Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Error if attempting to set m.push_rules account data, per MSC4010. (#…
Browse files Browse the repository at this point in the history
…15555)

m.push_rules, like m.fully_read, is a special account data type that cannot
be set using the normal /account_data endpoint. Return an error instead
of allowing data that will not be used to be stored.
  • Loading branch information
clokep authored May 9, 2023
1 parent 2bfe3f0 commit 4b4e0dc
Show file tree
Hide file tree
Showing 9 changed files with 95 additions and 35 deletions.
1 change: 1 addition & 0 deletions changelog.d/15554.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data.
1 change: 0 additions & 1 deletion changelog.d/15554.misc

This file was deleted.

1 change: 1 addition & 0 deletions changelog.d/15555.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Experimental support for [MSC4010](https://github.com/matrix-org/matrix-spec-proposals/pull/4010) which rejects setting the `"m.push_rules"` via account data.
5 changes: 5 additions & 0 deletions synapse/config/experimental.py
Original file line number Diff line number Diff line change
Expand Up @@ -202,3 +202,8 @@ def read_config(self, config: JsonDict, **kwargs: Any) -> None:

# MSC4009: E.164 Matrix IDs
self.msc4009_e164_mxids = experimental.get("msc4009_e164_mxids", False)

# MSC4010: Do not allow setting m.push_rules account data.
self.msc4010_push_rules_account_data = experimental.get(
"msc4010_push_rules_account_data", False
)
16 changes: 14 additions & 2 deletions synapse/handlers/push_rules.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,15 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from typing import TYPE_CHECKING, List, Optional, Union
from typing import TYPE_CHECKING, Any, Dict, List, Optional, Union

import attr

from synapse.api.errors import SynapseError, UnrecognizedRequestError
from synapse.push.clientformat import format_push_rules_for_user
from synapse.storage.push_rule import RuleNotFoundException
from synapse.synapse_rust.push import get_base_rule_ids
from synapse.types import JsonDict
from synapse.types import JsonDict, UserID

if TYPE_CHECKING:
from synapse.server import HomeServer
Expand Down Expand Up @@ -115,6 +116,17 @@ def notify_user(self, user_id: str) -> None:
stream_id = self._main_store.get_max_push_rules_stream_id()
self._notifier.on_new_event("push_rules_key", stream_id, users=[user_id])

async def push_rules_for_user(
self, user: UserID
) -> Dict[str, Dict[str, List[Dict[str, Any]]]]:
"""
Push rules aren't really account data, but get formatted as such for /sync.
"""
user_id = user.to_string()
rules_raw = await self._main_store.get_push_rules_for_user(user_id)
rules = format_push_rules_for_user(user, rules_raw)
return rules


def check_actions(actions: List[Union[str, JsonDict]]) -> None:
"""Check if the given actions are spec compliant.
Expand Down
12 changes: 3 additions & 9 deletions synapse/handlers/sync.py
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@
start_active_span,
trace,
)
from synapse.push.clientformat import format_push_rules_for_user
from synapse.storage.databases.main.event_push_actions import RoomNotifCounts
from synapse.storage.databases.main.roommember import extract_heroes_from_room_summary
from synapse.storage.roommember import MemberSummary
Expand Down Expand Up @@ -261,6 +260,7 @@ def __init__(self, hs: "HomeServer"):
self.notifier = hs.get_notifier()
self.presence_handler = hs.get_presence_handler()
self._relations_handler = hs.get_relations_handler()
self._push_rules_handler = hs.get_push_rules_handler()
self.event_sources = hs.get_event_sources()
self.clock = hs.get_clock()
self.state = hs.get_state_handler()
Expand Down Expand Up @@ -428,12 +428,6 @@ async def current_sync_for_user(
set_tag(SynapseTags.SYNC_RESULT, bool(sync_result))
return sync_result

async def push_rules_for_user(self, user: UserID) -> Dict[str, Dict[str, list]]:
user_id = user.to_string()
rules_raw = await self.store.get_push_rules_for_user(user_id)
rules = format_push_rules_for_user(user, rules_raw)
return rules

async def ephemeral_by_room(
self,
sync_result_builder: "SyncResultBuilder",
Expand Down Expand Up @@ -1779,7 +1773,7 @@ async def _generate_sync_entry_for_account_data(
global_account_data = dict(global_account_data)
global_account_data[
AccountDataTypes.PUSH_RULES
] = await self.push_rules_for_user(sync_config.user)
] = await self._push_rules_handler.push_rules_for_user(sync_config.user)
else:
all_global_account_data = await self.store.get_global_account_data_for_user(
user_id
Expand All @@ -1788,7 +1782,7 @@ async def _generate_sync_entry_for_account_data(
global_account_data = dict(all_global_account_data)
global_account_data[
AccountDataTypes.PUSH_RULES
] = await self.push_rules_for_user(sync_config.user)
] = await self._push_rules_handler.push_rules_for_user(sync_config.user)

account_data_for_user = (
await sync_config.filter_collection.filter_global_account_data(
Expand Down
2 changes: 1 addition & 1 deletion synapse/push/clientformat.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

def format_push_rules_for_user(
user: UserID, ruleslist: FilteredPushRules
) -> Dict[str, Dict[str, list]]:
) -> Dict[str, Dict[str, List[Dict[str, Any]]]]:
"""Converts a list of rawrules and a enabled map into nested dictionaries
to match the Matrix client-server format for push rules"""

Expand Down
85 changes: 68 additions & 17 deletions synapse/rest/client/account_data.py
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,9 @@
# limitations under the License.

import logging
from typing import TYPE_CHECKING, Tuple
from typing import TYPE_CHECKING, Optional, Tuple

from synapse.api.constants import ReceiptTypes
from synapse.api.constants import AccountDataTypes, ReceiptTypes
from synapse.api.errors import AuthError, Codes, NotFoundError, SynapseError
from synapse.http.server import HttpServer
from synapse.http.servlet import RestServlet, parse_json_object_from_request
Expand All @@ -30,6 +30,23 @@
logger = logging.getLogger(__name__)


def _check_can_set_account_data_type(account_data_type: str) -> None:
"""The fully read marker and push rules cannot be directly set via /account_data."""
if account_data_type == ReceiptTypes.FULLY_READ:
raise SynapseError(
405,
"Cannot set m.fully_read through this API."
" Use /rooms/!roomId:server.name/read_markers",
Codes.BAD_JSON,
)
elif account_data_type == AccountDataTypes.PUSH_RULES:
raise SynapseError(
405,
"Cannot set m.push_rules through this API. Use /pushrules",
Codes.BAD_JSON,
)


class AccountDataServlet(RestServlet):
"""
PUT /user/{user_id}/account_data/{account_dataType} HTTP/1.1
Expand All @@ -47,6 +64,7 @@ def __init__(self, hs: "HomeServer"):
self.auth = hs.get_auth()
self.store = hs.get_datastores().main
self.handler = hs.get_account_data_handler()
self._push_rules_handler = hs.get_push_rules_handler()

async def on_PUT(
self, request: SynapseRequest, user_id: str, account_data_type: str
Expand All @@ -55,6 +73,10 @@ async def on_PUT(
if user_id != requester.user.to_string():
raise AuthError(403, "Cannot add account data for other users.")

# Raise an error if the account data type cannot be set directly.
if self._hs.config.experimental.msc4010_push_rules_account_data:
_check_can_set_account_data_type(account_data_type)

body = parse_json_object_from_request(request)

# If experimental support for MSC3391 is enabled, then providing an empty dict
Expand All @@ -78,19 +100,28 @@ async def on_GET(
if user_id != requester.user.to_string():
raise AuthError(403, "Cannot get account data for other users.")

event = await self.store.get_global_account_data_by_type_for_user(
user_id, account_data_type
)
# Push rules are stored in a separate table and must be queried separately.
if (
self._hs.config.experimental.msc4010_push_rules_account_data
and account_data_type == AccountDataTypes.PUSH_RULES
):
account_data: Optional[
JsonDict
] = await self._push_rules_handler.push_rules_for_user(requester.user)
else:
account_data = await self.store.get_global_account_data_by_type_for_user(
user_id, account_data_type
)

if event is None:
if account_data is None:
raise NotFoundError("Account data not found")

# If experimental support for MSC3391 is enabled, then this endpoint should
# return a 404 if the content for an account data type is an empty dict.
if self._hs.config.experimental.msc3391_enabled and event == {}:
if self._hs.config.experimental.msc3391_enabled and account_data == {}:
raise NotFoundError("Account data not found")

return 200, event
return 200, account_data


class UnstableAccountDataServlet(RestServlet):
Expand All @@ -109,6 +140,7 @@ class UnstableAccountDataServlet(RestServlet):

def __init__(self, hs: "HomeServer"):
super().__init__()
self._hs = hs
self.auth = hs.get_auth()
self.handler = hs.get_account_data_handler()

Expand All @@ -122,6 +154,10 @@ async def on_DELETE(
if user_id != requester.user.to_string():
raise AuthError(403, "Cannot delete account data for other users.")

# Raise an error if the account data type cannot be set directly.
if self._hs.config.experimental.msc4010_push_rules_account_data:
_check_can_set_account_data_type(account_data_type)

await self.handler.remove_account_data_for_user(user_id, account_data_type)

return 200, {}
Expand Down Expand Up @@ -165,16 +201,19 @@ async def on_PUT(
Codes.INVALID_PARAM,
)

body = parse_json_object_from_request(request)

if account_data_type == ReceiptTypes.FULLY_READ:
# Raise an error if the account data type cannot be set directly.
if self._hs.config.experimental.msc4010_push_rules_account_data:
_check_can_set_account_data_type(account_data_type)
elif account_data_type == ReceiptTypes.FULLY_READ:
raise SynapseError(
405,
"Cannot set m.fully_read through this API."
" Use /rooms/!roomId:server.name/read_markers",
Codes.BAD_JSON,
)

body = parse_json_object_from_request(request)

# If experimental support for MSC3391 is enabled, then providing an empty dict
# as the value for an account data type should be functionally equivalent to
# calling the DELETE method on the same type.
Expand Down Expand Up @@ -209,19 +248,26 @@ async def on_GET(
Codes.INVALID_PARAM,
)

event = await self.store.get_account_data_for_room_and_type(
user_id, room_id, account_data_type
)
# Room-specific push rules are not currently supported.
if (
self._hs.config.experimental.msc4010_push_rules_account_data
and account_data_type == AccountDataTypes.PUSH_RULES
):
account_data: Optional[JsonDict] = {}
else:
account_data = await self.store.get_account_data_for_room_and_type(
user_id, room_id, account_data_type
)

if event is None:
if account_data is None:
raise NotFoundError("Room account data not found")

# If experimental support for MSC3391 is enabled, then this endpoint should
# return a 404 if the content for an account data type is an empty dict.
if self._hs.config.experimental.msc3391_enabled and event == {}:
if self._hs.config.experimental.msc3391_enabled and account_data == {}:
raise NotFoundError("Room account data not found")

return 200, event
return 200, account_data


class UnstableRoomAccountDataServlet(RestServlet):
Expand All @@ -241,6 +287,7 @@ class UnstableRoomAccountDataServlet(RestServlet):

def __init__(self, hs: "HomeServer"):
super().__init__()
self._hs = hs
self.auth = hs.get_auth()
self.handler = hs.get_account_data_handler()

Expand All @@ -262,6 +309,10 @@ async def on_DELETE(
Codes.INVALID_PARAM,
)

# Raise an error if the account data type cannot be set directly.
if self._hs.config.experimental.msc4010_push_rules_account_data:
_check_can_set_account_data_type(account_data_type)

await self.handler.remove_account_data_for_room(
user_id, room_id, account_data_type
)
Expand Down
7 changes: 2 additions & 5 deletions synapse/rest/client/push_rule.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
parse_string,
)
from synapse.http.site import SynapseRequest
from synapse.push.clientformat import format_push_rules_for_user
from synapse.push.rulekinds import PRIORITY_CLASS_MAP
from synapse.rest.client._base import client_patterns
from synapse.storage.push_rule import InconsistentRuleException, RuleNotFoundException
Expand Down Expand Up @@ -146,14 +145,12 @@ async def on_DELETE(

async def on_GET(self, request: SynapseRequest, path: str) -> Tuple[int, JsonDict]:
requester = await self.auth.get_user_by_req(request)
user_id = requester.user.to_string()
requester.user.to_string()

# we build up the full structure and then decide which bits of it
# to send which means doing unnecessary work sometimes but is
# is probably not going to make a whole lot of difference
rules_raw = await self.store.get_push_rules_for_user(user_id)

rules = format_push_rules_for_user(requester.user, rules_raw)
rules = await self._push_rules_handler.push_rules_for_user(requester.user)

path_parts = path.split("/")[1:]

Expand Down

0 comments on commit 4b4e0dc

Please sign in to comment.