Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add a module type for account validity #9884

Merged
merged 55 commits into from
Jul 16, 2021
Merged

Add a module type for account validity #9884

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
55 commits
Select commit Hold shift + click to select a range
2d71db2
Add additional required capabilities to the module API
babolivier Apr 26, 2021
163ca38
Change the account validity configuration
babolivier Apr 26, 2021
2dd3a35
Add an API for account validity modules
babolivier Apr 26, 2021
850b303
Plug the new account validity APIs onto the right places
babolivier Apr 26, 2021
f8c8ca8
Changelog
babolivier Apr 26, 2021
f492ef3
Allow modules to query whether the user is a server admin
babolivier Apr 26, 2021
5596cfe
The module API already exposes run_in_background which makes backgrou…
babolivier Apr 26, 2021
456a06c
Fix user authentication in the module API
babolivier Apr 27, 2021
94706a9
Add a hook for the legacy admin API
babolivier Apr 27, 2021
576b9f3
Fix comment with right URL path
babolivier Apr 27, 2021
907b655
Add a deprecation notice to the upgrade notes
babolivier Apr 27, 2021
9a9e83c
Lint
babolivier Apr 27, 2021
588fa41
Lint
babolivier Apr 27, 2021
13a72ee
Mention the module in the config warning (+typo)
babolivier Apr 27, 2021
fe2e8ca
Incorporate part of the review
babolivier May 7, 2021
2147f06
Split multiplart email sending into a dedicated handler
babolivier May 13, 2021
1df0c8c
Changelog
babolivier May 13, 2021
a26185a
Lint
babolivier May 13, 2021
7b59ea5
Merge branch 'babolivier/send_mail' into babolivier/account_validity_…
babolivier May 13, 2021
76aed9e
Incorporate review
babolivier May 13, 2021
efc82b7
Fix typo in changelog file
babolivier May 13, 2021
1df5d74
Incorporate review
babolivier May 13, 2021
0d7cb16
Typo
babolivier May 13, 2021
a36be02
Merge branch 'babolivier/send_mail' into babolivier/account_validity_…
babolivier May 13, 2021
7b553e6
Expose more things needed by the email account validity module on the…
babolivier May 14, 2021
d0a1cd5
Update docs + lint
babolivier May 19, 2021
602d2ce
Get the email app name from the email config
babolivier May 20, 2021
df82691
Merge branch 'develop' into babolivier/account_validity_plugin
babolivier May 20, 2021
14885d3
Fix types
babolivier May 20, 2021
3108884
Fix imports
babolivier May 20, 2021
d0d8a5b
Merge branch 'develop' into babolivier/account_validity_plugin
babolivier Jun 28, 2021
c52921e
Move the account validity module interface to the new system
babolivier Jul 1, 2021
c964099
Revert changes account validity config since the module config lives …
babolivier Jul 2, 2021
a6346e9
Remove deprecation warning
babolivier Jul 2, 2021
51b5233
Sample config
babolivier Jul 2, 2021
c2185cf
Incorporate review comments
babolivier Jul 2, 2021
a0ca661
Fix type of on_user_registration callbacks
babolivier Jul 2, 2021
94ca9a7
Fix types
babolivier Jul 2, 2021
34dc6ea
Restore the possibility for is_user_expired to return None
babolivier Jul 2, 2021
49c4582
Document the account validity callbacks
babolivier Jul 2, 2021
005725d
Fix tests
babolivier Jul 2, 2021
f8754fe
Document why we need legacy hooks
babolivier Jul 5, 2021
58bb7b1
Apply suggestions from code review
babolivier Jul 7, 2021
4fb4b49
Incorporate part of the review
babolivier Jul 7, 2021
b45b45d
Use the account validity handler in the pusher pool
babolivier Jul 7, 2021
972091d
Lint
babolivier Jul 7, 2021
07aa404
Fix changelog
babolivier Jul 7, 2021
ba4e069
Improve docs
babolivier Jul 8, 2021
d9ee0f9
Line break
babolivier Jul 9, 2021
c2b6689
Incorporate review
babolivier Jul 14, 2021
a4adb3d
Lint
babolivier Jul 14, 2021
c3debd5
Apply suggestions from code review
babolivier Jul 16, 2021
e87c3cb
Incorporate review
babolivier Jul 16, 2021
01b6bf3
Merge branch 'babolivier/account_validity_plugin' of github.com:matri…
babolivier Jul 16, 2021
1a8af46
Lint
babolivier Jul 16, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 14 additions & 4 deletions synapse/api/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,12 +224,22 @@ async def get_user_by_req(
shadow_banned = user_info.shadow_banned

# Deny the request if the user account has expired.
if self._account_validity_enabled and not allow_expired:
babolivier marked this conversation as resolved.
Show resolved Hide resolved
if await self.store.is_account_expired(
user_info.user_id, self.clock.time_msec()
if not allow_expired:
if await self.hs.get_account_validity().user_expired(
babolivier marked this conversation as resolved.
Show resolved Hide resolved
user_info.user_id
) or (
self._account_validity_enabled
and await self.store.is_account_expired(
user_info.user_id, self.clock.time_msec()
)
):
babolivier marked this conversation as resolved.
Show resolved Hide resolved
# Raise the error if either an account validity module has determined
# the account has expired, or the legacy account validity
# implementation is enabled and determined the account has expired
raise AuthError(
403, "User account has expired", errcode=Codes.EXPIRED_ACCOUNT
403,
"User account has expired",
errcode=Codes.EXPIRED_ACCOUNT,
)

device_id = user_info.device_id
Expand Down
24 changes: 23 additions & 1 deletion synapse/handlers/account_validity.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
from email.mime.text import MIMEText
from typing import TYPE_CHECKING, List, Optional, Tuple

from synapse.api.errors import StoreError, SynapseError
from synapse.api.errors import AuthError, StoreError, SynapseError
from synapse.logging.context import make_deferred_yieldable
from synapse.metrics.background_process_metrics import wrap_as_background_process
from synapse.types import UserID
Expand All @@ -39,6 +39,8 @@ def __init__(self, hs: "HomeServer"):
self.sendmail = self.hs.get_sendmail()
self.clock = self.hs.get_clock()

self._new_account_validity = hs.get_account_validity()

self._account_validity_enabled = (
hs.config.account_validity.account_validity_enabled
)
Expand Down Expand Up @@ -109,6 +111,19 @@ async def send_renewal_email_to_user(self, user_id: str) -> None:
Raises:
SynapseError if the user is not set to renew.
"""
# If a module supports sending a renewal email from here, do that, otherwise do
# the legacy dance.
try:
await self._new_account_validity.on_legacy_send_mail(user_id)
return
except NotImplementedError:
pass

if not self._account_validity_renew_by_email_enabled:
raise AuthError(
403, "Account renewal via email is disabled on this server."
)

expiration_ts = await self.store.get_expiration_ts_for_user(user_id)

# If this user isn't set to be expired, raise an error.
Expand Down Expand Up @@ -253,6 +268,13 @@ async def renew_account(self, renewal_token: str) -> Tuple[bool, bool, int]:
* An int representing the user's expiry timestamp as milliseconds since the
epoch, or 0 if the token was invalid.
"""
# If a module supports triggering a renew from here, do that, otherwise do the
babolivier marked this conversation as resolved.
Show resolved Hide resolved
# legacy dance.
try:
return await self._new_account_validity.on_legacy_renew(renewal_token)
except NotImplementedError:
pass

try:
(
user_id,
Expand Down
5 changes: 5 additions & 0 deletions synapse/handlers/register.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ def __init__(self, hs: "HomeServer"):
self.identity_handler = self.hs.get_identity_handler()
self.ratelimiter = hs.get_registration_ratelimiter()
self.macaroon_gen = hs.get_macaroon_generator()
self._account_validity = hs.get_account_validity()
self._server_notices_mxid = hs.config.server_notices_mxid
self._server_name = hs.hostname

Expand Down Expand Up @@ -657,6 +658,10 @@ async def register_with_store(
shadow_banned=shadow_banned,
)

# Only call the account validity module(s) on the main process, to avoid
# repeating e.g. database writes on all of the workers.
await self._account_validity.on_user_registration(user_id)

async def register_device(
self,
user_id: str,
Expand Down
8 changes: 2 additions & 6 deletions synapse/rest/client/v2_alpha/account_validity.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@

import logging

from synapse.api.errors import AuthError, SynapseError
from synapse.api.errors import SynapseError
from synapse.http.server import respond_with_html
from synapse.http.servlet import RestServlet

Expand Down Expand Up @@ -85,18 +85,14 @@ def __init__(self, hs):
super().__init__()

self.hs = hs
self.account_validity = hs.get_account_validity()
self.account_activity_handler = hs.get_account_validity_handler()
self.auth = hs.get_auth()
self.account_validity_renew_by_email_enabled = (
hs.config.account_validity.account_validity_renew_by_email_enabled
)

async def on_POST(self, request):
if not self.account_validity_renew_by_email_enabled:
raise AuthError(
403, "Account renewal via email is disabled on this server."
)

requester = await self.auth.get_user_by_req(request, allow_expired=True)
user_id = requester.user.to_string()
await self.account_activity_handler.send_renewal_email_to_user(user_id)
Expand Down