0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-11-16 06:51:46 +01:00

Fix Internal Server Error for Non-Local Users in Room Actions (#17607)

This commit is contained in:
Gordan Trevis 2024-08-29 16:34:29 +02:00 committed by GitHub
parent b21134de3b
commit 594cd5f9fd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 26 additions and 5 deletions

1
changelog.d/17607.bugfix Normal file
View file

@ -0,0 +1 @@
Return `400 M_BAD_JSON` upon attempting to complete various room actions with a non-local user ID and unknown room ID, rather than an internal server error.

View file

@ -19,6 +19,7 @@
# #
# #
import logging import logging
from http import HTTPStatus
from typing import ( from typing import (
TYPE_CHECKING, TYPE_CHECKING,
AbstractSet, AbstractSet,
@ -39,6 +40,7 @@ from typing import (
import attr import attr
from synapse.api.constants import EventTypes, Membership from synapse.api.constants import EventTypes, Membership
from synapse.api.errors import Codes, SynapseError
from synapse.logging.opentracing import trace from synapse.logging.opentracing import trace
from synapse.metrics import LaterGauge from synapse.metrics import LaterGauge
from synapse.metrics.background_process_metrics import wrap_as_background_process from synapse.metrics.background_process_metrics import wrap_as_background_process
@ -631,10 +633,8 @@ class RoomMemberWorkerStore(EventsWorkerStore, CacheInvalidationWorkerStore):
""" """
# Paranoia check. # Paranoia check.
if not self.hs.is_mine_id(user_id): if not self.hs.is_mine_id(user_id):
raise Exception( message = f"Provided user_id {user_id} is a non-local user"
"Cannot call 'get_local_current_membership_for_user_in_room' on " raise SynapseError(HTTPStatus.BAD_REQUEST, message, errcode=Codes.BAD_JSON)
"non-local user %s" % (user_id,),
)
results = cast( results = cast(
Optional[Tuple[str, str]], Optional[Tuple[str, str]],

View file

@ -6,7 +6,7 @@ import synapse.rest.admin
import synapse.rest.client.login import synapse.rest.client.login
import synapse.rest.client.room import synapse.rest.client.room
from synapse.api.constants import EventTypes, Membership from synapse.api.constants import EventTypes, Membership
from synapse.api.errors import LimitExceededError, SynapseError from synapse.api.errors import Codes, LimitExceededError, SynapseError
from synapse.crypto.event_signing import add_hashes_and_signatures from synapse.crypto.event_signing import add_hashes_and_signatures
from synapse.events import FrozenEventV3 from synapse.events import FrozenEventV3
from synapse.federation.federation_client import SendJoinResult from synapse.federation.federation_client import SendJoinResult
@ -383,6 +383,26 @@ class RoomMemberMasterHandlerTestCase(HomeserverTestCase):
"""Tests that a user cannot not forgets a room that has not left.""" """Tests that a user cannot not forgets a room that has not left."""
self.get_failure(self.handler.forget(self.alice_ID, self.room_id), SynapseError) self.get_failure(self.handler.forget(self.alice_ID, self.room_id), SynapseError)
def test_nonlocal_room_user_action(self) -> None:
"""
Test that non-local user ids cannot perform room actions through
this homeserver.
"""
alien_user_id = UserID.from_string("@cheeky_monkey:matrix.org")
bad_room_id = f"{self.room_id}+BAD_ID"
exc = self.get_failure(
self.handler.update_membership(
create_requester(self.alice),
alien_user_id,
bad_room_id,
"unban",
),
SynapseError,
).value
self.assertEqual(exc.errcode, Codes.BAD_JSON)
def test_rejoin_forgotten_by_user(self) -> None: def test_rejoin_forgotten_by_user(self) -> None:
"""Test that a user that has forgotten a room can do a re-join. """Test that a user that has forgotten a room can do a re-join.
The room was not forgotten from the local server. The room was not forgotten from the local server.