From 320667a47977ebbc9a1c0f320a06c80f953a4f86 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Tue, 19 Mar 2019 16:40:19 +0000 Subject: [PATCH 1/6] Add option to disable searching in the user dir We still populate it, as it can still be accessed via the admin API. --- synapse/config/user_directory.py | 7 +++++++ synapse/rest/client/v2_alpha/user_directory.py | 6 ++++++ 2 files changed, 13 insertions(+) diff --git a/synapse/config/user_directory.py b/synapse/config/user_directory.py index fab3a7d1c8..e3c063c148 100644 --- a/synapse/config/user_directory.py +++ b/synapse/config/user_directory.py @@ -22,9 +22,13 @@ class UserDirectoryConfig(Config): """ def read_config(self, config): + self.user_directory_search_enabled = True self.user_directory_search_all_users = False user_directory_config = config.get("user_directory", None) if user_directory_config: + self.user_directory_search_enabled = ( + user_directory_config.get("enabled", True) + ) self.user_directory_search_all_users = ( user_directory_config.get("search_all_users", False) ) @@ -33,6 +37,8 @@ class UserDirectoryConfig(Config): return """ # User Directory configuration # + # 'enabled' defines whether users can search the user directory, + # defaults to True. # 'search_all_users' defines whether to search all users visible to your HS # when searching the user directory, rather than limiting to users visible # in public rooms. Defaults to false. If you set it True, you'll have to run @@ -40,5 +46,6 @@ class UserDirectoryConfig(Config): # on your database to tell it to rebuild the user_directory search indexes. # #user_directory: + # enabled: true # search_all_users: false """ diff --git a/synapse/rest/client/v2_alpha/user_directory.py b/synapse/rest/client/v2_alpha/user_directory.py index cac0624ba7..36b02de37f 100644 --- a/synapse/rest/client/v2_alpha/user_directory.py +++ b/synapse/rest/client/v2_alpha/user_directory.py @@ -59,6 +59,12 @@ class UserDirectorySearchRestServlet(RestServlet): requester = yield self.auth.get_user_by_req(request, allow_guest=False) user_id = requester.user.to_string() + if not self.hs.config.user_directory_search_enabled: + defer.returnValue((200, { + "limited": False, + "results": [], + })) + body = parse_json_object_from_request(request) limit = body.get("limit", 10) From 0891202629c84c3e19bff3d2e23e3de8acf1ab4f Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Tue, 19 Mar 2019 16:41:57 +0000 Subject: [PATCH 2/6] Newsfile --- changelog.d/4895.feature | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/4895.feature diff --git a/changelog.d/4895.feature b/changelog.d/4895.feature new file mode 100644 index 0000000000..5dd7c68194 --- /dev/null +++ b/changelog.d/4895.feature @@ -0,0 +1 @@ +Add option to disable searching the user directory. From 855bf4658d394cea5f42590092cfcca011abf5c1 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Tue, 19 Mar 2019 16:47:04 +0000 Subject: [PATCH 3/6] Update sample config --- docs/sample_config.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index f9886a900d..f242b1ffbc 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -954,6 +954,8 @@ password_config: # User Directory configuration # +# 'enabled' defines whether users can search the user directory, +# defaults to True. # 'search_all_users' defines whether to search all users visible to your HS # when searching the user directory, rather than limiting to users visible # in public rooms. Defaults to false. If you set it True, you'll have to run @@ -961,6 +963,7 @@ password_config: # on your database to tell it to rebuild the user_directory search indexes. # #user_directory: +# enabled: true # search_all_users: false From ab20f85c59c4b7ef1a5248c2a9af37899dbfa280 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Wed, 20 Mar 2019 14:33:11 +0000 Subject: [PATCH 4/6] Update synapse/config/user_directory.py Co-Authored-By: erikjohnston --- synapse/config/user_directory.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/synapse/config/user_directory.py b/synapse/config/user_directory.py index e3c063c148..9dd83b794d 100644 --- a/synapse/config/user_directory.py +++ b/synapse/config/user_directory.py @@ -38,7 +38,7 @@ class UserDirectoryConfig(Config): # User Directory configuration # # 'enabled' defines whether users can search the user directory, - # defaults to True. + # Defaults to true. # 'search_all_users' defines whether to search all users visible to your HS # when searching the user directory, rather than limiting to users visible # in public rooms. Defaults to false. If you set it True, you'll have to run From cd8c5b91addf716ad76c315462a6d09e87241b25 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 20 Mar 2019 14:35:41 +0000 Subject: [PATCH 5/6] Fix up sample config --- docs/sample_config.yaml | 6 ++++-- synapse/config/user_directory.py | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/docs/sample_config.yaml b/docs/sample_config.yaml index f242b1ffbc..93aa6a6754 100644 --- a/docs/sample_config.yaml +++ b/docs/sample_config.yaml @@ -954,8 +954,10 @@ password_config: # User Directory configuration # -# 'enabled' defines whether users can search the user directory, -# defaults to True. +# 'enabled' defines whether users can search the user directory. If +# false then empty responses are returned to all queries. Defaults to +# true. +# # 'search_all_users' defines whether to search all users visible to your HS # when searching the user directory, rather than limiting to users visible # in public rooms. Defaults to false. If you set it True, you'll have to run diff --git a/synapse/config/user_directory.py b/synapse/config/user_directory.py index 9dd83b794d..142754a7dc 100644 --- a/synapse/config/user_directory.py +++ b/synapse/config/user_directory.py @@ -37,8 +37,10 @@ class UserDirectoryConfig(Config): return """ # User Directory configuration # - # 'enabled' defines whether users can search the user directory, - # Defaults to true. + # 'enabled' defines whether users can search the user directory. If + # false then empty responses are returned to all queries. Defaults to + # true. + # # 'search_all_users' defines whether to search all users visible to your HS # when searching the user directory, rather than limiting to users visible # in public rooms. Defaults to false. If you set it True, you'll have to run From 3660d24ebeafdcdfd2544d4447b066de28691303 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 20 Mar 2019 15:16:36 +0000 Subject: [PATCH 6/6] Add test --- tests/handlers/test_user_directory.py | 52 +++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/tests/handlers/test_user_directory.py b/tests/handlers/test_user_directory.py index aefe11ac28..f1d0aa42b6 100644 --- a/tests/handlers/test_user_directory.py +++ b/tests/handlers/test_user_directory.py @@ -16,6 +16,7 @@ from mock import Mock from synapse.api.constants import UserTypes from synapse.rest.client.v1 import admin, login, room +from synapse.rest.client.v2_alpha import user_directory from synapse.storage.roommember import ProfileInfo from tests import unittest @@ -317,3 +318,54 @@ class UserDirectoryTestCase(unittest.HomeserverTestCase): u4 = self.register_user("user4", "pass") s = self.get_success(self.handler.search_users(u1, u4, 10)) self.assertEqual(len(s["results"]), 1) + + +class TestUserDirSearchDisabled(unittest.HomeserverTestCase): + user_id = "@test:test" + + servlets = [ + user_directory.register_servlets, + room.register_servlets, + login.register_servlets, + admin.register_servlets, + ] + + def make_homeserver(self, reactor, clock): + config = self.default_config() + config.update_user_directory = True + hs = self.setup_test_homeserver(config=config) + + self.config = hs.config + + return hs + + def test_disabling_room_list(self): + self.config.user_directory_search_enabled = True + + # First we create a room with another user so that user dir is non-empty + # for our user + self.helper.create_room_as(self.user_id) + u2 = self.register_user("user2", "pass") + room = self.helper.create_room_as(self.user_id) + self.helper.join(room, user=u2) + + # Assert user directory is not empty + request, channel = self.make_request( + "POST", + b"user_directory/search", + b'{"search_term":"user2"}', + ) + self.render(request) + self.assertEquals(200, channel.code, channel.result) + self.assertTrue(len(channel.json_body["results"]) > 0) + + # Disable user directory and check search returns nothing + self.config.user_directory_search_enabled = False + request, channel = self.make_request( + "POST", + b"user_directory/search", + b'{"search_term":"user2"}', + ) + self.render(request) + self.assertEquals(200, channel.code, channel.result) + self.assertTrue(len(channel.json_body["results"]) == 0)