Don't auto log failed auth checks

2024-11-02 20:59:12 +01:00 · 2016-04-13 11:11:46 +01:00 · 2016-04-13 11:11:46 +01:00 · c53f9d561e
commit c53f9d561e
parent 10ebbaea2e
3 changed files with 76 additions and 62 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -68,7 +68,6 @@ class Auth(object):
        """
        self.check_size_limits(event)

-        try:
        if not hasattr(event, "room_id"):
            raise AuthError(500, "Event has no room_id: %s" % event)
        if auth_events is None:
@ -127,13 +126,6 @@ class Auth(object):
            self.check_redaction(event, auth_events)

        logger.debug("Allowing! %s", event)
-        except AuthError as e:
-            logger.info(
-                "Event auth check failed on event %s with msg: %s",
-                event, e.msg
-            )
-            logger.info("Denying! %s", event)
-            raise

    def check_size_limits(self, event):
        def too_big(field):
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@ -316,7 +316,11 @@ class BaseHandler(object):
        if ratelimit:
            self.ratelimit(requester)

+        try:
            self.auth.check(event, auth_events=context.current_state)
+        except AuthError as err:
+            logger.warn("Denying new event %r because %s", event, err)
+            raise err

        yield self.maybe_kick_guest_users(event, context.current_state.values())

--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -681,9 +681,13 @@ class FederationHandler(BaseHandler):
            "state_key": user_id,
        })

+        try:
            event, context = yield self._create_new_client_event(
                builder=builder,
            )
+        except AuthError as e:
+            logger.warn("Failed to create join %r because %s", event, e)
+            raise e

        self.auth.check(event, auth_events=context.current_state)

@ -915,7 +919,11 @@ class FederationHandler(BaseHandler):
            builder=builder,
        )

+        try:
            self.auth.check(event, auth_events=context.current_state)
+        except AuthError as e:
+            logger.warn("Failed to create new leave %r because %s", event, e)
+            raise e

        defer.returnValue(event)

@ -1512,8 +1520,9 @@ class FederationHandler(BaseHandler):

        try:
            self.auth.check(event, auth_events=auth_events)
-        except AuthError:
-            raise
+        except AuthError as e:
+            logger.warn("Failed auth resolution for %r because %s", event, e)
+            raise e

    @defer.inlineCallbacks
    def construct_auth_difference(self, local_auth, remote_auth):
@ -1689,7 +1698,12 @@ class FederationHandler(BaseHandler):
                event_dict, event, context
            )

+            try:
                self.auth.check(event, context.current_state)
+            except AuthError as e:
+                logger.warn("Denying new third party invite %r because %s", event, e)
+                raise e
+
            yield self._check_signature(event, auth_events=context.current_state)
            member_handler = self.hs.get_handlers().room_member_handler
            yield member_handler.send_membership_event(None, event, context)
@ -1714,7 +1728,11 @@ class FederationHandler(BaseHandler):
            event_dict, event, context
        )

+        try:
            self.auth.check(event, auth_events=context.current_state)
+        except AuthError as e:
+            logger.warn("Denying third party invite %r because %s", event, e)
+            raise e
        yield self._check_signature(event, auth_events=context.current_state)

        returned_invite = yield self.send_invite(origin, event)