(
                     403, "Invites have been disabled on this server",
                 )