add admin API to suspend users + add experimental config option

2024-06-30 13:43:29 +00:00 · 2024-05-31 11:26:40 -07:00 · 2024-05-31 11:26:40 -07:00 · 245e28f816
parent 060ba63922
commit 245e28f816
3 changed files with 34 additions and 0 deletions
--- a/synapse/config/experimental.py
+++ b/synapse/config/experimental.py
@ -436,3 +436,7 @@ class ExperimentalConfig(Config):
        self.msc4115_membership_on_events = experimental.get(
            "msc4115_membership_on_events", False
        )
+
+        self.msc3823_account_suspension = experimental.get(
+            "msc3823_account_suspension", False
+        )
--- a/synapse/rest/admin/init.py
+++ b/synapse/rest/admin/init.py
@ -101,6 +101,7 @@ from synapse.rest.admin.users import (
    ResetPasswordRestServlet,
    SearchUsersRestServlet,
    ShadowBanRestServlet,
+    SuspendAccountRestServlet,
    UserAdminServlet,
    UserByExternalId,
    UserByThreePid,
@ -327,6 +328,8 @@ def register_servlets(hs: "HomeServer", http_server: HttpServer) -> None:
    BackgroundUpdateRestServlet(hs).register(http_server)
    BackgroundUpdateStartJobRestServlet(hs).register(http_server)
    ExperimentalFeaturesRestServlet(hs).register(http_server)
+    if hs.config.experimental.msc3823_account_suspension:
+        SuspendAccountRestServlet(hs).register(http_server)


 def register_servlets_for_client_rest_resource(
--- a/synapse/rest/admin/users.py
+++ b/synapse/rest/admin/users.py
@ -732,6 +732,33 @@ class DeactivateAccountRestServlet(RestServlet):
        return HTTPStatus.OK, {"id_server_unbind_result": id_server_unbind_result}


+class SuspendAccountRestServlet(RestServlet):
+    PATTERNS = admin_patterns("/suspend/(?P<target_user_id>[^/]*)$")
+
+    def __init__(self, hs: "HomeServer"):
+        self.auth = hs.get_auth()
+        self.is_mine = hs.is_mine
+        self.store = hs.get_datastores().main
+
+    async def on_PUT(
+        self, request: SynapseRequest, target_user_id: str
+    ) -> Tuple[int, JsonDict]:
+        requester = await self.auth.get_user_by_req(request)
+        await assert_user_is_admin(self.auth, requester)
+
+        if not self.is_mine(UserID.from_string(target_user_id)):
+            raise SynapseError(HTTPStatus.BAD_REQUEST, "Can only suspend local users")
+
+        if not await self.store.get_user_by_id(target_user_id):
+            raise NotFoundError("User not found")
+
+        body = parse_json_object_from_request(request, allow_empty_body=True)
+        suspend = body.get("suspend", False)
+        await self.store.set_user_suspended_status(target_user_id, suspend)
+
+        return HTTPStatus.OK, {f"user_{target_user_id}_suspended": suspend}
+
+
 class AccountValidityRenewServlet(RestServlet):
    PATTERNS = admin_patterns("/account_validity/validity$")