forward requester id to check username for spam callbacks#17916
Conversation
|
|
| with Measure(self.clock, f"{callback.__module__}.{callback.__qualname__}"): | ||
| # Make a copy of the user profile object to ensure the spam checker cannot | ||
| # modify it. | ||
| res = await delay_cancellation(callback(user_profile.copy())) |
There was a problem hiding this comment.
I think we need to not break current checkers that do not yet have requester_id in their signature.
Something like (untested and some stuffs are missing but it's so you get the idea) :
checker_args = inspect.signature(callback)
if len(checker_args.parameters) == 2:
callback(user_profile.copy(), requester_id)
else:
callback(user_profile.copy())
There was a problem hiding this comment.
Added unit tests to ensure backwards compat
|
Thanks for that!
|
… of https://github.com/WilsonLe/synapse into feature/add_reader_to_check_username_for_spam_callback
| async def allow_all_expects_requester_id( | ||
| user_profile: UserProfile, requester_id: str | ||
| ) -> bool: | ||
| # Allow all users. |
There was a problem hiding this comment.
Please add something like assert requester_id is not None to test that requester_id is correctly passed here.
There was a problem hiding this comment.
Added assert is instance of string checks
There was a problem hiding this comment.
Can we not do self.assertEqual(requester_id, u1)?
|
|
||
| # Configure a spam checker that filters all users. | ||
| async def block_all_expects_requester_id( | ||
| user_profile: UserProfile, requester_id: str |
There was a problem hiding this comment.
let's remove requester_id: str param here so we do test backward compatibility, and add a comment about it.
There was a problem hiding this comment.
I kept the old tests that does not have requester_id. I simply added more tests with requester_id.
There was a problem hiding this comment.
I'll add comments for backwards compatibility for these functions.
There was a problem hiding this comment.
I kept the old tests that does not have requester_id. I simply added more tests with requester_id.
Oh good point I haven't noticed, thanks for the comments.
… add comments on old tests on why keeping them is important
MatMaul
left a comment
MatMaul
left a comment
There was a problem hiding this comment.
LGTM, we now need someone from the core team to trigger the CI :)
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
|
|
||
| ```python | ||
| async def check_username_for_spam(user_profile: synapse.module_api.UserProfile) -> bool | ||
| async def check_username_for_spam(user_profile: synapse.module_api.UserProfile, requester_id: str) -> bool |
There was a problem hiding this comment.
Can you add a sentence or two for what requester_id is please, something like:
The
requester_idparameter is the ID of the user that called the user directory API.
There was a problem hiding this comment.
@erikjohnston Hi I couldn't reply to your comment on using self.assertEqual(requester_id, u1) directly but I've added the checks.
| async def allow_all_expects_requester_id( | ||
| user_profile: UserProfile, requester_id: str | ||
| ) -> bool: | ||
| # Allow all users. |
There was a problem hiding this comment.
Can we not do self.assertEqual(requester_id, u1)?
|
Thanks @WilsonLe, sorry it got dropped for a bit. Just FYI that you can rerequest review from people after you made changes, which makes it easier for us to not forget things :) |
Please note that this version of Synapse drops support for PostgreSQL 11 and 12. The minimum version of PostgreSQL supported is now version 13. No significant changes since 1.122.0rc1. - Remove support for PostgreSQL 11 and 12. Contributed by @clokep. ([\#18034](element-hq/synapse#18034)) - Added the `email.tlsname` config option. This allows specifying the domain name used to validate the SMTP server's TLS certificate separately from the `email.smtp_host` to connect to. ([\#17849](element-hq/synapse#17849)) - Module developers will have access to the user ID of the requester when adding `check_username_for_spam` callbacks to `spam_checker_module_callbacks`. Contributed by Wilson@Pangea.chat. ([\#17916](element-hq/synapse#17916)) - Add endpoints to the Admin API to fetch the number of invites the provided user has sent after a given timestamp, fetch the number of rooms the provided user has joined after a given timestamp, and get report IDs of event reports against a provided user (i.e. where the user was the sender of the reported event). ([\#17948](element-hq/synapse#17948)) - Support stable account suspension from [MSC3823](matrix-org/matrix-spec-proposals#3823). ([\#17964](element-hq/synapse#17964)) - Add `macaroon_secret_key_path` config option. ([\#17983](element-hq/synapse#17983)) - Fix bug when rejecting withdrew invite with a `third_party_rules` module, where the invite would be stuck for the client. ([\#17930](element-hq/synapse#17930)) - Properly purge state groups tables when purging a room with the Admin API. ([\#18024](element-hq/synapse#18024)) - Fix a bug preventing the admin redaction endpoint from working on messages from remote users. ([\#18029](element-hq/synapse#18029), [\#18043](element-hq/synapse#18043)) - Update `synapse.app.generic_worker` documentation to only recommend `GET` requests for stream writer routes by default, unless the worker is also configured as a stream writer. Contributed by @evoL. ([\#17954](element-hq/synapse#17954)) - Add documentation for the previously-undocumented `last_seen_ts` query parameter to the query user Admin API. ([\#17976](element-hq/synapse#17976)) - Improve documentation for the `TaskScheduler` class. ([\#17992](element-hq/synapse#17992)) - Fix example in reverse proxy docs to include server port. ([\#17994](element-hq/synapse#17994)) - Update Alpine Linux Synapse Package Maintainer within the installation instructions. ([\#17846](element-hq/synapse#17846)) - Add `RoomID` & `EventID` rust types. ([\#17996](element-hq/synapse#17996)) - Fix various type errors across the codebase. ([\#17998](element-hq/synapse#17998)) - Disable DB statement timeout when doing a room purge since it can be quite long. ([\#18017](element-hq/synapse#18017)) - Remove some remaining uses of `twisted.internet.defer.returnValue`. Contributed by Colin Watson. ([\#18020](element-hq/synapse#18020)) - Refactor `get_profile` to no longer include fields with a value of `None`. ([\#18063](element-hq/synapse#18063)) * Bump anyhow from 1.0.93 to 1.0.95. ([\#18012](element-hq/synapse#18012), [\#18045](element-hq/synapse#18045)) * Bump authlib from 1.3.2 to 1.4.0. ([\#18048](element-hq/synapse#18048)) * Bump dawidd6/action-download-artifact from 6 to 7. ([\#17981](element-hq/synapse#17981)) * Bump http from 1.1.0 to 1.2.0. ([\#18013](element-hq/synapse#18013)) - Bump mypy from 1.11.2 to 1.12.1. ([\#17999](element-hq/synapse#17999)) * Bump mypy-zope from 1.0.8 to 1.0.9. ([\#18047](element-hq/synapse#18047)) * Bump pillow from 10.4.0 to 11.0.0. ([\#18015](element-hq/synapse#18015)) * Bump pydantic from 2.9.2 to 2.10.3. ([\#18014](element-hq/synapse#18014)) * Bump pyicu from 2.13.1 to 2.14. ([\#18060](element-hq/synapse#18060)) * Bump pyo3 from 0.23.2 to 0.23.3. ([\#18001](element-hq/synapse#18001)) * Bump python-multipart from 0.0.16 to 0.0.18. ([\#17985](element-hq/synapse#17985)) * Bump sentry-sdk from 2.17.0 to 2.19.2. ([\#18061](element-hq/synapse#18061)) * Bump serde from 1.0.215 to 1.0.217. ([\#18031](element-hq/synapse#18031), [\#18059](element-hq/synapse#18059)) * Bump serde_json from 1.0.133 to 1.0.134. ([\#18044](element-hq/synapse#18044)) * Bump twine from 5.1.1 to 6.0.1. ([\#18049](element-hq/synapse#18049)) **Changelogs for older versions can be found [here](docs/changelogs/).**
Broke in #17916, as the signature inspection incorrectly looks at the wrapper function. We fix this by setting the signature on the wrapper function to that of the wrapped function via `@functools.wraps`.
Broke in #17916, as the signature inspection incorrectly looks at the wrapper function. We fix this by setting the signature on the wrapper function to that of the wrapped function via `@functools.wraps`.
5 participants
Pull Request Checklist
EventStoretoEventWorkerStore.".code blocks.(run the linters)