Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge pull request #5104 from matrix-org/erikj/ratelimit_3pid_invite
Browse files Browse the repository at this point in the history
Ratelimit 3pid invites
  • Loading branch information
erikjohnston authored May 7, 2019
2 parents 59e2d26 + 176f31c commit de655e6
Show file tree
Hide file tree
Showing 2 changed files with 12 additions and 0 deletions.
1 change: 1 addition & 0 deletions changelog.d/5104.bugfix
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix the ratelimting on third party invites.
11 changes: 11 additions & 0 deletions synapse/handlers/room_member.py
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@
from synapse.util.async_helpers import Linearizer
from synapse.util.distributor import user_joined_room, user_left_room

from ._base import BaseHandler

logger = logging.getLogger(__name__)

id_server_scheme = "https://"
Expand Down Expand Up @@ -72,6 +74,11 @@ def __init__(self, hs):
self._server_notices_mxid = self.config.server_notices_mxid
self._enable_lookup = hs.config.enable_3pid_lookup

# This is only used to get at ratelimit function, and
# maybe_kick_guest_users. It's fine there are multiple of these as
# it doesn't store state.
self.base_handler = BaseHandler(hs)

@abc.abstractmethod
def _remote_join(self, requester, remote_room_hosts, room_id, user, content):
"""Try and join a room that this server is not in
Expand Down Expand Up @@ -703,6 +710,10 @@ def do_3pid_invite(
Codes.FORBIDDEN,
)

# We need to rate limit *before* we send out any 3PID invites, so we
# can't just rely on the standard ratelimiting of events.
yield self.base_handler.ratelimit(requester)

invitee = yield self._lookup_3pid(
id_server, medium, address
)
Expand Down

0 comments on commit de655e6

Please sign in to comment.