incorporate PR feedback

2024-12-22 12:44:30 +03:00 · 2018-01-22 14:54:46 +01:00 · 2018-01-22 14:54:46 +01:00 · 313a489fc9
commit 313a489fc9
parent 4b090cb273
8 changed files with 19 additions and 16 deletions
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@ -55,14 +55,16 @@ class ServerConfig(Config):
            "block_non_admin_invites", False,
        )
        # FIXME: federation_domain_whitelist needs sytests
        self.federation_domain_whitelist = None
        federation_domain_whitelist = config.get(
-            "federation_domain_whitelist", []
+            "federation_domain_whitelist", None
        )
        # turn the whitelist into a hash for speed of lookup
-        self.federation_domain_whitelist = {}
+        if federation_domain_whitelist is not None:
-        for domain in federation_domain_whitelist:
+            self.federation_domain_whitelist = {}
-            self.federation_domain_whitelist[domain] = True
+            for domain in federation_domain_whitelist:
-        # FIXME: federation_domain_whitelist needs sytests
+                self.federation_domain_whitelist[domain] = True
        if self.public_baseurl is not None:
            if self.public_baseurl[-1] != '/':
@ -222,7 +224,8 @@ class ServerConfig(Config):
        # Restrict federation to the following whitelist of domains.
        # N.B. we recommend also firewalling your federation listener to limit
        # inbound federation traffic as early as possible, rather than relying
-        # purely on this application-layer restriction.
+        # purely on this application-layer restriction.  If not specified, the
        # default is to whitelist nothing.
        #
        # federation_domain_whitelist:
        #  - lon.example.com
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@ -267,7 +267,7 @@ class FederationClient(FederationBase):
                logger.info(e.message)
                continue
            except FederationDeniedError as e:
-                logger.debug(e.message)
+                logger.info(e.message)
                continue
            except Exception as e:
                pdu_attempts[destination] = now
--- a/synapse/federation/transaction_queue.py
+++ b/synapse/federation/transaction_queue.py
@ -491,7 +491,7 @@ class TransactionQueue(object):
                ),
            )
        except FederationDeniedError as e:
-            logger.debug(e)
+            logger.info(e)
        except Exception as e:
            logger.warn(
                "TX [%s] Failed to send transaction: %s",
--- a/synapse/federation/transport/server.py
+++ b/synapse/federation/transport/server.py
@ -94,7 +94,7 @@ class Authenticator(object):
        }
        if (
-            self.federation_domain_whitelist and
+            self.federation_domain_whitelist is not None and
            self.server_name not in self.federation_domain_whitelist
        ):
            raise FederationDeniedError(self.server_name)
--- a/synapse/handlers/device.py
+++ b/synapse/handlers/device.py
@ -515,7 +515,7 @@ class DeviceListEduUpdater(object):
                    # eventually become consistent.
                    return
                except FederationDeniedError as e:
-                    logger.debug(e)
+                    logger.info(e)
                    return
                except Exception:
                    # TODO: Remember that we are now out of sync and try again
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -784,7 +784,7 @@ class FederationHandler(BaseHandler):
                    logger.info(e.message)
                    continue
                except FederationDeniedError as e:
-                    logger.debug(e)
+                    logger.info(e)
                    continue
                except Exception as e:
                    logger.exception(
--- a/synapse/rest/key/v2/remote_key_resource.py
+++ b/synapse/rest/key/v2/remote_key_resource.py
@ -139,7 +139,7 @@ class RemoteKey(Resource):
        store_queries = []
        for server_name, key_ids in query.items():
            if (
-                self.federation_domain_whitelist and
+                self.federation_domain_whitelist is not None and
                server_name not in self.federation_domain_whitelist
            ):
                logger.debug("Federation denied with %s", server_name)
--- a/synapse/rest/media/v1/media_repository.py
+++ b/synapse/rest/media/v1/media_repository.py
@ -226,7 +226,7 @@ class MediaRepository(object):
                to request
        """
        if (
-            self.federation_domain_whitelist and
+            self.federation_domain_whitelist is not None and
            server_name not in self.federation_domain_whitelist
        ):
            raise FederationDeniedError(server_name)
@ -266,7 +266,7 @@ class MediaRepository(object):
            Deferred[dict]: The media_info of the file
        """
        if (
-            self.federation_domain_whitelist and
+            self.federation_domain_whitelist is not None and
            server_name not in self.federation_domain_whitelist
        ):
            raise FederationDeniedError(server_name)
@ -387,8 +387,8 @@ class MediaRepository(object):
                logger.warn("Not retrying destination %r", server_name)
                raise SynapseError(502, "Failed to fetch remote media")
            except FederationDeniedError as e:
-                logger.debug(e)
+                logger.info(e)
-                raise SynapseError(403, e.message)
+                raise e
            except Exception:
                logger.exception("Failed to fetch remote media %s/%s",
                                 server_name, media_id)