From ae66c672fe8b5fbfe497888d03b2cbd68381de76 Mon Sep 17 00:00:00 2001 From: David Teller Date: Wed, 11 May 2022 10:32:27 +0200 Subject: Uniformize spam-checker API: - Some callbacks should return `True` to allow, `False` to deny, while others should return `True` to deny and `False` to allow. With this PR, all callbacks return `ALLOW` to allow or a `Codes` (typically `Codes.FORBIDDEN`) to deny. - Similarly, some methods returned `True` to allow, `False` to deny, while others returned `True` to deny and `False` to allow. They now all return `ALLOW` to allow or a `Codes` to deny. - Spam-checker implementations may now return an explicit code, e.g. to differentiate between "User account has been suspended" (which is in practice required by law in some countries, including UK) and "This message looks like spam". --- synapse/handlers/directory.py | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'synapse/handlers/directory.py') diff --git a/synapse/handlers/directory.py b/synapse/handlers/directory.py index 33d827a45b..fbbb667cd4 100644 --- a/synapse/handlers/directory.py +++ b/synapse/handlers/directory.py @@ -16,6 +16,7 @@ import logging import string from typing import TYPE_CHECKING, Iterable, List, Optional +import synapse from synapse.api.constants import MAX_ALIAS_LENGTH, EventTypes from synapse.api.errors import ( AuthError, @@ -137,10 +138,13 @@ class DirectoryHandler: 403, "You must be in the room to create an alias for it" ) - if not await self.spam_checker.user_may_create_room_alias( + spam_check = await self.spam_checker.user_may_create_room_alias( user_id, room_alias - ): - raise AuthError(403, "This user is not permitted to create this alias") + ) + if spam_check is not synapse.spam_checker_api.ALLOW: + raise AuthError( + 403, "This alias creation request has been rejected", spam_check + ) if not self.config.roomdirectory.is_alias_creation_allowed( user_id, room_id, room_alias_str @@ -426,9 +430,12 @@ class DirectoryHandler: """ user_id = requester.user.to_string() - if not await self.spam_checker.user_may_publish_room(user_id, room_id): + spam_check = await self.spam_checker.user_may_publish_room(user_id, room_id) + if spam_check is not synapse.spam_checker_api.ALLOW: raise AuthError( - 403, "This user is not permitted to publish rooms to the room list" + 403, + "This request to publish a room to the room list has been rejected", + spam_check, ) if requester.is_guest: -- cgit 1.5.1