mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-25 19:15:51 +03:00
Merge pull request #3630 from matrix-org/neilj/mau_sign_in_log_in_limits
Initial impl of capping MAU
This commit is contained in:
commit
085435e13a
11 changed files with 275 additions and 16 deletions
1
changelog.d/3630.feature
Normal file
1
changelog.d/3630.feature
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add ability to limit number of monthly active users on the server
|
|
@ -55,6 +55,7 @@ class Codes(object):
|
||||||
SERVER_NOT_TRUSTED = "M_SERVER_NOT_TRUSTED"
|
SERVER_NOT_TRUSTED = "M_SERVER_NOT_TRUSTED"
|
||||||
CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
|
CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
|
||||||
CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
|
CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
|
||||||
|
MAU_LIMIT_EXCEEDED = "M_MAU_LIMIT_EXCEEDED"
|
||||||
|
|
||||||
|
|
||||||
class CodeMessageException(RuntimeError):
|
class CodeMessageException(RuntimeError):
|
||||||
|
|
|
@ -20,6 +20,8 @@ import sys
|
||||||
|
|
||||||
from six import iteritems
|
from six import iteritems
|
||||||
|
|
||||||
|
from prometheus_client import Gauge
|
||||||
|
|
||||||
from twisted.application import service
|
from twisted.application import service
|
||||||
from twisted.internet import defer, reactor
|
from twisted.internet import defer, reactor
|
||||||
from twisted.web.resource import EncodingResourceWrapper, NoResource
|
from twisted.web.resource import EncodingResourceWrapper, NoResource
|
||||||
|
@ -300,6 +302,11 @@ class SynapseHomeServer(HomeServer):
|
||||||
quit_with_error(e.message)
|
quit_with_error(e.message)
|
||||||
|
|
||||||
|
|
||||||
|
# Gauges to expose monthly active user control metrics
|
||||||
|
current_mau_gauge = Gauge("synapse_admin_current_mau", "Current MAU")
|
||||||
|
max_mau_value_gauge = Gauge("synapse_admin_max_mau_value", "MAU Limit")
|
||||||
|
|
||||||
|
|
||||||
def setup(config_options):
|
def setup(config_options):
|
||||||
"""
|
"""
|
||||||
Args:
|
Args:
|
||||||
|
@ -512,6 +519,18 @@ def run(hs):
|
||||||
# table will decrease
|
# table will decrease
|
||||||
clock.looping_call(generate_user_daily_visit_stats, 5 * 60 * 1000)
|
clock.looping_call(generate_user_daily_visit_stats, 5 * 60 * 1000)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def generate_monthly_active_users():
|
||||||
|
count = 0
|
||||||
|
if hs.config.limit_usage_by_mau:
|
||||||
|
count = yield hs.get_datastore().count_monthly_users()
|
||||||
|
current_mau_gauge.set(float(count))
|
||||||
|
max_mau_value_gauge.set(float(hs.config.max_mau_value))
|
||||||
|
|
||||||
|
generate_monthly_active_users()
|
||||||
|
if hs.config.limit_usage_by_mau:
|
||||||
|
clock.looping_call(generate_monthly_active_users, 5 * 60 * 1000)
|
||||||
|
|
||||||
if hs.config.report_stats:
|
if hs.config.report_stats:
|
||||||
logger.info("Scheduling stats reporting for 3 hour intervals")
|
logger.info("Scheduling stats reporting for 3 hour intervals")
|
||||||
clock.looping_call(start_phone_stats_home, 3 * 60 * 60 * 1000)
|
clock.looping_call(start_phone_stats_home, 3 * 60 * 60 * 1000)
|
||||||
|
|
|
@ -67,6 +67,14 @@ class ServerConfig(Config):
|
||||||
"block_non_admin_invites", False,
|
"block_non_admin_invites", False,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Options to control access by tracking MAU
|
||||||
|
self.limit_usage_by_mau = config.get("limit_usage_by_mau", False)
|
||||||
|
if self.limit_usage_by_mau:
|
||||||
|
self.max_mau_value = config.get(
|
||||||
|
"max_mau_value", 0,
|
||||||
|
)
|
||||||
|
else:
|
||||||
|
self.max_mau_value = 0
|
||||||
# FIXME: federation_domain_whitelist needs sytests
|
# FIXME: federation_domain_whitelist needs sytests
|
||||||
self.federation_domain_whitelist = None
|
self.federation_domain_whitelist = None
|
||||||
federation_domain_whitelist = config.get(
|
federation_domain_whitelist = config.get(
|
||||||
|
|
|
@ -520,6 +520,7 @@ class AuthHandler(BaseHandler):
|
||||||
"""
|
"""
|
||||||
logger.info("Logging in user %s on device %s", user_id, device_id)
|
logger.info("Logging in user %s on device %s", user_id, device_id)
|
||||||
access_token = yield self.issue_access_token(user_id, device_id)
|
access_token = yield self.issue_access_token(user_id, device_id)
|
||||||
|
yield self._check_mau_limits()
|
||||||
|
|
||||||
# the device *should* have been registered before we got here; however,
|
# the device *should* have been registered before we got here; however,
|
||||||
# it's possible we raced against a DELETE operation. The thing we
|
# it's possible we raced against a DELETE operation. The thing we
|
||||||
|
@ -731,15 +732,18 @@ class AuthHandler(BaseHandler):
|
||||||
device_id)
|
device_id)
|
||||||
defer.returnValue(access_token)
|
defer.returnValue(access_token)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
def validate_short_term_login_token_and_get_user_id(self, login_token):
|
def validate_short_term_login_token_and_get_user_id(self, login_token):
|
||||||
|
yield self._check_mau_limits()
|
||||||
auth_api = self.hs.get_auth()
|
auth_api = self.hs.get_auth()
|
||||||
|
user_id = None
|
||||||
try:
|
try:
|
||||||
macaroon = pymacaroons.Macaroon.deserialize(login_token)
|
macaroon = pymacaroons.Macaroon.deserialize(login_token)
|
||||||
user_id = auth_api.get_user_id_from_macaroon(macaroon)
|
user_id = auth_api.get_user_id_from_macaroon(macaroon)
|
||||||
auth_api.validate_macaroon(macaroon, "login", True, user_id)
|
auth_api.validate_macaroon(macaroon, "login", True, user_id)
|
||||||
return user_id
|
|
||||||
except Exception:
|
except Exception:
|
||||||
raise AuthError(403, "Invalid token", errcode=Codes.FORBIDDEN)
|
raise AuthError(403, "Invalid token", errcode=Codes.FORBIDDEN)
|
||||||
|
defer.returnValue(user_id)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def delete_access_token(self, access_token):
|
def delete_access_token(self, access_token):
|
||||||
|
@ -903,6 +907,19 @@ class AuthHandler(BaseHandler):
|
||||||
else:
|
else:
|
||||||
return defer.succeed(False)
|
return defer.succeed(False)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def _check_mau_limits(self):
|
||||||
|
"""
|
||||||
|
Ensure that if mau blocking is enabled that invalid users cannot
|
||||||
|
log in.
|
||||||
|
"""
|
||||||
|
if self.hs.config.limit_usage_by_mau is True:
|
||||||
|
current_mau = yield self.store.count_monthly_users()
|
||||||
|
if current_mau >= self.hs.config.max_mau_value:
|
||||||
|
raise AuthError(
|
||||||
|
403, "MAU Limit Exceeded", errcode=Codes.MAU_LIMIT_EXCEEDED
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@attr.s
|
@attr.s
|
||||||
class MacaroonGenerator(object):
|
class MacaroonGenerator(object):
|
||||||
|
|
|
@ -45,7 +45,7 @@ class RegistrationHandler(BaseHandler):
|
||||||
hs (synapse.server.HomeServer):
|
hs (synapse.server.HomeServer):
|
||||||
"""
|
"""
|
||||||
super(RegistrationHandler, self).__init__(hs)
|
super(RegistrationHandler, self).__init__(hs)
|
||||||
|
self.hs = hs
|
||||||
self.auth = hs.get_auth()
|
self.auth = hs.get_auth()
|
||||||
self._auth_handler = hs.get_auth_handler()
|
self._auth_handler = hs.get_auth_handler()
|
||||||
self.profile_handler = hs.get_profile_handler()
|
self.profile_handler = hs.get_profile_handler()
|
||||||
|
@ -144,6 +144,7 @@ class RegistrationHandler(BaseHandler):
|
||||||
Raises:
|
Raises:
|
||||||
RegistrationError if there was a problem registering.
|
RegistrationError if there was a problem registering.
|
||||||
"""
|
"""
|
||||||
|
yield self._check_mau_limits()
|
||||||
password_hash = None
|
password_hash = None
|
||||||
if password:
|
if password:
|
||||||
password_hash = yield self.auth_handler().hash(password)
|
password_hash = yield self.auth_handler().hash(password)
|
||||||
|
@ -288,6 +289,7 @@ class RegistrationHandler(BaseHandler):
|
||||||
400,
|
400,
|
||||||
"User ID can only contain characters a-z, 0-9, or '=_-./'",
|
"User ID can only contain characters a-z, 0-9, or '=_-./'",
|
||||||
)
|
)
|
||||||
|
yield self._check_mau_limits()
|
||||||
user = UserID(localpart, self.hs.hostname)
|
user = UserID(localpart, self.hs.hostname)
|
||||||
user_id = user.to_string()
|
user_id = user.to_string()
|
||||||
|
|
||||||
|
@ -437,7 +439,7 @@ class RegistrationHandler(BaseHandler):
|
||||||
"""
|
"""
|
||||||
if localpart is None:
|
if localpart is None:
|
||||||
raise SynapseError(400, "Request must include user id")
|
raise SynapseError(400, "Request must include user id")
|
||||||
|
yield self._check_mau_limits()
|
||||||
need_register = True
|
need_register = True
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
@ -531,3 +533,16 @@ class RegistrationHandler(BaseHandler):
|
||||||
remote_room_hosts=remote_room_hosts,
|
remote_room_hosts=remote_room_hosts,
|
||||||
action="join",
|
action="join",
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def _check_mau_limits(self):
|
||||||
|
"""
|
||||||
|
Do not accept registrations if monthly active user limits exceeded
|
||||||
|
and limiting is enabled
|
||||||
|
"""
|
||||||
|
if self.hs.config.limit_usage_by_mau is True:
|
||||||
|
current_mau = yield self.store.count_monthly_users()
|
||||||
|
if current_mau >= self.hs.config.max_mau_value:
|
||||||
|
raise RegistrationError(
|
||||||
|
403, "MAU Limit Exceeded", Codes.MAU_LIMIT_EXCEEDED
|
||||||
|
)
|
||||||
|
|
|
@ -94,6 +94,7 @@ class DataStore(RoomMemberStore, RoomStore,
|
||||||
self._clock = hs.get_clock()
|
self._clock = hs.get_clock()
|
||||||
self.database_engine = hs.database_engine
|
self.database_engine = hs.database_engine
|
||||||
|
|
||||||
|
self.db_conn = db_conn
|
||||||
self._stream_id_gen = StreamIdGenerator(
|
self._stream_id_gen = StreamIdGenerator(
|
||||||
db_conn, "events", "stream_ordering",
|
db_conn, "events", "stream_ordering",
|
||||||
extra_tables=[("local_invites", "stream_id")]
|
extra_tables=[("local_invites", "stream_id")]
|
||||||
|
@ -266,6 +267,31 @@ class DataStore(RoomMemberStore, RoomStore,
|
||||||
|
|
||||||
return self.runInteraction("count_users", _count_users)
|
return self.runInteraction("count_users", _count_users)
|
||||||
|
|
||||||
|
def count_monthly_users(self):
|
||||||
|
"""Counts the number of users who used this homeserver in the last 30 days
|
||||||
|
|
||||||
|
This method should be refactored with count_daily_users - the only
|
||||||
|
reason not to is waiting on definition of mau
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
Defered[int]
|
||||||
|
"""
|
||||||
|
def _count_monthly_users(txn):
|
||||||
|
thirty_days_ago = int(self._clock.time_msec()) - (1000 * 60 * 60 * 24 * 30)
|
||||||
|
sql = """
|
||||||
|
SELECT COALESCE(count(*), 0) FROM (
|
||||||
|
SELECT user_id FROM user_ips
|
||||||
|
WHERE last_seen > ?
|
||||||
|
GROUP BY user_id
|
||||||
|
) u
|
||||||
|
"""
|
||||||
|
|
||||||
|
txn.execute(sql, (thirty_days_ago,))
|
||||||
|
count, = txn.fetchone()
|
||||||
|
return count
|
||||||
|
|
||||||
|
return self.runInteraction("count_monthly_users", _count_monthly_users)
|
||||||
|
|
||||||
def count_r30_users(self):
|
def count_r30_users(self):
|
||||||
"""
|
"""
|
||||||
Counts the number of 30 day retained users, defined as:-
|
Counts the number of 30 day retained users, defined as:-
|
||||||
|
|
|
@ -88,5 +88,5 @@ def run_upgrade(cur, database_engine, *args, **kwargs):
|
||||||
"UPDATE sqlite_master SET sql=? WHERE tbl_name='events' AND type='table'",
|
"UPDATE sqlite_master SET sql=? WHERE tbl_name='events' AND type='table'",
|
||||||
(sql, ),
|
(sql, ),
|
||||||
)
|
)
|
||||||
cur.execute("PRAGMA schema_version=%i" % (oldver+1,))
|
cur.execute("PRAGMA schema_version=%i" % (oldver + 1,))
|
||||||
cur.execute("PRAGMA writable_schema=OFF")
|
cur.execute("PRAGMA writable_schema=OFF")
|
||||||
|
|
|
@ -12,6 +12,7 @@
|
||||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
from mock import Mock
|
||||||
|
|
||||||
import pymacaroons
|
import pymacaroons
|
||||||
|
|
||||||
|
@ -19,6 +20,7 @@ from twisted.internet import defer
|
||||||
|
|
||||||
import synapse
|
import synapse
|
||||||
import synapse.api.errors
|
import synapse.api.errors
|
||||||
|
from synapse.api.errors import AuthError
|
||||||
from synapse.handlers.auth import AuthHandler
|
from synapse.handlers.auth import AuthHandler
|
||||||
|
|
||||||
from tests import unittest
|
from tests import unittest
|
||||||
|
@ -37,6 +39,10 @@ class AuthTestCase(unittest.TestCase):
|
||||||
self.hs.handlers = AuthHandlers(self.hs)
|
self.hs.handlers = AuthHandlers(self.hs)
|
||||||
self.auth_handler = self.hs.handlers.auth_handler
|
self.auth_handler = self.hs.handlers.auth_handler
|
||||||
self.macaroon_generator = self.hs.get_macaroon_generator()
|
self.macaroon_generator = self.hs.get_macaroon_generator()
|
||||||
|
# MAU tests
|
||||||
|
self.hs.config.max_mau_value = 50
|
||||||
|
self.small_number_of_users = 1
|
||||||
|
self.large_number_of_users = 100
|
||||||
|
|
||||||
def test_token_is_a_macaroon(self):
|
def test_token_is_a_macaroon(self):
|
||||||
token = self.macaroon_generator.generate_access_token("some_user")
|
token = self.macaroon_generator.generate_access_token("some_user")
|
||||||
|
@ -71,38 +77,37 @@ class AuthTestCase(unittest.TestCase):
|
||||||
v.satisfy_general(verify_nonce)
|
v.satisfy_general(verify_nonce)
|
||||||
v.verify(macaroon, self.hs.config.macaroon_secret_key)
|
v.verify(macaroon, self.hs.config.macaroon_secret_key)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
def test_short_term_login_token_gives_user_id(self):
|
def test_short_term_login_token_gives_user_id(self):
|
||||||
self.hs.clock.now = 1000
|
self.hs.clock.now = 1000
|
||||||
|
|
||||||
token = self.macaroon_generator.generate_short_term_login_token(
|
token = self.macaroon_generator.generate_short_term_login_token(
|
||||||
"a_user", 5000
|
"a_user", 5000
|
||||||
)
|
)
|
||||||
|
user_id = yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
||||||
self.assertEqual(
|
token
|
||||||
"a_user",
|
|
||||||
self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
|
||||||
token
|
|
||||||
)
|
|
||||||
)
|
)
|
||||||
|
self.assertEqual("a_user", user_id)
|
||||||
|
|
||||||
# when we advance the clock, the token should be rejected
|
# when we advance the clock, the token should be rejected
|
||||||
self.hs.clock.now = 6000
|
self.hs.clock.now = 6000
|
||||||
with self.assertRaises(synapse.api.errors.AuthError):
|
with self.assertRaises(synapse.api.errors.AuthError):
|
||||||
self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
||||||
token
|
token
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
def test_short_term_login_token_cannot_replace_user_id(self):
|
def test_short_term_login_token_cannot_replace_user_id(self):
|
||||||
token = self.macaroon_generator.generate_short_term_login_token(
|
token = self.macaroon_generator.generate_short_term_login_token(
|
||||||
"a_user", 5000
|
"a_user", 5000
|
||||||
)
|
)
|
||||||
macaroon = pymacaroons.Macaroon.deserialize(token)
|
macaroon = pymacaroons.Macaroon.deserialize(token)
|
||||||
|
|
||||||
|
user_id = yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
||||||
|
macaroon.serialize()
|
||||||
|
)
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
"a_user",
|
"a_user", user_id
|
||||||
self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
|
||||||
macaroon.serialize()
|
|
||||||
)
|
|
||||||
)
|
)
|
||||||
|
|
||||||
# add another "user_id" caveat, which might allow us to override the
|
# add another "user_id" caveat, which might allow us to override the
|
||||||
|
@ -110,6 +115,57 @@ class AuthTestCase(unittest.TestCase):
|
||||||
macaroon.add_first_party_caveat("user_id = b_user")
|
macaroon.add_first_party_caveat("user_id = b_user")
|
||||||
|
|
||||||
with self.assertRaises(synapse.api.errors.AuthError):
|
with self.assertRaises(synapse.api.errors.AuthError):
|
||||||
self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
||||||
macaroon.serialize()
|
macaroon.serialize()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def test_mau_limits_disabled(self):
|
||||||
|
self.hs.config.limit_usage_by_mau = False
|
||||||
|
# Ensure does not throw exception
|
||||||
|
yield self.auth_handler.get_access_token_for_user_id('user_a')
|
||||||
|
|
||||||
|
yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
||||||
|
self._get_macaroon().serialize()
|
||||||
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def test_mau_limits_exceeded(self):
|
||||||
|
self.hs.config.limit_usage_by_mau = True
|
||||||
|
self.hs.get_datastore().count_monthly_users = Mock(
|
||||||
|
return_value=defer.succeed(self.large_number_of_users)
|
||||||
|
)
|
||||||
|
|
||||||
|
with self.assertRaises(AuthError):
|
||||||
|
yield self.auth_handler.get_access_token_for_user_id('user_a')
|
||||||
|
|
||||||
|
self.hs.get_datastore().count_monthly_users = Mock(
|
||||||
|
return_value=defer.succeed(self.large_number_of_users)
|
||||||
|
)
|
||||||
|
with self.assertRaises(AuthError):
|
||||||
|
yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
||||||
|
self._get_macaroon().serialize()
|
||||||
|
)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def test_mau_limits_not_exceeded(self):
|
||||||
|
self.hs.config.limit_usage_by_mau = True
|
||||||
|
|
||||||
|
self.hs.get_datastore().count_monthly_users = Mock(
|
||||||
|
return_value=defer.succeed(self.small_number_of_users)
|
||||||
|
)
|
||||||
|
# Ensure does not raise exception
|
||||||
|
yield self.auth_handler.get_access_token_for_user_id('user_a')
|
||||||
|
|
||||||
|
self.hs.get_datastore().count_monthly_users = Mock(
|
||||||
|
return_value=defer.succeed(self.small_number_of_users)
|
||||||
|
)
|
||||||
|
yield self.auth_handler.validate_short_term_login_token_and_get_user_id(
|
||||||
|
self._get_macaroon().serialize()
|
||||||
|
)
|
||||||
|
|
||||||
|
def _get_macaroon(self):
|
||||||
|
token = self.macaroon_generator.generate_short_term_login_token(
|
||||||
|
"user_a", 5000
|
||||||
|
)
|
||||||
|
return pymacaroons.Macaroon.deserialize(token)
|
||||||
|
|
|
@ -17,6 +17,7 @@ from mock import Mock
|
||||||
|
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
from synapse.api.errors import RegistrationError
|
||||||
from synapse.handlers.register import RegistrationHandler
|
from synapse.handlers.register import RegistrationHandler
|
||||||
from synapse.types import UserID, create_requester
|
from synapse.types import UserID, create_requester
|
||||||
|
|
||||||
|
@ -77,3 +78,53 @@ class RegistrationTestCase(unittest.TestCase):
|
||||||
requester, local_part, display_name)
|
requester, local_part, display_name)
|
||||||
self.assertEquals(result_user_id, user_id)
|
self.assertEquals(result_user_id, user_id)
|
||||||
self.assertEquals(result_token, 'secret')
|
self.assertEquals(result_token, 'secret')
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def test_cannot_register_when_mau_limits_exceeded(self):
|
||||||
|
local_part = "someone"
|
||||||
|
display_name = "someone"
|
||||||
|
requester = create_requester("@as:test")
|
||||||
|
store = self.hs.get_datastore()
|
||||||
|
self.hs.config.limit_usage_by_mau = False
|
||||||
|
self.hs.config.max_mau_value = 50
|
||||||
|
lots_of_users = 100
|
||||||
|
small_number_users = 1
|
||||||
|
|
||||||
|
store.count_monthly_users = Mock(return_value=defer.succeed(lots_of_users))
|
||||||
|
|
||||||
|
# Ensure does not throw exception
|
||||||
|
yield self.handler.get_or_create_user(requester, 'a', display_name)
|
||||||
|
|
||||||
|
self.hs.config.limit_usage_by_mau = True
|
||||||
|
|
||||||
|
with self.assertRaises(RegistrationError):
|
||||||
|
yield self.handler.get_or_create_user(requester, 'b', display_name)
|
||||||
|
|
||||||
|
store.count_monthly_users = Mock(return_value=defer.succeed(small_number_users))
|
||||||
|
|
||||||
|
self._macaroon_mock_generator("another_secret")
|
||||||
|
|
||||||
|
# Ensure does not throw exception
|
||||||
|
yield self.handler.get_or_create_user("@neil:matrix.org", 'c', "Neil")
|
||||||
|
|
||||||
|
self._macaroon_mock_generator("another another secret")
|
||||||
|
store.count_monthly_users = Mock(return_value=defer.succeed(lots_of_users))
|
||||||
|
|
||||||
|
with self.assertRaises(RegistrationError):
|
||||||
|
yield self.handler.register(localpart=local_part)
|
||||||
|
|
||||||
|
self._macaroon_mock_generator("another another secret")
|
||||||
|
store.count_monthly_users = Mock(return_value=defer.succeed(lots_of_users))
|
||||||
|
|
||||||
|
with self.assertRaises(RegistrationError):
|
||||||
|
yield self.handler.register_saml2(local_part)
|
||||||
|
|
||||||
|
def _macaroon_mock_generator(self, secret):
|
||||||
|
"""
|
||||||
|
Reset macaroon generator in the case where the test creates multiple users
|
||||||
|
"""
|
||||||
|
macaroon_generator = Mock(
|
||||||
|
generate_access_token=Mock(return_value=secret))
|
||||||
|
self.hs.get_macaroon_generator = Mock(return_value=macaroon_generator)
|
||||||
|
self.hs.handlers = RegistrationHandlers(self.hs)
|
||||||
|
self.handler = self.hs.get_handlers().registration_handler
|
||||||
|
|
65
tests/storage/test__init__.py
Normal file
65
tests/storage/test__init__.py
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Copyright 2018 New Vector Ltd
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
# you may not use this file except in compliance with the License.
|
||||||
|
# You may obtain a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
# See the License for the specific language governing permissions and
|
||||||
|
# limitations under the License.
|
||||||
|
|
||||||
|
from twisted.internet import defer
|
||||||
|
|
||||||
|
import tests.utils
|
||||||
|
|
||||||
|
|
||||||
|
class InitTestCase(tests.unittest.TestCase):
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
super(InitTestCase, self).__init__(*args, **kwargs)
|
||||||
|
self.store = None # type: synapse.storage.DataStore
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def setUp(self):
|
||||||
|
hs = yield tests.utils.setup_test_homeserver()
|
||||||
|
|
||||||
|
hs.config.max_mau_value = 50
|
||||||
|
hs.config.limit_usage_by_mau = True
|
||||||
|
self.store = hs.get_datastore()
|
||||||
|
self.clock = hs.get_clock()
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def test_count_monthly_users(self):
|
||||||
|
count = yield self.store.count_monthly_users()
|
||||||
|
self.assertEqual(0, count)
|
||||||
|
|
||||||
|
yield self._insert_user_ips("@user:server1")
|
||||||
|
yield self._insert_user_ips("@user:server2")
|
||||||
|
|
||||||
|
count = yield self.store.count_monthly_users()
|
||||||
|
self.assertEqual(2, count)
|
||||||
|
|
||||||
|
@defer.inlineCallbacks
|
||||||
|
def _insert_user_ips(self, user):
|
||||||
|
"""
|
||||||
|
Helper function to populate user_ips without using batch insertion infra
|
||||||
|
args:
|
||||||
|
user (str): specify username i.e. @user:server.com
|
||||||
|
"""
|
||||||
|
yield self.store._simple_upsert(
|
||||||
|
table="user_ips",
|
||||||
|
keyvalues={
|
||||||
|
"user_id": user,
|
||||||
|
"access_token": "access_token",
|
||||||
|
"ip": "ip",
|
||||||
|
"user_agent": "user_agent",
|
||||||
|
"device_id": "device_id",
|
||||||
|
},
|
||||||
|
values={
|
||||||
|
"last_seen": self.clock.time_msec(),
|
||||||
|
}
|
||||||
|
)
|
Loading…
Reference in a new issue