Move third_party_rules check to event creation time

Rather than waiting until we handle the event, call the ThirdPartyRules check when we fist create the event.
author: Richard van der Hoff <richard@matrix.org> 2020-10-13 15:44:54 +0100
committer: Richard van der Hoff <richard@matrix.org> 2020-10-13 21:38:48 +0100
commit: 123711ed198bd5cf9984818f8bac1926ed1af5fa (patch)
tree: 0f968cac045de4dc49def2431a3aaf39719a820c /synapse
parent: Remove redundant calls to third_party_rules in `on_send_{join,leave}` (diff)
download: synapse-123711ed198bd5cf9984818f8bac1926ed1af5fa.tar.xz
2 files changed, 13 insertions, 52 deletions
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index c38cb7a5c8..fde8f00531 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -1507,18 +1507,9 @@ class FederationHandler(BaseHandler):
             event, context = await self.event_creation_handler.create_new_client_event(
                 builder=builder
             )
-        except AuthError as e:
+        except SynapseError as e:
             logger.warning("Failed to create join to %s because %s", room_id, e)
-            raise e
-
-        event_allowed = await self.third_party_event_rules.check_event_allowed(
-            event, context
-        )
-        if not event_allowed:
-            logger.info("Creation of join %s forbidden by third-party rules", event)
-            raise SynapseError(
-                403, "This event is not allowed in this context", Codes.FORBIDDEN
-            )
+            raise
 
         # The remote hasn't signed it yet, obviously. We'll do the full checks
         # when we get the event back in `on_send_join_request`
@@ -1739,15 +1730,6 @@ class FederationHandler(BaseHandler):
             builder=builder
         )
 
-        event_allowed = await self.third_party_event_rules.check_event_allowed(
-            event, context
-        )
-        if not event_allowed:
-            logger.warning("Creation of leave %s forbidden by third-party rules", event)
-            raise SynapseError(
-                403, "This event is not allowed in this context", Codes.FORBIDDEN
-            )
-
         try:
             # The remote hasn't signed it yet, obviously. We'll do the full checks
             # when we get the event back in `on_send_leave_request`
@@ -2676,18 +2658,6 @@ class FederationHandler(BaseHandler):
                 builder=builder
             )
 
-            event_allowed = await self.third_party_event_rules.check_event_allowed(
-                event, context
-            )
-            if not event_allowed:
-                logger.info(
-                    "Creation of threepid invite %s forbidden by third-party rules",
-                    event,
-                )
-                raise SynapseError(
-                    403, "This event is not allowed in this context", Codes.FORBIDDEN
-                )
-
             event, context = await self.add_display_name_to_third_party_invite(
                 room_version, event_dict, event, context
             )
@@ -2738,18 +2708,6 @@ class FederationHandler(BaseHandler):
         event, context = await self.event_creation_handler.create_new_client_event(
             builder=builder
         )
-
-        event_allowed = await self.third_party_event_rules.check_event_allowed(
-            event, context
-        )
-        if not event_allowed:
-            logger.warning(
-                "Exchange of threepid invite %s forbidden by third-party rules", event
-            )
-            raise SynapseError(
-                403, "This event is not allowed in this context", Codes.FORBIDDEN
-            )
-
         event, context = await self.add_display_name_to_third_party_invite(
             room_version, event_dict, event, context
         )
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index c52e6824d3..987c759791 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -795,6 +795,17 @@ class EventCreationHandler:
         if requester:
             context.app_service = requester.app_service
 
+        event_allowed = await self.third_party_event_rules.check_event_allowed(
+            event, context
+        )
+        if not event_allowed:
+            logger.info(
+                "Event %s forbidden by third-party rules", event,
+            )
+            raise SynapseError(
+                403, "This event is not allowed in this context", Codes.FORBIDDEN
+            )
+
         self.validator.validate_new(event, self.config)
 
         # If this event is an annotation then we check that that the sender
@@ -881,14 +892,6 @@ class EventCreationHandler:
         else:
             room_version = await self.store.get_room_version_id(event.room_id)
 
-        event_allowed = await self.third_party_event_rules.check_event_allowed(
-            event, context
-        )
-        if not event_allowed:
-            raise SynapseError(
-                403, "This event is not allowed in this context", Codes.FORBIDDEN
-            )
-
         if event.internal_metadata.is_out_of_band_membership():
             # the only sort of out-of-band-membership events we expect to see here
             # are invite rejections we have generated ourselves.
author	Richard van der Hoff <richard@matrix.org>	2020-10-13 15:44:54 +0100
committer	Richard van der Hoff <richard@matrix.org>	2020-10-13 21:38:48 +0100
commit	123711ed198bd5cf9984818f8bac1926ed1af5fa (patch)
tree	0f968cac045de4dc49def2431a3aaf39719a820c /synapse
parent	Remove redundant calls to third_party_rules in `on_send_{join,leave}` (diff)
download	synapse-123711ed198bd5cf9984818f8bac1926ed1af5fa.tar.xz