From 251e6c1210087069a6133140519de80a4ddf218a Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Mon, 30 Jul 2018 15:55:57 +0100
Subject: limit register and sign in on number of monthly users

---
 synapse/handlers/auth.py | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'synapse/handlers/auth.py')

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 402e44cdef..f3734f11bd 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -519,6 +519,7 @@ class AuthHandler(BaseHandler):
         """
         logger.info("Logging in user %s on device %s", user_id, device_id)
         access_token = yield self.issue_access_token(user_id, device_id)
+        self._check_mau_limits()
 
         # the device *should* have been registered before we got here; however,
         # it's possible we raced against a DELETE operation. The thing we
@@ -729,6 +730,7 @@ class AuthHandler(BaseHandler):
         defer.returnValue(access_token)
 
     def validate_short_term_login_token_and_get_user_id(self, login_token):
+        self._check_mau_limits()
         auth_api = self.hs.get_auth()
         try:
             macaroon = pymacaroons.Macaroon.deserialize(login_token)
@@ -892,6 +894,17 @@ class AuthHandler(BaseHandler):
         else:
             return defer.succeed(False)
 
+    def _check_mau_limits(self):
+        """
+        Ensure that if mau blocking is enabled that invalid users cannot
+        log in.
+        """
+        if self.hs.config.limit_usage_by_mau is True:
+            current_mau = self.store.count_monthly_users()
+            if current_mau >= self.hs.config.max_mau_value:
+                raise AuthError(
+                        403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
+                )
 
 @attr.s
 class MacaroonGenerator(object):
-- 
cgit 1.4.1


From df2235e7fab44a5155134a336a4c27424398c1be Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Tue, 31 Jul 2018 13:16:20 +0100
Subject: coding style

---
 synapse/app/homeserver.py                                      | 6 +++++-
 synapse/config/server.py                                       | 2 +-
 synapse/handlers/auth.py                                       | 3 ++-
 synapse/storage/__init__.py                                    | 3 +--
 synapse/storage/schema/delta/50/make_event_content_nullable.py | 2 +-
 tests/handlers/test_auth.py                                    | 4 ++--
 tests/storage/test__init__.py                                  | 1 -
 7 files changed, 12 insertions(+), 9 deletions(-)

(limited to 'synapse/handlers/auth.py')

diff --git a/synapse/app/homeserver.py b/synapse/app/homeserver.py
index 96c45b7209..82979e7d1b 100755
--- a/synapse/app/homeserver.py
+++ b/synapse/app/homeserver.py
@@ -18,9 +18,10 @@ import logging
 import os
 import sys
 
-from prometheus_client import Gauge
 from six import iteritems
 
+from prometheus_client import Gauge
+
 from twisted.application import service
 from twisted.internet import defer, reactor
 from twisted.web.resource import EncodingResourceWrapper, NoResource
@@ -300,12 +301,15 @@ class SynapseHomeServer(HomeServer):
         except IncorrectDatabaseSetup as e:
             quit_with_error(e.message)
 
+
 # Gauges to expose monthly active user control metrics
 current_mau_gauge = Gauge("synapse_admin_current_mau", "Current MAU")
 max_mau_value_gauge = Gauge("synapse_admin_max_mau_value", "MAU Limit")
 limit_usage_by_mau_gauge = Gauge(
     "synapse_admin_limit_usage_by_mau", "MAU Limiting enabled"
 )
+
+
 def setup(config_options):
     """
     Args:
diff --git a/synapse/config/server.py b/synapse/config/server.py
index 8b335bff3f..9af42a93ad 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -70,7 +70,7 @@ class ServerConfig(Config):
         # Options to control access by tracking MAU
         self.limit_usage_by_mau = config.get("limit_usage_by_mau", False)
         self.max_mau_value = config.get(
-                "max_mau_value", 0,
+            "max_mau_value", 0,
         )
         # FIXME: federation_domain_whitelist needs sytests
         self.federation_domain_whitelist = None
diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index f3734f11bd..28f1c1afbb 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -903,9 +903,10 @@ class AuthHandler(BaseHandler):
             current_mau = self.store.count_monthly_users()
             if current_mau >= self.hs.config.max_mau_value:
                 raise AuthError(
-                        403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
+                    403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
                 )
 
+
 @attr.s
 class MacaroonGenerator(object):
 
diff --git a/synapse/storage/__init__.py b/synapse/storage/__init__.py
index 044e988e92..4747118ed7 100644
--- a/synapse/storage/__init__.py
+++ b/synapse/storage/__init__.py
@@ -60,6 +60,7 @@ from .util.id_generators import ChainedIdGenerator, IdGenerator, StreamIdGenerat
 
 logger = logging.getLogger(__name__)
 
+
 class DataStore(RoomMemberStore, RoomStore,
                 RegistrationStore, StreamStore, ProfileStore,
                 PresenceStore, TransactionStore,
@@ -291,8 +292,6 @@ class DataStore(RoomMemberStore, RoomStore,
         finally:
             txn.close()
 
-
-
     def count_r30_users(self):
         """
         Counts the number of 30 day retained users, defined as:-
diff --git a/synapse/storage/schema/delta/50/make_event_content_nullable.py b/synapse/storage/schema/delta/50/make_event_content_nullable.py
index 7d27342e39..6dd467b6c5 100644
--- a/synapse/storage/schema/delta/50/make_event_content_nullable.py
+++ b/synapse/storage/schema/delta/50/make_event_content_nullable.py
@@ -88,5 +88,5 @@ def run_upgrade(cur, database_engine, *args, **kwargs):
         "UPDATE sqlite_master SET sql=? WHERE tbl_name='events' AND type='table'",
         (sql, ),
     )
-    cur.execute("PRAGMA schema_version=%i" % (oldver+1,))
+    cur.execute("PRAGMA schema_version=%i" % (oldver + 1,))
     cur.execute("PRAGMA writable_schema=OFF")
diff --git a/tests/handlers/test_auth.py b/tests/handlers/test_auth.py
index 57f78a6bec..e01f14a10a 100644
--- a/tests/handlers/test_auth.py
+++ b/tests/handlers/test_auth.py
@@ -13,16 +13,16 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 from mock import Mock
+
 import pymacaroons
 
 from twisted.internet import defer
 
 import synapse
-from synapse.api.errors import AuthError
 import synapse.api.errors
+from synapse.api.errors import AuthError
 from synapse.handlers.auth import AuthHandler
 
-
 from tests import unittest
 from tests.utils import setup_test_homeserver
 
diff --git a/tests/storage/test__init__.py b/tests/storage/test__init__.py
index c9ae349871..fe6eeeaf10 100644
--- a/tests/storage/test__init__.py
+++ b/tests/storage/test__init__.py
@@ -12,7 +12,6 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-import sys
 
 from twisted.internet import defer
 
-- 
cgit 1.4.1


From 0aba3d361a88c3d1c5b691e36d162ec6b28132c0 Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Wed, 1 Aug 2018 11:47:58 +0100
Subject: count_monthly_users() async

---
 synapse/handlers/auth.py | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'synapse/handlers/auth.py')

diff --git a/synapse/handlers/auth.py b/synapse/handlers/auth.py
index 28f1c1afbb..efe05d4de0 100644
--- a/synapse/handlers/auth.py
+++ b/synapse/handlers/auth.py
@@ -519,7 +519,7 @@ class AuthHandler(BaseHandler):
         """
         logger.info("Logging in user %s on device %s", user_id, device_id)
         access_token = yield self.issue_access_token(user_id, device_id)
-        self._check_mau_limits()
+        yield self._check_mau_limits()
 
         # the device *should* have been registered before we got here; however,
         # it's possible we raced against a DELETE operation. The thing we
@@ -729,16 +729,18 @@ class AuthHandler(BaseHandler):
                                                   device_id)
         defer.returnValue(access_token)
 
+    @defer.inlineCallbacks
     def validate_short_term_login_token_and_get_user_id(self, login_token):
-        self._check_mau_limits()
+        yield self._check_mau_limits()
         auth_api = self.hs.get_auth()
+        user_id = None
         try:
             macaroon = pymacaroons.Macaroon.deserialize(login_token)
             user_id = auth_api.get_user_id_from_macaroon(macaroon)
             auth_api.validate_macaroon(macaroon, "login", True, user_id)
-            return user_id
         except Exception:
             raise AuthError(403, "Invalid token", errcode=Codes.FORBIDDEN)
+        defer.returnValue(user_id)
 
     @defer.inlineCallbacks
     def delete_access_token(self, access_token):
@@ -894,13 +896,14 @@ class AuthHandler(BaseHandler):
         else:
             return defer.succeed(False)
 
+    @defer.inlineCallbacks
     def _check_mau_limits(self):
         """
         Ensure that if mau blocking is enabled that invalid users cannot
         log in.
         """
         if self.hs.config.limit_usage_by_mau is True:
-            current_mau = self.store.count_monthly_users()
+            current_mau = yield self.store.count_monthly_users()
             if current_mau >= self.hs.config.max_mau_value:
                 raise AuthError(
                     403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
-- 
cgit 1.4.1