summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--changelog.d/3680.feature1
-rw-r--r--synapse/api/constants.py3
-rw-r--r--synapse/server_notices/consent_server_notices.py3
-rw-r--r--synapse/server_notices/resource_limits_server_notices.py112
-rw-r--r--synapse/server_notices/server_notices_manager.py30
-rw-r--r--synapse/server_notices/server_notices_sender.py33
-rw-r--r--tests/server_notices/test_resource_limits_server_notices.py125
7 files changed, 282 insertions, 25 deletions
diff --git a/changelog.d/3680.feature b/changelog.d/3680.feature
new file mode 100644
index 0000000000..4edaaf76a8
--- /dev/null
+++ b/changelog.d/3680.feature
@@ -0,0 +1 @@
+Server notices for resource limit blocking
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index b0da506f6d..1fb24578e2 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -78,6 +78,9 @@ class EventTypes(object):
     Name = "m.room.name"
 
     ServerACL = "m.room.server_acl"
+    Pinned = "m.room.pinned_events"
+
+    ServerNoticeLimitReached = "m.server_notice.usage_limit_reached"
 
 
 class RejectedReason(object):
diff --git a/synapse/server_notices/consent_server_notices.py b/synapse/server_notices/consent_server_notices.py
index 5e3044d164..783ceae1ad 100644
--- a/synapse/server_notices/consent_server_notices.py
+++ b/synapse/server_notices/consent_server_notices.py
@@ -22,6 +22,7 @@ from synapse.api.errors import SynapseError
 from synapse.api.urls import ConsentURIBuilder
 from synapse.config import ConfigError
 from synapse.types import get_localpart_from_id
+from synapse.api.constants import EventTypes
 
 logger = logging.getLogger(__name__)
 
@@ -103,7 +104,7 @@ class ConsentServerNotices(object):
                     },
                 )
                 yield self._server_notices_manager.send_notice(
-                    user_id, content,
+                    user_id, content
                 )
                 yield self._store.user_set_consent_server_notice_sent(
                     user_id, self._current_consent_version,
diff --git a/synapse/server_notices/resource_limits_server_notices.py b/synapse/server_notices/resource_limits_server_notices.py
new file mode 100644
index 0000000000..94d0f98189
--- /dev/null
+++ b/synapse/server_notices/resource_limits_server_notices.py
@@ -0,0 +1,112 @@
+# -*- coding: utf-8 -*-
+# Copyright 2018 New Vector Ltd
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import logging
+
+from twisted.internet import defer
+
+from synapse.api.errors import AuthError, SynapseError
+from synapse.api.constants import EventTypes
+
+logger = logging.getLogger(__name__)
+
+
+class ResourceLimitsServerNotices(object):
+    """
+    """
+    def __init__(self, hs):
+        """
+
+        Args:
+            hs (synapse.server.HomeServer):
+        """
+        self._server_notices_manager = hs.get_server_notices_manager()
+        self._store = hs.get_datastore()
+        self.auth = hs.get_auth()
+        self._server_notice_content = hs.config.user_consent_server_notice_content
+        self._limit_usage_by_mau = hs.config.limit_usage_by_mau
+        self._hs_disabled = hs.config.hs_disabled
+
+        self._notified_of_blocking = set()
+        self._resouce_limited = False
+
+        # Config checks?
+
+    @defer.inlineCallbacks
+    def maybe_send_server_notice_to_user(self, user_id):
+        """Check if we need to send a notice to this user, and does so if so
+
+        Args:
+            user_id (str): user to check
+
+        Returns:
+            Deferred
+        """
+        if self._hs_disabled is True:
+            return
+
+        if self._limit_usage_by_mau is True:
+            timestamp = yield self._store.user_last_seen_monthly_active(user_id)
+            if timestamp is None:
+                # This user will be blocked from receiving the notice anyway.
+                # In practice, not sure we can ever get here
+                return
+            try:
+                # Normally should always pass in user_id if you have it, but in
+                # this case are checking what would happen to other users if they
+                # were to arrive.
+                yield self.auth.check_auth_blocking()
+                self._resouce_limited = False
+                # Need to start removing notices
+                if user_id in self._notified_of_blocking:
+                    # Send message to remove warning
+                    # send state event here
+                    # How do I do this? if drop the id, how to refer to it?
+                    content = {
+                        "pinned":[]
+                    }
+                    yield self._server_notices_manager.send_notice(
+                        user_id, content, EventTypes.Pinned, '',
+                    )
+
+                    self._notified_of_blocking.remove(user_id)
+
+            except AuthError as e:
+                # Need to start notifying of blocking
+                try:
+                    self._resouce_limited = True
+                    if user_id not in self._notified_of_blocking:
+                        # TODO use admin email contained in error once PR lands
+                        content = {
+                            'body': e.msg,
+                            'admin_email': 'stunt@adminemail.com',
+                        }
+                        event = yield self._server_notices_manager.send_notice(
+                            user_id, content, EventTypes.ServerNoticeLimitReached
+                        )
+
+                        # send server notices state event here
+                        # TODO Over writing pinned events
+                        content = {
+                            "pinned":[
+                                event.event_id,
+                            ]
+                        }
+                        yield self._server_notices_manager.send_notice(
+                            user_id, content, EventTypes.Pinned, '',
+                        )
+
+                        self._notified_of_blocking.add(user_id)
+                except SynapseError as e:
+                    logger.error("Error sending server notice about resource limits: %s", e)
diff --git a/synapse/server_notices/server_notices_manager.py b/synapse/server_notices/server_notices_manager.py
index a26deace53..3e57f8211a 100644
--- a/synapse/server_notices/server_notices_manager.py
+++ b/synapse/server_notices/server_notices_manager.py
@@ -46,7 +46,10 @@ class ServerNoticesManager(object):
         return self._config.server_notices_mxid is not None
 
     @defer.inlineCallbacks
-    def send_notice(self, user_id, event_content):
+    def send_notice(
+        self, user_id, event_content,
+        type=EventTypes.Message, state_key=None
+    ):
         """Send a notice to the given user
 
         Creates the server notices room, if none exists.
@@ -54,9 +57,11 @@ class ServerNoticesManager(object):
         Args:
             user_id (str): mxid of user to send event to.
             event_content (dict): content of event to send
+            type(EventTypes): type of event
+            is_state_event(bool): Is the event a state event
 
         Returns:
-            Deferred[None]
+            Deferred[FrozenEvent]
         """
         room_id = yield self.get_notice_room_for_user(user_id)
 
@@ -65,15 +70,19 @@ class ServerNoticesManager(object):
 
         logger.info("Sending server notice to %s", user_id)
 
-        yield self._event_creation_handler.create_and_send_nonmember_event(
-            requester, {
-                "type": EventTypes.Message,
-                "room_id": room_id,
-                "sender": system_mxid,
-                "content": event_content,
-            },
-            ratelimit=False,
+        event_dict = {
+            "type": type,
+            "room_id": room_id,
+            "sender": system_mxid,
+            "content": event_content,
+        }
+        if state_key:
+            event_dict['state_key'] = state_key
+
+        res = yield self._event_creation_handler.create_and_send_nonmember_event(
+            requester, event_dict, ratelimit=False,
         )
+        defer.returnValue(res)
 
     @cachedInlineCallbacks()
     def get_notice_room_for_user(self, user_id):
@@ -141,6 +150,7 @@ class ServerNoticesManager(object):
             creator_join_profile=join_profile,
         )
         room_id = info['room_id']
+        yield self._store.add_tag_to_room(user_id, room_id, 'm.server_notice', None)
 
         logger.info("Created server notices room %s for %s", room_id, user_id)
         defer.returnValue(room_id)
diff --git a/synapse/server_notices/server_notices_sender.py b/synapse/server_notices/server_notices_sender.py
index 5d23965f34..6121b2f267 100644
--- a/synapse/server_notices/server_notices_sender.py
+++ b/synapse/server_notices/server_notices_sender.py
@@ -12,7 +12,12 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+from twisted.internet import defer
+
 from synapse.server_notices.consent_server_notices import ConsentServerNotices
+from synapse.server_notices.resource_limits_server_notices import (
+    ResourceLimitsServerNotices,
+)
 
 
 class ServerNoticesSender(object):
@@ -25,34 +30,34 @@ class ServerNoticesSender(object):
         Args:
             hs (synapse.server.HomeServer):
         """
-        # todo: it would be nice to make this more dynamic
-        self._consent_server_notices = ConsentServerNotices(hs)
+        self._server_notices = (
+            ConsentServerNotices(hs),
+            ResourceLimitsServerNotices(hs)
+        )
 
+    @defer.inlineCallbacks
     def on_user_syncing(self, user_id):
         """Called when the user performs a sync operation.
 
         Args:
             user_id (str): mxid of user who synced
-
-        Returns:
-            Deferred
         """
-        return self._consent_server_notices.maybe_send_server_notice_to_user(
-            user_id,
-        )
+        for sn in self._server_notices:
+            yield sn.maybe_send_server_notice_to_user(
+                user_id,
+            )
 
+    @defer.inlineCallbacks
     def on_user_ip(self, user_id):
         """Called on the master when a worker process saw a client request.
 
         Args:
             user_id (str): mxid
-
-        Returns:
-            Deferred
         """
         # The synchrotrons use a stubbed version of ServerNoticesSender, so
         # we check for notices to send to the user in on_user_ip as well as
         # in on_user_syncing
-        return self._consent_server_notices.maybe_send_server_notice_to_user(
-            user_id,
-        )
+        for sn in self._server_notices:
+            yield sn.maybe_send_server_notice_to_user(
+                user_id,
+            )
diff --git a/tests/server_notices/test_resource_limits_server_notices.py b/tests/server_notices/test_resource_limits_server_notices.py
new file mode 100644
index 0000000000..a69253f1b6
--- /dev/null
+++ b/tests/server_notices/test_resource_limits_server_notices.py
@@ -0,0 +1,125 @@
+from mock import Mock
+
+from twisted.internet import defer
+
+from synapse.api.errors import AuthError
+from synapse.handlers.auth import AuthHandler
+from synapse.server_notices.resource_limits_server_notices import (
+    ResourceLimitsServerNotices,
+)
+
+from tests import unittest
+from tests.utils import setup_test_homeserver
+
+
+class AuthHandlers(object):
+    def __init__(self, hs):
+        self.auth_handler = AuthHandler(hs)
+
+
+class TestResourceLimitsServerNotices(unittest.TestCase):
+    @defer.inlineCallbacks
+    def setUp(self):
+        self.hs = yield setup_test_homeserver(handlers=None)
+        self.hs.handlers = AuthHandlers(self.hs)
+        self.auth_handler = self.hs.handlers.auth_handler
+        self.server_notices_sender = self.hs.get_server_notices_sender()
+
+        # relying on [1] is far from ideal, but the only case where
+        # ResourceLimitsServerNotices class needs to be isolated is this test,
+        # general code should never have a reason to do so ...
+        self._rlsn = self.server_notices_sender._server_notices[1]
+        if not isinstance(self._rlsn, ResourceLimitsServerNotices):
+            raise Exception("Failed to find reference to ResourceLimitsServerNotices")
+
+        self._rlsn._store.user_last_seen_monthly_active = Mock(
+            return_value=defer.succeed(1000)
+        )
+        self._send_notice = self._rlsn._server_notices_manager.send_notice
+        self._rlsn._server_notices_manager.send_notice = Mock()
+        self._send_notice = self._rlsn._server_notices_manager.send_notice
+
+        self._rlsn._limit_usage_by_mau = True
+        self.user_id = "user_id"
+
+    @defer.inlineCallbacks
+    def test_maybe_send_server_notice_to_user_flag_off(self):
+        """Tests cases where the flags indicate nothing to do"""
+        # test hs disabled case
+        self._hs_disabled = True
+
+        yield self._rlsn.maybe_send_server_notice_to_user("user_id")
+
+        self._send_notice.assert_not_called()
+        # Test when mau limiting disabled
+        self._hs_disabled = False
+        self._rlsn._limit_usage_by_mau = False
+        yield self._rlsn.maybe_send_server_notice_to_user("user_id")
+
+        self._send_notice.assert_not_called()
+
+    @defer.inlineCallbacks
+    def test_maybe_send_server_notice_to_user_remove_blocked_notice(self):
+        """Test when user has blocked notice, but should have it removed"""
+
+        self._rlsn._notified_of_blocking.add(self.user_id)
+        self._rlsn.auth.check_auth_blocking = Mock()
+
+        yield self._rlsn.maybe_send_server_notice_to_user(self.user_id)
+        # "remove warning" obviously aweful, but test will start failing when code
+        # actually sends a real event, and then it can be updated
+
+        self._send_notice.assert_called_once_with(self.user_id, "remove warning")
+        self.assertFalse(self.user_id in self._rlsn._notified_of_blocking)
+
+    @defer.inlineCallbacks
+    def test_maybe_send_server_notice_to_user_remove_blocked_notice_noop(self):
+        """Test when user has blocked notice, but notice ought to be there (NOOP)"""
+        self._rlsn._notified_of_blocking.add(self.user_id)
+        self._rlsn.auth.check_auth_blocking = Mock(
+            side_effect=AuthError(403, 'foo')
+        )
+
+        yield self._rlsn.maybe_send_server_notice_to_user("user_id")
+
+        self._send_notice.assert_not_called()
+        self.assertTrue(self.user_id in self._rlsn._notified_of_blocking)
+
+    @defer.inlineCallbacks
+    def test_maybe_send_server_notice_to_user_add_blocked_notice(self):
+        """Test when user does not have blocked notice, but should have one"""
+
+        self._rlsn.auth.check_auth_blocking = Mock(side_effect=AuthError(403, 'foo'))
+        yield self._rlsn.maybe_send_server_notice_to_user("user_id")
+
+        # "add warning" obviously awful, but test will start failing when code
+        # actually sends a real event, and then it can be updated
+        self._send_notice.assert_called_once_with(self.user_id, "add warning")
+        self.assertTrue(self.user_id in self._rlsn._notified_of_blocking)
+
+    @defer.inlineCallbacks
+    def test_maybe_send_server_notice_to_user_add_blocked_notice_noop(self):
+        """Test when user does not have blocked notice, nor should they (NOOP)"""
+
+        self._rlsn.auth.check_auth_blocking = Mock()
+
+        yield self._rlsn.maybe_send_server_notice_to_user(self.user_id)
+
+        self._send_notice.assert_not_called()
+        self.assertFalse(self.user_id in self._rlsn._notified_of_blocking)
+
+    @defer.inlineCallbacks
+    def test_maybe_send_server_notice_to_user_not_in_mau_cohort(self):
+
+        """Test when user is not part of the MAU cohort - this should not ever
+        happen - but ...
+        """
+
+        self._rlsn.auth.check_auth_blocking = Mock()
+        self._rlsn._store.user_last_seen_monthly_active = Mock(
+            return_value=defer.succeed(None)
+        )
+        yield self._rlsn.maybe_send_server_notice_to_user(self.user_id)
+
+        self._send_notice.assert_not_called()
+        self.assertFalse(self.user_id in self._rlsn._notified_of_blocking)