Homeserver Admin: Restrict resident users automatically based on watched policy rooms
We introduce a new concept "restriction" which basically means "can a user send events from this account". Which is important when purging the messages sent from a user while deactivating their account.
We introduce a new protection, the `HomeserverUserPolicyApplication` protection which suspends users automatically when resident users match a policy from watched policy rooms. If the policy contains a reason for `config.automaticallyRedactForReasons`, then we prompt to do a purging deactivate (redact -> deactivate).
Users are also unsuspended as policies are removed.
We also introduce a `--purge-messages` and `--no-confirm` option to the `deactivate` command. This means that the command can now use the user redaction endpoint to redact messages and will shadowban the user while it does this if their account isn't already restricted. The addition of `--no-confirm` means that we now show a preview every time you run the deactivate command where you can review the user details before confirming the deactivation.
Follow up 1: https://github.com/the-draupnir-project/Draupnir/issues/813
Follow up 2: https://github.com/the-draupnir-project/Draupnir/issues/814
And also do purging deactivation in the background
We introduce "restriction" as a way to refer to an account that has
been suspended or locked or shadowbanned etc.
We also add a UserRestrictionCapability for protections to use the
functionality for suspending users.
We keep an audit log that updates when missing account restrictions
are discovered. (IE those that are prexisting)
The protection that makes these features available is the
HomeserverUserPolicyProtection.
Cat ran into this funny leftover when validating if abuse reporting still works after Cats reworks in mdad. Turns out they do and as it was my first time using these flows Cat discovered this.
Add commands to suspend/unsuspend users via the synapse admin API
- I have no idea how this interacts with MAS
- There is no locking available in the synapse admin API.
- The _Redaction Synchronisation Protection_ has been improved in a few ways:
- Invitations in protected rooms will be rejected as part of the redaction
process when they are sent from users being redacted (e.g. as a brigading
tactic).
- User redaction will now be triggered on bans and the reason will be scanned
for `automaticallyRedactForReasons` from Draupnir's config.
* Update RedactionSynchronisation for new protection apis.
* Rerwrite redaction synchronisation protection
* Reject invitations on ban.
* Add renderer and simulated redaction synchornisation capability.
* Reduce dependencies of redaction synchronisation protection.
* Allow RedactionSynchronisation to be unit tested.
* Update to MPS 3.1.0.
---------
Signed-off-by: Rory& <root@rory.gay>
Co-authored-by: Rory& <root@rory.gay>
* Take room pill out of takedown notice.
* Fix missing configSchema in RoomTakedownProtection.
It was always there... just not plumbed in.
* Fix RoomTakedownConfig schema was wrong.
Properties that default to undefined need to be optional because of
the way defaulting works.
* Fix missing name on RoomTakedownProtectionSettings.
* Fix joined_members missing from RoomBasicDetails.
Important because it's used for the threshold.
* Improve rendering of room discovery.
* Add SimulatedRoomTakedownCapability.
https://github.com/the-draupnir-project/planning/issues/41#issuecomment-2755447714
* Change renderer to include protection name.
For some reason addOneLiner does this but addMessage does not?
Something to look into there mare...
Support for room policies with hashed entity and `org.matrix.msc4204.takedown` recommendation in Synapse
Story: https://github.com/the-draupnir-project/planning/issues/41
documentation: https://the-draupnir-project.github.io/draupnir-documentation/protections/room-takedown-protection
This PR introduces room takedown functionality into Draupnir.
A new `draupnir takedown` command is added similar to the ban command, but marks entities to be taken down. Because the content is illegal or intolerable. To begin with we only allow takedown of rooms. These takedown policies are sharable with policy lists just like normal bans.
Draupnir responds to takedown policies on Synapse by calling the [room shutdown](https://element-hq.github.io/synapse/latest/admin_api/rooms.html#version-2-new-version) API with the options `block` and `purge`.
The policies that are created by the takedown command are hashed, and this is in order to prevent the room id's being shared directly, and so that we do not create a directory of intolerable content. To be able to use the policies, draupnir therefore needs to be aware of all the rooms that the homeserver is participating in, in order to calculate their hashes and find matching policies, and then takedown the marked rooms.
As part of this process, Draupnir has to "discover" the rooms your server is participating in. This is done via the [synapse-http-antispam](https://the-draupnir-project.github.io/draupnir-documentation/bot/synapse-http-antispam) recently added to draupnir. When draupnir discovers rooms, it will prompt the management room with a notification with some details of the title, room description, and creator. This functionality will be toggleable but will be strongly recommended for servers that have public registration
Two problems:
1. the batcher was being initialised before the slot for the listener
was.
2. That item batch interface with void is sketch and using flat would
make an array of [roomID, undefined, roomID, undefined...], not good.
gnuxie