Don't forget to ratelimit calls outside of RegistrationHandler

4059d61e · Andrew Morgan · b33c4f7a · 4059d61e · 4059d61e
Commit 4059d61e authored 5 years ago by Andrew Morgan
--- a/synapse/handlers/register.py
+++ b/synapse/handlers/register.py
@@ -168,7 +168,7 @@ class RegistrationHandler(BaseHandler):
        Raises:
            RegistrationError if there was a problem registering.
        """
-        yield self._check_registration_ratelimit(address)
+        yield self.check_registration_ratelimit(address)
        yield self.auth.check_auth_blocking(threepid=threepid)
        password_hash = None
@@ -415,7 +415,7 @@ class RegistrationHandler(BaseHandler):
            ratelimit=False,
        )
-    def _check_registration_ratelimit(self, address):
+    def check_registration_ratelimit(self, address):
        """A simple helper method to check whether the registration rate limit has been hit
        for a given IP address

--- a/synapse/replication/http/register.py
+++ b/synapse/replication/http/register.py
@@ -75,6 +75,8 @@ class ReplicationRegisterServlet(ReplicationEndpoint):
    async def _handle_request(self, request, user_id):
        content = parse_json_object_from_request(request)
+        await self.registration_handler.check_registration_ratelimit(content["address"])
        await self.registration_handler.register_with_store(
            user_id=user_id,
            password_hash=content["password_hash"],