mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-14 06:23:47 +01:00
Make sure we reject attempts to invite the notices user
This commit is contained in:
parent
d10707c810
commit
26305788fe
3 changed files with 20 additions and 0 deletions
|
@ -81,6 +81,7 @@ class FederationHandler(BaseHandler):
|
|||
self.pusher_pool = hs.get_pusherpool()
|
||||
self.spam_checker = hs.get_spam_checker()
|
||||
self.event_creation_handler = hs.get_event_creation_handler()
|
||||
self._server_notices_mxid = hs.config.server_notices_mxid
|
||||
|
||||
# When joining a room we need to queue any events for that room up
|
||||
self.room_queues = {}
|
||||
|
@ -1180,6 +1181,13 @@ class FederationHandler(BaseHandler):
|
|||
if not self.is_mine_id(event.state_key):
|
||||
raise SynapseError(400, "The invite event must be for this server")
|
||||
|
||||
# block any attempts to invite the server notices mxid
|
||||
if event.state_key == self._server_notices_mxid:
|
||||
raise SynapseError(
|
||||
http_client.FORBIDDEN,
|
||||
"Cannot invite this user",
|
||||
)
|
||||
|
||||
event.internal_metadata.outlier = True
|
||||
event.internal_metadata.invite_from_remote = True
|
||||
|
||||
|
|
|
@ -309,6 +309,13 @@ class RoomMemberHandler(object):
|
|||
)
|
||||
|
||||
if effective_membership_state == Membership.INVITE:
|
||||
# block any attempts to invite the server notices mxid
|
||||
if target.to_string() == self._server_notices_mxid:
|
||||
raise SynapseError(
|
||||
http_client.FORBIDDEN,
|
||||
"Cannot invite this user",
|
||||
)
|
||||
|
||||
block_invite = False
|
||||
|
||||
if (self._server_notices_mxid is not None and
|
||||
|
|
|
@ -78,6 +78,11 @@ class ServerNoticesManager(object):
|
|||
)
|
||||
system_mxid = self._config.server_notices_mxid
|
||||
for room in rooms:
|
||||
# it's worth noting that there is an asymmetry here in that we
|
||||
# expect the user to be invited or joined, but the system user must
|
||||
# be joined. This is kinda deliberate, in that if somebody somehow
|
||||
# manages to invite the system user to a room, that doesn't make it
|
||||
# the server notices room.
|
||||
user_ids = yield self._store.get_users_in_room(room.room_id)
|
||||
if system_mxid in user_ids:
|
||||
# we found a room which our user shares with the system notice
|
||||
|
|
Loading…
Reference in a new issue