diff --git a/changelog.d/3687.feature b/changelog.d/3687.feature
new file mode 100644
index 0000000000..93b24d1acb
--- /dev/null
+++ b/changelog.d/3687.feature
@@ -0,0 +1 @@
+set admin email via config, to be used in error messages where the user should contact the administrator
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 18c73f0549..108ea0ea09 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -785,7 +785,9 @@ class Auth(object):
"""
if self.hs.config.hs_disabled:
raise AuthError(
- 403, self.hs.config.hs_disabled_message, errcode=Codes.HS_DISABLED
+ 403, self.hs.config.hs_disabled_message,
+ errcode=Codes.HS_DISABLED,
+ admin_email=self.hs.config.admin_email,
)
if self.hs.config.limit_usage_by_mau is True:
# If the user is already part of the MAU cohort
@@ -797,5 +799,7 @@ class Auth(object):
current_mau = yield self.store.get_monthly_active_count()
if current_mau >= self.hs.config.max_mau_value:
raise AuthError(
- 403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
+ 403, "MAU Limit Exceeded",
+ admin_email=self.hs.config.admin_email,
+ errcode=Codes.MAU_LIMIT_EXCEEDED
)
diff --git a/synapse/api/errors.py b/synapse/api/errors.py
index dc3bed5fcb..d74848159e 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -225,11 +225,20 @@ class NotFoundError(SynapseError):
class AuthError(SynapseError):
"""An error raised when there was a problem authorising an event."""
-
def __init__(self, *args, **kwargs):
if "errcode" not in kwargs:
kwargs["errcode"] = Codes.FORBIDDEN
- super(AuthError, self).__init__(*args, **kwargs)
+ self.admin_email = kwargs.get('admin_email')
+ self.msg = kwargs.get('msg')
+ self.errcode = kwargs.get('errcode')
+ super(AuthError, self).__init__(*args, errcode=kwargs["errcode"])
+
+ def error_dict(self):
+ return cs_error(
+ self.msg,
+ self.errcode,
+ admin_email=self.admin_email,
+ )
class EventSizeError(SynapseError):
diff --git a/synapse/config/server.py b/synapse/config/server.py
index 3b078d72ca..64a5121a45 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -82,6 +82,10 @@ class ServerConfig(Config):
self.hs_disabled = config.get("hs_disabled", False)
self.hs_disabled_message = config.get("hs_disabled_message", "")
+ # Admin email to direct users at should their instance become blocked
+ # due to resource constraints
+ self.admin_email = config.get("admin_email", None)
+
# FIXME: federation_domain_whitelist needs sytests
self.federation_domain_whitelist = None
federation_domain_whitelist = config.get(
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 7ea8ce9f94..7baaa39447 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -520,7 +520,7 @@ class AuthHandler(BaseHandler):
"""
logger.info("Logging in user %s on device %s", user_id, device_id)
access_token = yield self.issue_access_token(user_id, device_id)
- yield self.auth.check_auth_blocking()
+ yield self.auth.check_auth_blocking(user_id)
# the device *should* have been registered before we got here; however,
# it's possible we raced against a DELETE operation. The thing we
@@ -734,7 +734,6 @@ class AuthHandler(BaseHandler):
@defer.inlineCallbacks
def validate_short_term_login_token_and_get_user_id(self, login_token):
- yield self.auth.check_auth_blocking()
auth_api = self.hs.get_auth()
user_id = None
try:
@@ -743,6 +742,7 @@ class AuthHandler(BaseHandler):
auth_api.validate_macaroon(macaroon, "login", True, user_id)
except Exception:
raise AuthError(403, "Invalid token", errcode=Codes.FORBIDDEN)
+ yield self.auth.check_auth_blocking(user_id)
defer.returnValue(user_id)
@defer.inlineCallbacks
diff --git a/synapse/handlers/register.py b/synapse/handlers/register.py
index 3526b20d5a..f03ee1476b 100644
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -144,7 +144,8 @@ class RegistrationHandler(BaseHandler):
Raises:
RegistrationError if there was a problem registering.
"""
- yield self._check_mau_limits()
+
+ yield self.auth.check_auth_blocking()
password_hash = None
if password:
password_hash = yield self.auth_handler().hash(password)
@@ -289,7 +290,7 @@ class RegistrationHandler(BaseHandler):
400,
"User ID can only contain characters a-z, 0-9, or '=_-./'",
)
- yield self._check_mau_limits()
+ yield self.auth.check_auth_blocking()
user = UserID(localpart, self.hs.hostname)
user_id = user.to_string()
@@ -439,7 +440,7 @@ class RegistrationHandler(BaseHandler):
"""
if localpart is None:
raise SynapseError(400, "Request must include user id")
- yield self._check_mau_limits()
+ yield self.auth.check_auth_blocking()
need_register = True
try:
@@ -533,14 +534,3 @@ class RegistrationHandler(BaseHandler):
remote_room_hosts=remote_room_hosts,
action="join",
)
-
- @defer.inlineCallbacks
- def _check_mau_limits(self):
- """
- Do not accept registrations if monthly active user limits exceeded
- and limiting is enabled
- """
- try:
- yield self.auth.check_auth_blocking()
- except AuthError as e:
- raise RegistrationError(e.code, str(e), e.errcode)
diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py
index a65689ba89..e8a1894e65 100644
--- a/tests/api/test_auth.py
+++ b/tests/api/test_auth.py
@@ -455,8 +455,11 @@ class AuthTestCase(unittest.TestCase):
return_value=defer.succeed(lots_of_users)
)
- with self.assertRaises(AuthError):
+ with self.assertRaises(AuthError) as e:
yield self.auth.check_auth_blocking()
+ self.assertEquals(e.exception.admin_email, self.hs.config.admin_email)
+ self.assertEquals(e.exception.errcode, Codes.MAU_LIMIT_EXCEEDED)
+ self.assertEquals(e.exception.code, 403)
# Ensure does not throw an error
self.store.get_monthly_active_count = Mock(
@@ -470,5 +473,6 @@ class AuthTestCase(unittest.TestCase):
self.hs.config.hs_disabled_message = "Reason for being disabled"
with self.assertRaises(AuthError) as e:
yield self.auth.check_auth_blocking()
+ self.assertEquals(e.exception.admin_email, self.hs.config.admin_email)
self.assertEquals(e.exception.errcode, Codes.HS_DISABLED)
self.assertEquals(e.exception.code, 403)
diff --git a/tests/handlers/test_auth.py b/tests/handlers/test_auth.py
index 56c0f87fb7..3046bd6093 100644
--- a/tests/handlers/test_auth.py
+++ b/tests/handlers/test_auth.py
@@ -124,7 +124,7 @@ class AuthTestCase(unittest.TestCase):
)
@defer.inlineCallbacks
- def test_mau_limits_exceeded(self):
+ def test_mau_limits_exceeded_large(self):
self.hs.config.limit_usage_by_mau = True
self.hs.get_datastore().get_monthly_active_count = Mock(
return_value=defer.succeed(self.large_number_of_users)
@@ -142,6 +142,42 @@ class AuthTestCase(unittest.TestCase):
)
@defer.inlineCallbacks
+ def test_mau_limits_parity(self):
+ self.hs.config.limit_usage_by_mau = True
+
+ # If not in monthly active cohort
+ self.hs.get_datastore().get_monthly_active_count = Mock(
+ return_value=defer.succeed(self.hs.config.max_mau_value)
+ )
+ with self.assertRaises(AuthError):
+ yield self.auth_handler.get_access_token_for_user_id('user_a')
+
+ self.hs.get_datastore().get_monthly_active_count = Mock(
+ return_value=defer.succeed(self.hs.config.max_mau_value)
+ )
+ with self.assertRaises(AuthError):
+ yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
+ self._get_macaroon().serialize()
+ )
+ # If in monthly active cohort
+ self.hs.get_datastore().user_last_seen_monthly_active = Mock(
+ return_value=defer.succeed(self.hs.get_clock().time_msec())
+ )
+ self.hs.get_datastore().get_monthly_active_count = Mock(
+ return_value=defer.succeed(self.hs.config.max_mau_value)
+ )
+ yield self.auth_handler.get_access_token_for_user_id('user_a')
+ self.hs.get_datastore().user_last_seen_monthly_active = Mock(
+ return_value=defer.succeed(self.hs.get_clock().time_msec())
+ )
+ self.hs.get_datastore().get_monthly_active_count = Mock(
+ return_value=defer.succeed(self.hs.config.max_mau_value)
+ )
+ yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
+ self._get_macaroon().serialize()
+ )
+
+ @defer.inlineCallbacks
def test_mau_limits_not_exceeded(self):
self.hs.config.limit_usage_by_mau = True
diff --git a/tests/handlers/test_register.py b/tests/handlers/test_register.py
index d48d40c8dd..7154816a34 100644
--- a/tests/handlers/test_register.py
+++ b/tests/handlers/test_register.py
@@ -17,7 +17,7 @@ from mock import Mock
from twisted.internet import defer
-from synapse.api.errors import RegistrationError
+from synapse.api.errors import AuthError
from synapse.handlers.register import RegistrationHandler
from synapse.types import UserID, create_requester
@@ -98,7 +98,7 @@ class RegistrationTestCase(unittest.TestCase):
def test_get_or_create_user_mau_not_blocked(self):
self.hs.config.limit_usage_by_mau = True
self.store.count_monthly_users = Mock(
- return_value=defer.succeed(self.small_number_of_users)
+ return_value=defer.succeed(self.hs.config.max_mau_value - 1)
)
# Ensure does not throw exception
yield self.handler.get_or_create_user("@user:server", 'c', "User")
@@ -109,7 +109,13 @@ class RegistrationTestCase(unittest.TestCase):
self.store.get_monthly_active_count = Mock(
return_value=defer.succeed(self.lots_of_users)
)
- with self.assertRaises(RegistrationError):
+ with self.assertRaises(AuthError):
+ yield self.handler.get_or_create_user("requester", 'b', "display_name")
+
+ self.store.get_monthly_active_count = Mock(
+ return_value=defer.succeed(self.hs.config.max_mau_value)
+ )
+ with self.assertRaises(AuthError):
yield self.handler.get_or_create_user("requester", 'b', "display_name")
@defer.inlineCallbacks
@@ -118,7 +124,13 @@ class RegistrationTestCase(unittest.TestCase):
self.store.get_monthly_active_count = Mock(
return_value=defer.succeed(self.lots_of_users)
)
- with self.assertRaises(RegistrationError):
+ with self.assertRaises(AuthError):
+ yield self.handler.register(localpart="local_part")
+
+ self.store.get_monthly_active_count = Mock(
+ return_value=defer.succeed(self.hs.config.max_mau_value)
+ )
+ with self.assertRaises(AuthError):
yield self.handler.register(localpart="local_part")
@defer.inlineCallbacks
@@ -127,5 +139,11 @@ class RegistrationTestCase(unittest.TestCase):
self.store.get_monthly_active_count = Mock(
return_value=defer.succeed(self.lots_of_users)
)
- with self.assertRaises(RegistrationError):
+ with self.assertRaises(AuthError):
+ yield self.handler.register_saml2(localpart="local_part")
+
+ self.store.get_monthly_active_count = Mock(
+ return_value=defer.succeed(self.hs.config.max_mau_value)
+ )
+ with self.assertRaises(AuthError):
yield self.handler.register_saml2(localpart="local_part")
diff --git a/tests/utils.py b/tests/utils.py
index 90378326f8..4af81624eb 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -139,6 +139,7 @@ def setup_test_homeserver(
config.hs_disabled_message = ""
config.max_mau_value = 50
config.mau_limits_reserved_threepids = []
+ config.admin_email = None
# we need a sane default_room_version, otherwise attempts to create rooms will
# fail.
|
