mirror of
https://github.com/matrix-org/dendrite
synced 2024-12-13 17:13:30 +01:00
Fix failing ban tests (#1884)
* Add room membership and powerlevel checks for func SendBan * Added non-error return to func GetStateEvent when no state events with the specified state key are found * Add passing tests to whitelist * Fixed formatting * Update roomserver/storage/shared/storage.go Co-authored-by: Neil Alexander <neilalexander@users.noreply.github.com> Co-authored-by: kegsay <kegan@matrix.org> Co-authored-by: kegsay <kegsay@gmail.com>
This commit is contained in:
parent
5094bc89bf
commit
8d8fe485b4
3 changed files with 37 additions and 0 deletions
|
@ -47,6 +47,37 @@ func SendBan(
|
|||
if reqErr != nil {
|
||||
return *reqErr
|
||||
}
|
||||
|
||||
errRes := checkMemberInRoom(req.Context(), rsAPI, device.UserID, roomID)
|
||||
if errRes != nil {
|
||||
return *errRes
|
||||
}
|
||||
|
||||
plEvent := roomserverAPI.GetStateEvent(req.Context(), rsAPI, roomID, gomatrixserverlib.StateKeyTuple{
|
||||
EventType: gomatrixserverlib.MRoomPowerLevels,
|
||||
StateKey: "",
|
||||
})
|
||||
if plEvent == nil {
|
||||
return util.JSONResponse{
|
||||
Code: 403,
|
||||
JSON: jsonerror.Forbidden("You don't have permission to ban this user, no power_levels event in this room."),
|
||||
}
|
||||
}
|
||||
pl, err := plEvent.PowerLevels()
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: 403,
|
||||
JSON: jsonerror.Forbidden("You don't have permission to ban this user, the power_levels event for this room is malformed so auth checks cannot be performed."),
|
||||
}
|
||||
}
|
||||
allowedToBan := pl.UserLevel(device.UserID) >= pl.Ban
|
||||
if !allowedToBan {
|
||||
return util.JSONResponse{
|
||||
Code: 403,
|
||||
JSON: jsonerror.Forbidden("You don't have permission to ban this user, power level too low."),
|
||||
}
|
||||
}
|
||||
|
||||
return sendMembership(req.Context(), accountDB, device, roomID, "ban", body.Reason, cfg, body.UserID, evTime, roomVer, rsAPI, asAPI)
|
||||
}
|
||||
|
||||
|
|
|
@ -866,6 +866,10 @@ func (d *Database) GetStateEvent(ctx context.Context, roomID, evType, stateKey s
|
|||
return nil, err
|
||||
}
|
||||
stateKeyNID, err := d.EventStateKeysTable.SelectEventStateKeyNID(ctx, nil, stateKey)
|
||||
if err == sql.ErrNoRows {
|
||||
// No rooms have a state event with this state key, otherwise we'd have an state key NID
|
||||
return nil, nil
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -520,6 +520,8 @@ Inviting an AS-hosted user asks the AS server
|
|||
Can generate a openid access_token that can be exchanged for information about a user
|
||||
Invalid openid access tokens are rejected
|
||||
Requests to userinfo without access tokens are rejected
|
||||
'ban' event respects room powerlevel
|
||||
Non-present room members cannot ban others
|
||||
POST /_synapse/admin/v1/register with shared secret
|
||||
POST /_synapse/admin/v1/register admin with shared secret
|
||||
POST /_synapse/admin/v1/register with shared secret downcases capitals
|
||||
|
|
Loading…
Reference in a new issue