From 42c6823827a12cdb4374bc6e64d32d4ce4f526ec Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@fragile.org.uk>
Date: Sat, 4 Aug 2018 22:07:04 +0100
Subject: [PATCH 1/3] disable HS from config

---
 synapse/api/auth.py      |  4 ++++
 synapse/api/errors.py    |  1 +
 synapse/config/server.py |  4 ++++
 tests/api/test_auth.py   | 11 ++++++++++-
 tests/utils.py           |  2 ++
 5 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index d8ebbbc6e8..089f166152 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -782,6 +782,10 @@ class Auth(object):
             error (Error): The error that should be raised if user is to be
             blocked
             """
+        if self.hs.config.hs_disabled:
+            raise AuthError(
+                403, self.hs.config.hs_disabled_message, errcode=Codes.HS_DISABLED
+            )
         if self.hs.config.limit_usage_by_mau is True:
             current_mau = yield self.store.get_monthly_active_count()
             if current_mau >= self.hs.config.max_mau_value:
diff --git a/synapse/api/errors.py b/synapse/api/errors.py
index b41d595059..466240248a 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -56,6 +56,7 @@ class Codes(object):
     CONSENT_NOT_GIVEN = "M_CONSENT_NOT_GIVEN"
     CANNOT_LEAVE_SERVER_NOTICE_ROOM = "M_CANNOT_LEAVE_SERVER_NOTICE_ROOM"
     MAU_LIMIT_EXCEEDED = "M_MAU_LIMIT_EXCEEDED"
+    HS_DISABLED = "M_HS_DISABLED"
 
 
 class CodeMessageException(RuntimeError):
diff --git a/synapse/config/server.py b/synapse/config/server.py
index 8fd2319759..2e1e2f5961 100644
--- a/synapse/config/server.py
+++ b/synapse/config/server.py
@@ -75,6 +75,10 @@ class ServerConfig(Config):
                 "max_mau_value", 0,
             )
 
+        # Options to disable HS
+        self.hs_disabled = config.get("hs_disabled", False)
+        self.hs_disabled_message = config.get("hs_disabled_message", "")
+
         # FIXME: federation_domain_whitelist needs sytests
         self.federation_domain_whitelist = None
         federation_domain_whitelist = config.get(
diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py
index 5dc3398300..fbb96361a8 100644
--- a/tests/api/test_auth.py
+++ b/tests/api/test_auth.py
@@ -21,7 +21,7 @@ from twisted.internet import defer
 
 import synapse.handlers.auth
 from synapse.api.auth import Auth
-from synapse.api.errors import AuthError
+from synapse.api.errors import AuthError, Codes
 from synapse.types import UserID
 
 from tests import unittest
@@ -469,3 +469,12 @@ class AuthTestCase(unittest.TestCase):
             return_value=defer.succeed(small_number_of_users)
         )
         yield self.auth.check_auth_blocking()
+
+    @defer.inlineCallbacks
+    def test_hs_disabled(self):
+        self.hs.config.hs_disabled = True
+        self.hs.config.hs_disabled_message = "Reason for being disabled"
+        with self.assertRaises(AuthError) as e:
+            yield self.auth.check_auth_blocking()
+        self.assertEquals(e.exception.errcode, Codes.HS_DISABLED)
+        self.assertEquals(e.exception.code, 403)
diff --git a/tests/utils.py b/tests/utils.py
index ec40428e74..a0aa38d264 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -74,6 +74,8 @@ def setup_test_homeserver(name="test", datastore=None, config=None, reactor=None
         config.media_storage_providers = []
         config.auto_join_rooms = []
         config.limit_usage_by_mau = False
+        config.hs_disabled = False
+        config.hs_disabled_message = ""
 
         # disable user directory updates, because they get done in the
         # background, which upsets the test runner.

From 54685d294dd15bb8b9a9928b8d6f371ae4236e25 Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Wed, 8 Aug 2018 15:38:54 +0100
Subject: [PATCH 2/3] Ability to disable client/server Synapse via conf toggle

---
 changelog.d/3655.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/3655.feature

diff --git a/changelog.d/3655.feature b/changelog.d/3655.feature
new file mode 100644
index 0000000000..1134e549e7
--- /dev/null
+++ b/changelog.d/3655.feature
@@ -0,0 +1 @@
+Ability to disable client/server Synapse via conf toggle

From 839a317c9627ff0d61f91504a2cfca275f31d7b2 Mon Sep 17 00:00:00 2001
From: Neil Johnson <neil@matrix.org>
Date: Wed, 8 Aug 2018 17:39:04 +0100
Subject: [PATCH 3/3] fix pep8 too many lines

---
 synapse/api/errors.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/synapse/api/errors.py b/synapse/api/errors.py
index 69e6ffb5a3..dc3bed5fcb 100644
--- a/synapse/api/errors.py
+++ b/synapse/api/errors.py
@@ -62,7 +62,6 @@ class Codes(object):
     INCOMPATIBLE_ROOM_VERSION = "M_INCOMPATIBLE_ROOM_VERSION"
 
 
-
 class CodeMessageException(RuntimeError):
     """An exception with integer code and message string attributes.