Add 3PID invite support to spam checker

synapse/events/spamcheck.py

@@ -46,14 +46,19 @@ class SpamChecker(object):
 
         return self.spam_checker.check_event_for_spam(event)
 
-    def user_may_invite(self, inviter_userid, invitee_userid, room_id, new_room):
+    def user_may_invite(self, inviter_userid, invitee_userid, third_party_invite,
+                        room_id, new_room):
         """Checks if a given user may send an invite
 
         If this method returns false, the invite will be rejected.
 
         Args:
             inviter_userid (str)
-            invitee_userid (str)
+            invitee_userid (str|None): The user ID of the invitee. Is None
+                if this is a third party invite and the 3PID is not bound to a
+                user ID.
+            invitee_userid (dict|None): If a third party invite then is a dict
+                containing the medium and address of the invitee.
             room_id (str)
             new_room (bool): Wether the user is being invited to the room as
                 part of a room creation, if so the invitee would have been
@@ -66,7 +71,7 @@ class SpamChecker(object):
             return True
 
         return self.spam_checker.user_may_invite(
-            inviter_userid, invitee_userid, room_id, new_room,
+            inviter_userid, invitee_userid, third_party_invite, room_id, new_room,
         )
 
     def user_may_create_room(self, userid, invite_list, third_party_invite_list,

synapse/handlers/federation.py

@@ -1346,7 +1346,8 @@ class FederationHandler(BaseHandler):
             raise SynapseError(403, "This server does not accept room invites")
 
         if not self.spam_checker.user_may_invite(
-            event.sender, event.state_key, event.room_id, new_room=False,
+            event.sender, event.state_key, None,
+            room_id=event.room_id, new_room=False,
         ):
             raise SynapseError(
                 403, "This user is not permitted to send invites to this server/user"

synapse/handlers/room.py

@@ -661,6 +661,7 @@ class RoomCreationHandler(BaseHandler):
                 id_server,
                 requester,
                 txn_id=None,
+                new_room=True,
             )
 
         result = {"room_id": room_id}

synapse/handlers/room_member.py

@@ -425,7 +425,9 @@ class RoomMemberHandler(object):
                     block_invite = True
 
                 if not self.spam_checker.user_may_invite(
-                    requester.user.to_string(), target.to_string(), room_id,
+                    requester.user.to_string(), target.to_string(),
+                    third_party_invite=None,
+                    room_id=room_id,
                     new_room=new_room,
                 ):
                     logger.info("Blocking invite due to spam checker")
@@ -728,7 +730,8 @@ class RoomMemberHandler(object):
             address,
             id_server,
             requester,
-            txn_id
+            txn_id,
+            new_room=False,
     ):
         if self.config.block_non_admin_invites:
             is_requester_admin = yield self.auth.is_server_admin(
@@ -744,6 +747,20 @@ class RoomMemberHandler(object):
             id_server, medium, address
         )
 
+        if not self.spam_checker.user_may_invite(
+            requester.user.to_string(), invitee,
+            third_party_invite={
+                "medium": medium,
+                "address": address,
+            },
+            room_id=room_id,
+            new_room=new_room,
+        ):
+            logger.info("Blocking invite due to spam checker")
+            raise SynapseError(
+                403, "Invites have been disabled on this server",
+            )
+
         if invitee:
             yield self.update_membership(
                 requester,

synapse/rest/client/v1/room.py

@@ -666,7 +666,8 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
                 content["address"],
                 content["id_server"],
                 requester,
-                txn_id
+                txn_id,
+                new_room=False,
             )
             defer.returnValue((200, {}))
             return

synapse/rulecheck/domain_rule_checker.py

@@ -74,13 +74,19 @@ class DomainRuleChecker(object):
         """
         return False
 
-    def user_may_invite(self, inviter_userid, invitee_userid, room_id,
-                        new_room):
+    def user_may_invite(self, inviter_userid, invitee_userid, third_party_invite,
+                        room_id, new_room):
         """Implements synapse.events.SpamChecker.user_may_invite
         """
         if self.can_only_invite_during_room_creation and not new_room:
             return False
 
+        if not self.can_invite_by_third_party_id and third_party_invite:
+            return False
+
+        if third_party_invite and not invitee_userid:
+            return True
+
         inviter_domain = self._get_domain_from_id(inviter_userid)
         invitee_domain = self._get_domain_from_id(invitee_userid)
 

tests/rulecheck/test_domainrulecheck.py

@@ -35,13 +35,15 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
         }
         check = DomainRuleChecker(config)
         self.assertTrue(
-            check.user_may_invite("test:source_one", "test:target_one", "room", False)
+            check.user_may_invite(
+                "test:source_one", "test:target_one", None, "room", False,
+            )
         )
         self.assertTrue(
-            check.user_may_invite("test:source_one", "test:target_two", "room", False)
+            check.user_may_invite("test:source_one", "test:target_two", None, "room", False)
         )
         self.assertTrue(
-            check.user_may_invite("test:source_two", "test:target_two", "room", False)
+            check.user_may_invite("test:source_two", "test:target_two", None, "room", False)
         )
 
     def test_disallowed(self):
@@ -55,16 +57,16 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
         }
         check = DomainRuleChecker(config)
         self.assertFalse(
-            check.user_may_invite("test:source_one", "test:target_three", "room", False)
+            check.user_may_invite("test:source_one", "test:target_three", None, "room", False)
         )
         self.assertFalse(
-            check.user_may_invite("test:source_two", "test:target_three", "room", False)
+            check.user_may_invite("test:source_two", "test:target_three", None, "room", False)
         )
         self.assertFalse(
-            check.user_may_invite("test:source_two", "test:target_one", "room", False)
+            check.user_may_invite("test:source_two", "test:target_one", None, "room", False)
         )
         self.assertFalse(
-            check.user_may_invite("test:source_four", "test:target_one", "room", False)
+            check.user_may_invite("test:source_four", "test:target_one", None, "room", False)
         )
 
     def test_default_allow(self):
@@ -77,7 +79,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
         }
         check = DomainRuleChecker(config)
         self.assertTrue(
-            check.user_may_invite("test:source_three", "test:target_one", "room", False)
+            check.user_may_invite("test:source_three", "test:target_one", None, "room", False)
         )
 
     def test_default_deny(self):
@@ -90,7 +92,7 @@ class DomainRuleCheckerTestCase(unittest.TestCase):
         }
         check = DomainRuleChecker(config)
         self.assertFalse(
-            check.user_may_invite("test:source_three", "test:target_one", "room", False)
+            check.user_may_invite("test:source_three", "test:target_one", None, "room", False)
         )
 
     def test_config_parse(self):