Merge pull request #6020 from matrix-org/jaywink/allow-support-users-to-register

Ensure support users can be registered even if MAU limit is reached

Merge pull request #6020 from matrix-org/jaywink/allow-support-users-to-register
f1b40694 · Jason Robinson · GitHub · 9fc71dc5 · 6d847d8c · f1b40694
Unverified Commit f1b40694 authored 5 years ago by Jason Robinson Committed by GitHub 5 years ago
--- a/changelog.d/6020.bugfix
+++ b/changelog.d/6020.bugfix
+Ensure support users can be registered even if MAU limit is reached.
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -25,7 +25,7 @@ from twisted.internet import defer
 import synapse.logging.opentracing as opentracing
 import synapse.types
 from synapse import event_auth
-from synapse.api.constants import EventTypes, JoinRules, Membership
+from synapse.api.constants import EventTypes, JoinRules, Membership, UserTypes
 from synapse.api.errors import (
    AuthError,
    Codes,
@@ -709,7 +709,7 @@ class Auth(object):
            )
    @defer.inlineCallbacks
-    def check_auth_blocking(self, user_id=None, threepid=None):
+    def check_auth_blocking(self, user_id=None, threepid=None, user_type=None):
        """Checks if the user should be rejected for some external reason,
        such as monthly active user limiting or global disable flag
@@ -722,6 +722,9 @@ class Auth(object):
                with a MAU blocked server, normally they would be rejected but their
                threepid is on the reserved list. user_id and
                threepid should never be set at the same time.
+            user_type(str|None): If present, is used to decide whether to check against
+                certain blocking reasons like MAU.
        """
        # Never fail an auth check for the server notices users or support user
@@ -759,6 +762,10 @@ class Auth(object):
                    self.hs.config.mau_limits_reserved_threepids, threepid
                ):
                    return
+            elif user_type == UserTypes.SUPPORT:
+                # If the user does not exist yet and is of type "support",
+                # allow registration. Support users are excluded from MAU checks.
+                return
            # Else if there is no room in the MAU bucket, bail
            current_mau = yield self.store.get_monthly_active_count()
            if current_mau >= self.hs.config.max_mau_value:

--- a/tests/api/test_auth.py
+++ b/tests/api/test_auth.py
@@ -21,6 +21,7 @@ from twisted.internet import defer
 import synapse.handlers.auth
 from synapse.api.auth import Auth
+from synapse.api.constants import UserTypes
 from synapse.api.errors import (
    AuthError,
    Codes,
@@ -335,6 +336,23 @@ class AuthTestCase(unittest.TestCase):
        )
        yield self.auth.check_auth_blocking()
+    @defer.inlineCallbacks
+    def test_blocking_mau__depending_on_user_type(self):
+        self.hs.config.max_mau_value = 50
+        self.hs.config.limit_usage_by_mau = True
+        self.store.get_monthly_active_count = Mock(return_value=defer.succeed(100))
+        # Support users allowed
+        yield self.auth.check_auth_blocking(user_type=UserTypes.SUPPORT)
+        self.store.get_monthly_active_count = Mock(return_value=defer.succeed(100))
+        # Bots not allowed
+        with self.assertRaises(ResourceLimitError):
+            yield self.auth.check_auth_blocking(user_type=UserTypes.BOT)
+        self.store.get_monthly_active_count = Mock(return_value=defer.succeed(100))
+        # Real users not allowed
+        with self.assertRaises(ResourceLimitError):
+            yield self.auth.check_auth_blocking()
    @defer.inlineCallbacks
    def test_reserved_threepid(self):
        self.hs.config.limit_usage_by_mau = True