incorporate PR feedback

This commit is contained in:
Matthew Hodgson 2018-01-22 14:54:46 +01:00
parent 4b090cb273
commit 313a489fc9
8 changed files with 19 additions and 16 deletions

View file

@ -55,14 +55,16 @@ class ServerConfig(Config):
"block_non_admin_invites", False,
)
# FIXME: federation_domain_whitelist needs sytests
self.federation_domain_whitelist = None
federation_domain_whitelist = config.get(
"federation_domain_whitelist", []
"federation_domain_whitelist", None
)
# turn the whitelist into a hash for speed of lookup
self.federation_domain_whitelist = {}
for domain in federation_domain_whitelist:
self.federation_domain_whitelist[domain] = True
# FIXME: federation_domain_whitelist needs sytests
if federation_domain_whitelist is not None:
self.federation_domain_whitelist = {}
for domain in federation_domain_whitelist:
self.federation_domain_whitelist[domain] = True
if self.public_baseurl is not None:
if self.public_baseurl[-1] != '/':
@ -222,7 +224,8 @@ class ServerConfig(Config):
# Restrict federation to the following whitelist of domains.
# N.B. we recommend also firewalling your federation listener to limit
# inbound federation traffic as early as possible, rather than relying
# purely on this application-layer restriction.
# purely on this application-layer restriction. If not specified, the
# default is to whitelist nothing.
#
# federation_domain_whitelist:
# - lon.example.com

View file

@ -267,7 +267,7 @@ class FederationClient(FederationBase):
logger.info(e.message)
continue
except FederationDeniedError as e:
logger.debug(e.message)
logger.info(e.message)
continue
except Exception as e:
pdu_attempts[destination] = now

View file

@ -491,7 +491,7 @@ class TransactionQueue(object):
),
)
except FederationDeniedError as e:
logger.debug(e)
logger.info(e)
except Exception as e:
logger.warn(
"TX [%s] Failed to send transaction: %s",

View file

@ -94,7 +94,7 @@ class Authenticator(object):
}
if (
self.federation_domain_whitelist and
self.federation_domain_whitelist is not None and
self.server_name not in self.federation_domain_whitelist
):
raise FederationDeniedError(self.server_name)

View file

@ -515,7 +515,7 @@ class DeviceListEduUpdater(object):
# eventually become consistent.
return
except FederationDeniedError as e:
logger.debug(e)
logger.info(e)
return
except Exception:
# TODO: Remember that we are now out of sync and try again

View file

@ -784,7 +784,7 @@ class FederationHandler(BaseHandler):
logger.info(e.message)
continue
except FederationDeniedError as e:
logger.debug(e)
logger.info(e)
continue
except Exception as e:
logger.exception(

View file

@ -139,7 +139,7 @@ class RemoteKey(Resource):
store_queries = []
for server_name, key_ids in query.items():
if (
self.federation_domain_whitelist and
self.federation_domain_whitelist is not None and
server_name not in self.federation_domain_whitelist
):
logger.debug("Federation denied with %s", server_name)

View file

@ -226,7 +226,7 @@ class MediaRepository(object):
to request
"""
if (
self.federation_domain_whitelist and
self.federation_domain_whitelist is not None and
server_name not in self.federation_domain_whitelist
):
raise FederationDeniedError(server_name)
@ -266,7 +266,7 @@ class MediaRepository(object):
Deferred[dict]: The media_info of the file
"""
if (
self.federation_domain_whitelist and
self.federation_domain_whitelist is not None and
server_name not in self.federation_domain_whitelist
):
raise FederationDeniedError(server_name)
@ -387,8 +387,8 @@ class MediaRepository(object):
logger.warn("Not retrying destination %r", server_name)
raise SynapseError(502, "Failed to fetch remote media")
except FederationDeniedError as e:
logger.debug(e)
raise SynapseError(403, e.message)
logger.info(e)
raise e
except Exception:
logger.exception("Failed to fetch remote media %s/%s",
server_name, media_id)