Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Squashed commit of the following:
Browse files Browse the repository at this point in the history
commit c2ca163
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 22:48:20 2019 +1000

    don't block

commit 8d9a56e
Merge: b50d8a9 4a5fb54
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 21:35:42 2019 +1000

    Merge branch 'shhs' of ssh://github.com/matrix-org/synapse into shhs

commit 4a5fb54
Merge: 95a0386 992333b
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 20:59:41 2019 +1000

    Merge tag 'v1.2.1' into shhs

    Synapse 1.2.1 (2019-07-26)
    ==========================

    Security update
    ---------------

    This release includes *four* security fixes:

    - Prevent an attack where a federated server could send redactions for arbitrary events in v1 and v2 rooms. ([\#5767](#5767))
    - Prevent a denial-of-service attack where cycles of redaction events would make Synapse spin infinitely. Thanks to `@lrizika:matrix.org` for identifying and responsibly disclosing this issue. ([0f2ecb9](0f2ecb961))
    - Prevent an attack where users could be joined or parted from public rooms without their consent. Thanks to @dylanger for identifying and responsibly disclosing this issue. ([\#5744](#5744))
    - Fix a vulnerability where a federated server could spoof read-receipts from
      users on other servers. Thanks to @dylanger for identifying this issue too. ([\#5743](#5743))

    Additionally, the following fix was in Synapse **1.2.0**, but was not correctly
    identified during the original release:

    - It was possible for a room moderator to send a redaction for an `m.room.create` event, which would downgrade the room to version 1. Thanks to `/dev/ponies` for identifying and responsibly disclosing this issue! ([\#5701](#5701))

commit 95a0386
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 20:27:31 2019 +1000

    don't have a circleci config

commit b50d8a9
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 02:26:23 2019 +1000

    fix merging forward

commit 3edf6e9
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 02:07:05 2019 +1000

    fix this

commit f61cdc1
Merge: 43cf234 c0a1301
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 01:48:50 2019 +1000

    Merge tag 'v1.2.0' into shhs

    No changes since v1.2.0rc2.

commit 43cf234
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 26 01:48:20 2019 +1000

    dockerfile update

commit b7962f5
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Thu Jul 18 23:23:12 2019 +1000

    add a wait

commit 9bbf2d2
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 04:46:20 2019 +1000

    fix

commit 5daee2e
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 04:41:00 2019 +1000

    fix

commit 14c8b03
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 04:36:27 2019 +1000

    fix

commit 7fcd6c1
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 04:32:50 2019 +1000

    fix

commit c43c1ad
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 04:28:11 2019 +1000

    fix

commit a025abe
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 04:02:15 2019 +1000

    try now

commit c1777f5
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 04:00:34 2019 +1000

    try now

commit 646292c
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 17 03:58:34 2019 +1000

    see if we can do a build!

commit a175e60
Merge: 9b3a63e 0e54342
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 5 23:49:13 2019 +1000

    Merge remote-tracking branch 'origin/develop' into shhs

commit 9b3a63e
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 5 23:36:41 2019 +1000

    linting

commit 3d89feb
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 5 23:34:24 2019 +1000

    linting

commit 400bc06
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 5 22:44:22 2019 +1000

    linting

commit a1de642
Merge: f4343c7 54283f3
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Fri Jul 5 19:46:11 2019 +1000

    Merge tag 'v1.1.0' into shhs

    Synapse 1.1.0 (2019-07-04)
    ==========================

    As of v1.1.0, Synapse no longer supports Python 2, nor Postgres version 9.4.
    See the [upgrade notes](UPGRADE.rst#upgrading-to-v110) for more details.

    This release also deprecates the use of environment variables to configure the
    docker image. See the [docker README](https://github.com/matrix-org/synapse/blob/release-v1.1.0/docker/README.md#legacy-dynamic-configuration-file-support)
    for more details.

    No changes since 1.1.0rc2.

    Synapse 1.1.0rc2 (2019-07-03)
    =============================

    Bugfixes
    --------

    - Fix regression in 1.1rc1 where OPTIONS requests to the media repo would fail. ([\#5593](#5593))
    - Removed the `SYNAPSE_SMTP_*` docker container environment variables. Using these environment variables prevented the docker container from starting in Synapse v1.0, even though they didn't actually allow any functionality anyway. ([\#5596](#5596))
    - Fix a number of "Starting txn from sentinel context" warnings. ([\#5605](#5605))

    Internal Changes
    ----------------

    - Update github templates. ([\#5552](#5552))

    Synapse 1.1.0rc1 (2019-07-02)
    =============================

    As of v1.1.0, Synapse no longer supports Python 2, nor Postgres version 9.4.
    See the [upgrade notes](UPGRADE.rst#upgrading-to-v110) for more details.

    Features
    --------

    - Added possibilty to disable local password authentication. Contributed by Daniel Hoffend. ([\#5092](#5092))
    - Add monthly active users to phonehome stats. ([\#5252](#5252))
    - Allow expired user to trigger renewal email sending manually. ([\#5363](#5363))
    - Statistics on forward extremities per room are now exposed via Prometheus. ([\#5384](#5384), [\#5458](#5458), [\#5461](#5461))
    - Add --no-daemonize option to run synapse in the foreground, per issue #4130. Contributed by Soham Gumaste. ([\#5412](#5412), [\#5587](#5587))
    - Fully support SAML2 authentication. Contributed by [Alexander Trost](https://github.com/galexrt) - thank you! ([\#5422](#5422))
    - Allow server admins to define implementations of extra rules for allowing or denying incoming events. ([\#5440](#5440), [\#5474](#5474), [\#5477](#5477))
    - Add support for handling pagination APIs on client reader worker. ([\#5505](#5505), [\#5513](#5513), [\#5531](#5531))
    - Improve help and cmdline option names for --generate-config options. ([\#5512](#5512))
    - Allow configuration of the path used for ACME account keys. ([\#5516](#5516), [\#5521](#5521), [\#5522](#5522))
    - Add --data-dir and --open-private-ports options. ([\#5524](#5524))
    - Split public rooms directory auth config in two settings, in order to manage client auth independently from the federation part of it. Obsoletes the "restrict_public_rooms_to_local_users" configuration setting. If "restrict_public_rooms_to_local_users" is set in the config, Synapse will act as if both new options are enabled, i.e. require authentication through the client API and deny federation requests. ([\#5534](#5534))
    - The minimum TLS version used for outgoing federation requests can now be set with `federation_client_minimum_tls_version`. ([\#5550](#5550))
    - Optimise devices changed query to not pull unnecessary rows from the database, reducing database load. ([\#5559](#5559))
    - Add new metrics for number of forward extremities being persisted and number of state groups involved in resolution. ([\#5476](#5476))

    Bugfixes
    --------

    - Fix bug processing incoming events over federation if call to `/get_missing_events` fails. ([\#5042](#5042))
    - Prevent more than one room upgrade happening simultaneously on the same room. ([\#5051](#5051))
    - Fix a bug where running synapse_port_db would cause the account validity feature to fail because it didn't set the type of the email_sent column to boolean. ([\#5325](#5325))
    - Warn about disabling email-based password resets when a reset occurs, and remove warning when someone attempts a phone-based reset. ([\#5387](#5387))
    - Fix email notifications for unnamed rooms with multiple people. ([\#5388](#5388))
    - Fix exceptions in federation reader worker caused by attempting to renew attestations, which should only happen on master worker. ([\#5389](#5389))
    - Fix handling of failures fetching remote content to not log failures as exceptions. ([\#5390](#5390))
    - Fix a bug where deactivated users could receive renewal emails if the account validity feature is on. ([\#5394](#5394))
    - Fix missing invite state after exchanging 3PID invites over federaton. ([\#5464](#5464))
    - Fix intermittent exceptions on Apple hardware. Also fix bug that caused database activity times to be under-reported in log lines. ([\#5498](#5498))
    - Fix logging error when a tampered event is detected. ([\#5500](#5500))
    - Fix bug where clients could tight loop calling `/sync` for a period. ([\#5507](#5507))
    - Fix bug with `jinja2` preventing Synapse from starting. Users who had this problem should now simply need to run `pip install matrix-synapse`. ([\#5514](#5514))
    - Fix a regression where homeservers on private IP addresses were incorrectly blacklisted. ([\#5523](#5523))
    - Fixed m.login.jwt using unregistred user_id and added pyjwt>=1.6.4 as jwt conditional dependencies. Contributed by Pau Rodriguez-Estivill. ([\#5555](#5555), [\#5586](#5586))
    - Fix a bug that would cause invited users to receive several emails for a single 3PID invite in case the inviter is rate limited. ([\#5576](#5576))

    Updates to the Docker image
    ---------------------------
    - Add ability to change Docker containers [timezone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) with the `TZ` variable. ([\#5383](#5383))
    - Update docker image to use Python 3.7. ([\#5546](#5546))
    - Deprecate the use of environment variables for configuration, and make the use of a static configuration the default. ([\#5561](#5561), [\#5562](#5562), [\#5566](#5566), [\#5567](#5567))
    - Increase default log level for docker image to INFO. It can still be changed by editing the generated log.config file. ([\#5547](#5547))
    - Send synapse logs to the docker logging system, by default. ([\#5565](#5565))
    - Open the non-TLS port by default. ([\#5568](#5568))
    - Fix failure to start under docker with SAML support enabled. ([\#5490](#5490))
    - Use a sensible location for data files when generating a config file. ([\#5563](#5563))

    Deprecations and Removals
    -------------------------

    - Python 2.7 is no longer a supported platform. Synapse now requires Python 3.5+ to run. ([\#5425](#5425))
    - PostgreSQL 9.4 is no longer supported. Synapse requires Postgres 9.5+ or above for Postgres support. ([\#5448](#5448))
    - Remove support for cpu_affinity setting. ([\#5525](#5525))

    Improved Documentation
    ----------------------
    - Improve README section on performance troubleshooting. ([\#4276](#4276))
    - Add information about how to install and run `black` on the codebase to code_style.rst. ([\#5537](#5537))
    - Improve install docs on choosing server_name. ([\#5558](#5558))

    Internal Changes
    ----------------

    - Add logging to 3pid invite signature verification. ([\#5015](#5015))
    - Update example haproxy config to a more compatible setup. ([\#5313](#5313))
    - Track deactivated accounts in the database. ([\#5378](#5378), [\#5465](#5465), [\#5493](#5493))
    - Clean up code for sending federation EDUs. ([\#5381](#5381))
    - Add a sponsor button to the repo. ([\#5382](#5382), [\#5386](#5386))
    - Don't log non-200 responses from federation queries as exceptions. ([\#5383](#5383))
    - Update Python syntax in contrib/ to Python 3. ([\#5446](#5446))
    - Update federation_client dev script to support `.well-known` and work with python3. ([\#5447](#5447))
    - SyTest has been moved to Buildkite. ([\#5459](#5459))
    - Demo script now uses python3. ([\#5460](#5460))
    - Synapse can now handle RestServlets that return coroutines. ([\#5475](#5475), [\#5585](#5585))
    - The demo servers talk to each other again. ([\#5478](#5478))
    - Add an EXPERIMENTAL config option to try and periodically clean up extremities by sending dummy events. ([\#5480](#5480))
    - Synapse's codebase is now formatted by `black`. ([\#5482](#5482))
    - Some cleanups and sanity-checking in the CPU and database metrics. ([\#5499](#5499))
    - Improve email notification logging. ([\#5502](#5502))
    - Fix "Unexpected entry in 'full_schemas'" log warning. ([\#5509](#5509))
    - Improve logging when generating config files. ([\#5510](#5510))
    - Refactor and clean up Config parser for maintainability. ([\#5511](#5511))
    - Make the config clearer in that email.template_dir is relative to the Synapse's root directory, not the `synapse/` folder within it. ([\#5543](#5543))
    - Update v1.0.0 release changelog to include more information about changes to password resets. ([\#5545](#5545))
    - Remove non-functioning check_event_hash.py dev script. ([\#5548](#5548))
    - Synapse will now only allow TLS v1.2 connections when serving federation, if it terminates TLS. As Synapse's allowed ciphers were only able to be used in TLSv1.2 before, this does not change behaviour. ([\#5550](#5550))
    - Logging when running GC collection on generation 0 is now at the DEBUG level, not INFO. ([\#5557](#5557))
    - Reduce the amount of stuff we send in the docker context. ([\#5564](#5564))
    - Point the reverse links in the Purge History contrib scripts at the intended location. ([\#5570](#5570))

commit f4343c7
Merge: 4689408 463d5a8
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Wed Jul 3 22:39:30 2019 +1000

    Merge remote-tracking branch 'origin/develop' into shhs

commit 4689408
Merge: bed45ab b491468
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Tue Jul 2 18:31:29 2019 +1000

    Merge remote-tracking branch 'origin/develop' into shhs

commit bed45ab
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Tue Jul 2 18:18:09 2019 +1000

    release shhs on tags

commit 0993b05
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Mon Jul 1 23:13:21 2019 +1000

    improve error text when room is too large

commit e001115
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Tue Jun 18 21:24:56 2019 +1000

    fix

commit e60aab1
Merge: e7c1171 82d9d52
Author: Amber H. Brown <hawkowl@atleastfornow.net>
Date:   Tue Jun 18 21:20:13 2019 +1000

    Merge remote-tracking branch 'origin/develop' into shhs

commit e7c1171
Merge: 8fe26db c831748
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Tue Jun 4 20:41:59 2019 +1000

    Merge remote-tracking branch 'origin/master' into shhs

commit 8fe26db
Merge: c99c105 4a30e4a
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Tue May 21 14:30:47 2019 -0500

    Merge remote-tracking branch 'origin/develop' into HEAD

commit c99c105
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon May 20 17:01:50 2019 -0500

    SHHS - Room Join Complexity (#5072)

commit d142e51
Merge: d424ba9 24b93b9
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon May 20 15:43:08 2019 -0500

    Merge remote-tracking branch 'origin/develop' into shhs

commit d424ba9
Merge: a1b8767 f1e5b41
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Wed May 15 23:30:22 2019 -0500

    Merge remote-tracking branch 'origin/develop' into shhs

commit a1b8767
Merge: faee1e9 df2ebd7
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon May 13 15:01:58 2019 -0500

    Merge remote-tracking branch 'origin/develop' into shhs

commit faee1e9
Merge: 12875f9 d216a36
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Wed May 8 16:29:45 2019 -0500

    Merge remote-tracking branch 'origin/develop' into shhs

commit 12875f9
Merge: ed38141 c1799b0
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Wed May 1 10:55:14 2019 -0400

    Merge remote-tracking branch 'origin/develop' into shhs

commit ed38141
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon Apr 29 20:57:42 2019 +1000

    target better for the shhs release docker hub, pt 3

commit bd5f624
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon Apr 29 20:43:17 2019 +1000

    target better for the shhs release docker hub, pt 2

commit c0f57ca
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon Apr 29 20:36:35 2019 +1000

    target better for the shhs release docker hub

commit 1d5cf66
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon Apr 29 20:33:36 2019 +1000

    no media repo == no path checks

commit 25256f9
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon Apr 29 20:30:55 2019 +1000

    release shhs as a release

commit a32aa2c
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Mon Apr 29 20:28:40 2019 +1000

    patch up docker

commit cbc866a
Author: Amber Brown <hawkowl@atleastfornow.net>
Date:   Fri Apr 26 01:40:01 2019 +1000

    Remove Python 2 from the SHHS branch CI (#5099)
  • Loading branch information
hawkowl committed Jul 29, 2019
1 parent fa87004 commit 0bfd099
Show file tree
Hide file tree
Showing 6 changed files with 212 additions and 5 deletions.
1 change: 1 addition & 0 deletions changelog.d/5072.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Synapse can now be configured to not join remote rooms of a given "complexity" (currently, state events). This option can be used to prevent adverse performance on resource-constrained homeservers.
11 changes: 11 additions & 0 deletions docs/sample_config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,17 @@ listeners:
# Used by phonehome stats to group together related servers.
#server_context: context

# Resource-constrained Homeserver Settings
#
# If limit_large_remote_room_joins is True, the room complexity will be
# checked before a user joins a new remote room. If it is above
# limit_large_remote_room_complexity, it will disallow joining or
# instantly leave.
#
# Uncomment the below lines to enable:
#limit_large_remote_room_joins: True
#limit_large_remote_room_complexity: 1.0

# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
#
Expand Down
17 changes: 17 additions & 0 deletions synapse/config/server.py
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,12 @@ def read_config(self, config, **kwargs):

self.gc_thresholds = read_gc_thresholds(config.get("gc_thresholds", None))

# Resource-constrained Homeserver Configuration
self.limit_large_room_joins = config.get("limit_large_remote_room_joins", False)
self.limit_large_room_complexity = config.get(
"limit_large_remote_room_complexity", 1.0
)

bind_port = config.get("bind_port")
if bind_port:
if config.get("no_tls", False):
Expand Down Expand Up @@ -617,6 +623,17 @@ def generate_config_section(
# Used by phonehome stats to group together related servers.
#server_context: context
# Resource-constrained Homeserver Settings
#
# If limit_large_remote_room_joins is True, the room complexity will be
# checked before a user joins a new remote room. If it is above
# limit_large_remote_room_complexity, it will disallow joining or
# instantly leave.
#
# Uncomment the below lines to enable:
#limit_large_remote_room_joins: True
#limit_large_remote_room_complexity: 1.0
# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
#
Expand Down
25 changes: 25 additions & 0 deletions synapse/handlers/federation.py
Original file line number Diff line number Diff line change
Expand Up @@ -2796,3 +2796,28 @@ def user_joined_room(self, user, room_id):
)
else:
return user_joined_room(self.distributor, user, room_id)

@defer.inlineCallbacks
def get_room_complexity(self, remote_room_hosts, room_id):
"""
Fetch the complexity of a remote room over federation.
Args:
remote_room_hosts (list[str]): The remote servers to ask.
room_id (str): The room ID to ask about.
Returns:
Deferred[dict] or Deferred[None]: Dict contains the complexity
metric versions, while None means we could not fetch the complexity.
"""

for host in remote_room_hosts:
res = yield self.federation_client.get_room_complexity(host, room_id)

# We got a result, return it.
if res:
defer.returnValue(res)

# We fell off the bottom, couldn't get the complexity from anyone. Oh
# well.
defer.returnValue(None)
89 changes: 85 additions & 4 deletions synapse/handlers/room_member.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,7 @@

from twisted.internet import defer

import synapse.server
import synapse.types
from synapse import types
from synapse.api.constants import EventTypes, Membership
from synapse.api.errors import AuthError, Codes, HttpResponseException, SynapseError
from synapse.types import RoomID, UserID
Expand All @@ -39,6 +38,11 @@
logger = logging.getLogger(__name__)

id_server_scheme = "https://"
ROOM_COMPLEXITY_TOO_GREAT = (
"Your homeserver is unable to join rooms this large or complex. "
"Please speak to your server administrator, or upgrade your instance "
"to join this room."
)


class RoomMemberHandler(object):
Expand Down Expand Up @@ -543,7 +547,7 @@ def send_membership_event(
), "Sender (%s) must be same as requester (%s)" % (sender, requester.user)
assert self.hs.is_mine(sender), "Sender must be our own: %s" % (sender,)
else:
requester = synapse.types.create_requester(target_user)
requester = types.create_requester(target_user)

prev_event = yield self.event_creation_handler.deduplicate_state_event(
event, context
Expand Down Expand Up @@ -945,21 +949,73 @@ def __init__(self, hs):
self.distributor.declare("user_joined_room")
self.distributor.declare("user_left_room")

@defer.inlineCallbacks
def _is_remote_room_too_complex(self, room_id, remote_room_hosts):
"""
Check if complexity of a remote room is too great.
Args:
room_id (str)
remote_room_hosts (list[str])
Returns: bool of whether the complexity is too great, or None
if unable to be fetched
"""
max_complexity = self.hs.config.limit_large_room_complexity
complexity = yield self.federation_handler.get_room_complexity(
remote_room_hosts, room_id
)

if complexity:
if complexity["v1"] > max_complexity:
return True
return False
return None

@defer.inlineCallbacks
def _is_local_room_too_complex(self, room_id):
"""
Check if the complexity of a local room is too great.
Args:
room_id (str)
Returns: bool
"""
max_complexity = self.hs.config.limit_large_room_complexity
complexity = yield self.store.get_room_complexity(room_id)

if complexity["v1"] > max_complexity:
return True

return False

@defer.inlineCallbacks
def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
"""Implements RoomMemberHandler._remote_join
"""
# filter ourselves out of remote_room_hosts: do_invite_join ignores it
# and if it is the only entry we'd like to return a 404 rather than a
# 500.

remote_room_hosts = [
host for host in remote_room_hosts if host != self.hs.hostname
]

if len(remote_room_hosts) == 0:
raise SynapseError(404, "No known servers")

if self.hs.config.limit_large_room_joins:
# Fetch the room complexity
too_complex = yield self._is_remote_room_too_complex(
room_id, remote_room_hosts
)
if too_complex is True:
raise SynapseError(
code=400,
msg=ROOM_COMPLEXITY_TOO_GREAT,
errcode=Codes.RESOURCE_LIMIT_EXCEEDED,
)

# We don't do an auth check if we are doing an invite
# join dance for now, since we're kinda implicitly checking
# that we are allowed to join when we decide whether or not we
Expand All @@ -969,6 +1025,31 @@ def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
)
yield self._user_joined_room(user, room_id)

# Check the room we just joined wasn't too large, if we didn't fetch the
# complexity of it before.
if self.hs.config.limit_large_room_joins:
if too_complex is False:
# We checked, and we're under the limit.
return

# Check again, but with the local state events
too_complex = yield self._is_local_room_too_complex(room_id)

if too_complex is False:
# We're under the limit.
return

# The room is too large. Leave.
requester = types.create_requester(user, None, False, None)
yield self.update_membership(
requester=requester, target=user, room_id=room_id, action="leave"
)
raise SynapseError(
code=400,
msg=ROOM_COMPLEXITY_TOO_GREAT,
errcode=Codes.RESOURCE_LIMIT_EXCEEDED,
)

@defer.inlineCallbacks
def _remote_reject_invite(self, requester, remote_room_hosts, room_id, target):
"""Implements RoomMemberHandler._remote_reject_invite
Expand Down
74 changes: 73 additions & 1 deletion tests/federation/test_complexity.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,16 @@
# See the License for the specific language governing permissions and
# limitations under the License.

from mock import Mock

from twisted.internet import defer

from synapse.api.errors import Codes, SynapseError
from synapse.config.ratelimiting import FederationRateLimitConfig
from synapse.federation.transport import server
from synapse.rest import admin
from synapse.rest.client.v1 import login, room
from synapse.types import UserID
from synapse.util.ratelimitutils import FederationRateLimiter

from tests import unittest
Expand All @@ -33,7 +37,7 @@ class RoomComplexityTests(unittest.HomeserverTestCase):
]

def default_config(self, name="test"):
config = super(RoomComplexityTests, self).default_config(name=name)
config = super().default_config(name=name)
config["limit_large_remote_room_joins"] = True
config["limit_large_remote_room_complexity"] = 0.05
return config
Expand Down Expand Up @@ -88,3 +92,71 @@ def test_complexity_simple(self):
self.assertEquals(200, channel.code)
complexity = channel.json_body["v1"]
self.assertEqual(complexity, 1.23)

def test_join_too_large(self):

u1 = self.register_user("u1", "pass")

handler = self.hs.get_room_member_handler()
fed_transport = self.hs.get_federation_transport_client()

# Mock out some things, because we don't want to test the whole join
fed_transport.client.get_json = Mock(return_value=defer.succeed({"v1": 9999}))
handler.federation_handler.do_invite_join = Mock(return_value=defer.succeed(1))

d = handler._remote_join(
None,
["otherserver.example"],
"roomid",
UserID.from_string(u1),
{"membership": "join"},
)

self.pump()

# The request failed with a SynapseError saying the resource limit was
# exceeded.
f = self.get_failure(d, SynapseError)
self.assertEqual(f.value.code, 400, f.value)
self.assertEqual(f.value.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)

def test_join_too_large_once_joined(self):

u1 = self.register_user("u1", "pass")
u1_token = self.login("u1", "pass")

# Ok, this might seem a bit weird -- I want to test that we actually
# leave the room, but I don't want to simulate two servers. So, we make
# a local room, which we say we're joining remotely, even if there's no
# remote, because we mock that out. Then, we'll leave the (actually
# local) room, which will be propagated over federation in a real
# scenario.
room_1 = self.helper.create_room_as(u1, tok=u1_token)

handler = self.hs.get_room_member_handler()
fed_transport = self.hs.get_federation_transport_client()

# Mock out some things, because we don't want to test the whole join
fed_transport.client.get_json = Mock(return_value=defer.succeed(None))
handler.federation_handler.do_invite_join = Mock(return_value=defer.succeed(1))

# Artificially raise the complexity
self.hs.get_datastore().get_current_state_event_counts = lambda x: defer.succeed(
600
)

d = handler._remote_join(
None,
["otherserver.example"],
room_1,
UserID.from_string(u1),
{"membership": "join"},
)

self.pump()

# The request failed with a SynapseError saying the resource limit was
# exceeded.
f = self.get_failure(d, SynapseError)
self.assertEqual(f.value.code, 400)
self.assertEqual(f.value.errcode, Codes.RESOURCE_LIMIT_EXCEEDED)

0 comments on commit 0bfd099

Please sign in to comment.