-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
forward requester id to check username for spam callbacks #17916
forward requester id to check username for spam callbacks #17916
Conversation
@@ -735,7 +738,9 @@ async def check_username_for_spam(self, user_profile: UserProfile) -> bool: | |||
with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"): | |||
# Make a copy of the user profile object to ensure the spam checker cannot | |||
# modify it. | |||
res = await delay_cancellation(callback(user_profile.copy())) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to not break current checkers that do not yet have requester_id
in their signature.
Something like (untested and some stuffs are missing but it's so you get the idea) :
checker_args = inspect.signature(callback)
if len(checker_args.parameters) == 2:
callback(user_profile.copy(), requester_id)
else:
callback(user_profile.copy())
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added unit tests to ensure backwards compat
Thanks for that!
|
… of https://github.com/WilsonLe/synapse into feature/add_reader_to_check_username_for_spam_callback
async def allow_all_expects_requester_id( | ||
user_profile: UserProfile, requester_id: str | ||
) -> bool: | ||
# Allow all users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add something like assert requester_id is not None
to test that requester_id is correctly passed here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added assert is instance of string checks
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we not do self.assertEqual(requester_id, u1)
?
|
||
# Configure a spam checker that filters all users. | ||
async def block_all_expects_requester_id( | ||
user_profile: UserProfile, requester_id: str |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
let's remove requester_id: str
param here so we do test backward compatibility, and add a comment about it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kept the old tests that does not have requester_id
. I simply added more tests with requester_id
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll add comments for backwards compatibility for these functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kept the old tests that does not have requester_id. I simply added more tests with requester_id.
Oh good point I haven't noticed, thanks for the comments.
… add comments on old tests on why keeping them is important
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, we now need someone from the core team to trigger the CI :)
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise, LGTM thanks!
@@ -245,7 +245,7 @@ this callback. | |||
_First introduced in Synapse v1.37.0_ | |||
|
|||
```python | |||
async def check_username_for_spam(user_profile: synapse.module_api.UserProfile) -> bool | |||
async def check_username_for_spam(user_profile: synapse.module_api.UserProfile, requester_id: str) -> bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you add a sentence or two for what requester_id
is please, something like:
The
requester_id
parameter is the ID of the user that called the user directory API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@erikjohnston Hi I couldn't reply to your comment on using self.assertEqual(requester_id, u1)
directly but I've added the checks.
async def allow_all_expects_requester_id( | ||
user_profile: UserProfile, requester_id: str | ||
) -> bool: | ||
# Allow all users. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we not do self.assertEqual(requester_id, u1)
?
Thanks @WilsonLe, sorry it got dropped for a bit. Just FYI that you can rerequest review from people after you made changes, which makes it easier for us to not forget things :) |
Please note that this version of Synapse drops support for PostgreSQL 11 and 12. The minimum version of PostgreSQL supported is now version 13. No significant changes since 1.122.0rc1. - Remove support for PostgreSQL 11 and 12. Contributed by @clokep. ([\#18034](element-hq/synapse#18034)) - Added the `email.tlsname` config option. This allows specifying the domain name used to validate the SMTP server's TLS certificate separately from the `email.smtp_host` to connect to. ([\#17849](element-hq/synapse#17849)) - Module developers will have access to the user ID of the requester when adding `check_username_for_spam` callbacks to `spam_checker_module_callbacks`. Contributed by Wilson@Pangea.chat. ([\#17916](element-hq/synapse#17916)) - Add endpoints to the Admin API to fetch the number of invites the provided user has sent after a given timestamp, fetch the number of rooms the provided user has joined after a given timestamp, and get report IDs of event reports against a provided user (i.e. where the user was the sender of the reported event). ([\#17948](element-hq/synapse#17948)) - Support stable account suspension from [MSC3823](matrix-org/matrix-spec-proposals#3823). ([\#17964](element-hq/synapse#17964)) - Add `macaroon_secret_key_path` config option. ([\#17983](element-hq/synapse#17983)) - Fix bug when rejecting withdrew invite with a `third_party_rules` module, where the invite would be stuck for the client. ([\#17930](element-hq/synapse#17930)) - Properly purge state groups tables when purging a room with the Admin API. ([\#18024](element-hq/synapse#18024)) - Fix a bug preventing the admin redaction endpoint from working on messages from remote users. ([\#18029](element-hq/synapse#18029), [\#18043](element-hq/synapse#18043)) - Update `synapse.app.generic_worker` documentation to only recommend `GET` requests for stream writer routes by default, unless the worker is also configured as a stream writer. Contributed by @evoL. ([\#17954](element-hq/synapse#17954)) - Add documentation for the previously-undocumented `last_seen_ts` query parameter to the query user Admin API. ([\#17976](element-hq/synapse#17976)) - Improve documentation for the `TaskScheduler` class. ([\#17992](element-hq/synapse#17992)) - Fix example in reverse proxy docs to include server port. ([\#17994](element-hq/synapse#17994)) - Update Alpine Linux Synapse Package Maintainer within the installation instructions. ([\#17846](element-hq/synapse#17846)) - Add `RoomID` & `EventID` rust types. ([\#17996](element-hq/synapse#17996)) - Fix various type errors across the codebase. ([\#17998](element-hq/synapse#17998)) - Disable DB statement timeout when doing a room purge since it can be quite long. ([\#18017](element-hq/synapse#18017)) - Remove some remaining uses of `twisted.internet.defer.returnValue`. Contributed by Colin Watson. ([\#18020](element-hq/synapse#18020)) - Refactor `get_profile` to no longer include fields with a value of `None`. ([\#18063](element-hq/synapse#18063)) * Bump anyhow from 1.0.93 to 1.0.95. ([\#18012](element-hq/synapse#18012), [\#18045](element-hq/synapse#18045)) * Bump authlib from 1.3.2 to 1.4.0. ([\#18048](element-hq/synapse#18048)) * Bump dawidd6/action-download-artifact from 6 to 7. ([\#17981](element-hq/synapse#17981)) * Bump http from 1.1.0 to 1.2.0. ([\#18013](element-hq/synapse#18013)) - Bump mypy from 1.11.2 to 1.12.1. ([\#17999](element-hq/synapse#17999)) * Bump mypy-zope from 1.0.8 to 1.0.9. ([\#18047](element-hq/synapse#18047)) * Bump pillow from 10.4.0 to 11.0.0. ([\#18015](element-hq/synapse#18015)) * Bump pydantic from 2.9.2 to 2.10.3. ([\#18014](element-hq/synapse#18014)) * Bump pyicu from 2.13.1 to 2.14. ([\#18060](element-hq/synapse#18060)) * Bump pyo3 from 0.23.2 to 0.23.3. ([\#18001](element-hq/synapse#18001)) * Bump python-multipart from 0.0.16 to 0.0.18. ([\#17985](element-hq/synapse#17985)) * Bump sentry-sdk from 2.17.0 to 2.19.2. ([\#18061](element-hq/synapse#18061)) * Bump serde from 1.0.215 to 1.0.217. ([\#18031](element-hq/synapse#18031), [\#18059](element-hq/synapse#18059)) * Bump serde_json from 1.0.133 to 1.0.134. ([\#18044](element-hq/synapse#18044)) * Bump twine from 5.1.1 to 6.0.1. ([\#18049](element-hq/synapse#18049)) **Changelogs for older versions can be found [here](docs/changelogs/).**
Pull Request Checklist
EventStore
toEventWorkerStore
.".code blocks
.(run the linters)