Add support for MSC4155 Invite filtering (#18288)

This implements
matrix-org/matrix-spec-proposals#4155, which
adds support for a new account data type that blocks an invite based on
some conditions in the event contents.

---------

Co-authored-by: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>

Author: Half-Shot

changelog.d/18288.feature

@@ -0,0 +1 @@
+Add support for [MSC4155](https://github.com/matrix-org/matrix-spec-proposals/pull/4155) Invite Filtering.

docker/complement/conf/workers-shared-extra.yaml.j2

@@ -127,6 +127,8 @@ experimental_features:
   msc3983_appservice_otk_claims: true
   # Proxy key queries to exclusive ASes
   msc3984_appservice_key_query: true
+  # Invite filtering
+  msc4155_enabled: true
 
 server_notices:
   system_mxid_localpart: _server

scripts-dev/complement.sh

@@ -229,6 +229,7 @@ test_packages=(
     ./tests/msc3902
     ./tests/msc3967
     ./tests/msc4140
+    ./tests/msc4155
 )
 
 # Enable dirty runs, so tests will reuse the same container where possible.

synapse/api/constants.py

@@ -286,6 +286,10 @@ class AccountDataTypes:
     IGNORED_USER_LIST: Final = "m.ignored_user_list"
     TAG: Final = "m.tag"
     PUSH_RULES: Final = "m.push_rules"
+    # MSC4155: Invite filtering
+    MSC4155_INVITE_PERMISSION_CONFIG: Final = (
+        "org.matrix.msc4155.invite_permission_config"
+    )
 
 
 class HistoryVisibility:

synapse/api/errors.py

@@ -137,6 +137,9 @@ class Codes(str, Enum):
     PROFILE_TOO_LARGE = "M_PROFILE_TOO_LARGE"
     KEY_TOO_LARGE = "M_KEY_TOO_LARGE"
 
+    # Part of MSC4155
+    INVITE_BLOCKED = "ORG.MATRIX.MSC4155.M_INVITE_BLOCKED"
+
 
 class CodeMessageException(RuntimeError):
     """An exception with integer code, a message string attributes and optional headers.

synapse/config/experimental.py

@@ -566,3 +566,6 @@ def read_config(
             "msc4263_limit_key_queries_to_users_who_share_rooms",
             False,
         )
+
+        # MSC4155: Invite filtering
+        self.msc4155_enabled: bool = experimental.get("msc4155_enabled", False)

synapse/handlers/federation.py

@@ -78,6 +78,7 @@
     ReplicationStoreRoomOnOutlierMembershipRestServlet,
 )
 from synapse.storage.databases.main.events_worker import EventRedactBehaviour
+from synapse.storage.invite_rule import InviteRule
 from synapse.types import JsonDict, StrCollection, get_domain_from_id
 from synapse.types.state import StateFilter
 from synapse.util.async_helpers import Linearizer
@@ -1089,6 +1090,20 @@ async def on_invite_request(
         if event.state_key == self._server_notices_mxid:
             raise SynapseError(HTTPStatus.FORBIDDEN, "Cannot invite this user")
 
+        # check the invitee's configuration and apply rules
+        invite_config = await self.store.get_invite_config_for_user(event.state_key)
+        rule = invite_config.get_invite_rule(event.sender)
+        if rule == InviteRule.BLOCK:
+            logger.info(
+                f"Automatically rejecting invite from {event.sender} due to the invite filtering rules of {event.state_key}"
+            )
+            raise SynapseError(
+                403,
+                "You are not permitted to invite this user.",
+                errcode=Codes.INVITE_BLOCKED,
+            )
+        # InviteRule.IGNORE is handled at the sync layer
+
         # We retrieve the room member handler here as to not cause a cyclic dependency
         member_handler = self.hs.get_room_member_handler()
         # We don't rate limit based on room ID, as that should be done by

synapse/handlers/room_member.py

@@ -53,6 +53,7 @@
 from synapse.metrics.background_process_metrics import run_as_background_process
 from synapse.replication.http.push import ReplicationCopyPusherRestServlet
 from synapse.storage.databases.main.state_deltas import StateDelta
+from synapse.storage.invite_rule import InviteRule
 from synapse.types import (
     JsonDict,
     Requester,
@@ -915,6 +916,21 @@ async def update_membership_locked(
                     additional_fields=block_invite_result[1],
                 )
 
+            # check the invitee's configuration and apply rules. Admins on the server can bypass.
+            if not is_requester_admin:
+                invite_config = await self.store.get_invite_config_for_user(target_id)
+                rule = invite_config.get_invite_rule(requester.user.to_string())
+                if rule == InviteRule.BLOCK:
+                    logger.info(
+                        f"Automatically rejecting invite from {target_id} due to the the invite filtering rules of {requester.user}"
+                    )
+                    raise SynapseError(
+                        403,
+                        "You are not permitted to invite this user.",
+                        errcode=Codes.INVITE_BLOCKED,
+                    )
+                # InviteRule.IGNORE is handled at the sync layer.
+
         # An empty prev_events list is allowed as long as the auth_event_ids are present
         if prev_event_ids is not None:
             return await self._local_membership_update(

synapse/handlers/sliding_sync/room_lists.py

@@ -49,6 +49,7 @@
     Sentinel as StateSentinel,
 )
 from synapse.storage.databases.main.stream import CurrentStateDeltaMembership
+from synapse.storage.invite_rule import InviteRule
 from synapse.storage.roommember import (
     RoomsForUser,
     RoomsForUserSlidingSync,
@@ -278,6 +279,7 @@ async def _compute_interested_rooms_new_tables(
 
         # Remove invites from ignored users
         ignored_users = await self.store.ignored_users(user_id)
+        invite_config = await self.store.get_invite_config_for_user(user_id)
         if ignored_users:
             # FIXME: It would be nice to avoid this copy but since
             # `get_sliding_sync_rooms_for_user_from_membership_snapshots` is cached, it
@@ -292,7 +294,14 @@ async def _compute_interested_rooms_new_tables(
                 room_for_user_sliding_sync = room_membership_for_user_map[room_id]
                 if (
                     room_for_user_sliding_sync.membership == Membership.INVITE
-                    and room_for_user_sliding_sync.sender in ignored_users
+                    and room_for_user_sliding_sync.sender
+                    and (
+                        room_for_user_sliding_sync.sender in ignored_users
+                        or invite_config.get_invite_rule(
+                            room_for_user_sliding_sync.sender
+                        )
+                        == InviteRule.IGNORE
+                    )
                 ):
                     room_membership_for_user_map.pop(room_id, None)
 

synapse/handlers/sync.py

@@ -66,6 +66,7 @@
 from synapse.storage.databases.main.event_push_actions import RoomNotifCounts
 from synapse.storage.databases.main.roommember import extract_heroes_from_room_summary
 from synapse.storage.databases.main.stream import PaginateFunction
+from synapse.storage.invite_rule import InviteRule
 from synapse.storage.roommember import MemberSummary
 from synapse.types import (
     DeviceListUpdates,
@@ -2549,6 +2550,7 @@ async def _get_room_changes_for_incremental_sync(
         room_entries: List[RoomSyncResultBuilder] = []
         invited: List[InvitedSyncResult] = []
         knocked: List[KnockedSyncResult] = []
+        invite_config = await self.store.get_invite_config_for_user(user_id)
         for room_id, events in mem_change_events_by_room_id.items():
             # The body of this loop will add this room to at least one of the five lists
             # above. Things get messy if you've e.g. joined, left, joined then left the
@@ -2631,7 +2633,11 @@ async def _get_room_changes_for_incremental_sync(
             # Only bother if we're still currently invited
             should_invite = last_non_join.membership == Membership.INVITE
             if should_invite:
-                if last_non_join.sender not in ignored_users:
+                if (
+                    last_non_join.sender not in ignored_users
+                    and invite_config.get_invite_rule(last_non_join.sender)
+                    != InviteRule.IGNORE
+                ):
                     invite_room_sync = InvitedSyncResult(room_id, invite=last_non_join)
                     if invite_room_sync:
                         invited.append(invite_room_sync)
@@ -2786,6 +2792,7 @@ async def _get_room_changes_for_initial_sync(
             membership_list=Membership.LIST,
             excluded_rooms=sync_result_builder.excluded_room_ids,
         )
+        invite_config = await self.store.get_invite_config_for_user(user_id)
 
         room_entries = []
         invited = []
@@ -2811,6 +2818,8 @@ async def _get_room_changes_for_initial_sync(
             elif event.membership == Membership.INVITE:
                 if event.sender in ignored_users:
                     continue
+                if invite_config.get_invite_rule(event.sender) == InviteRule.IGNORE:
+                    continue
                 invite = await self.store.get_event(event.event_id)
                 invited.append(InvitedSyncResult(room_id=event.room_id, invite=invite))
             elif event.membership == Membership.KNOCK: