mirror of
https://mau.dev/maunium/synapse.git
synced 2024-11-16 06:51:46 +01:00
Add some limitations to alias creation
This commit is contained in:
parent
c1799b0f85
commit
84196cb231
5 changed files with 40 additions and 2 deletions
1
changelog.d/5124.bugfix
Normal file
1
changelog.d/5124.bugfix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Add some missing limitations to room alias creation.
|
|
@ -239,6 +239,11 @@ listeners:
|
||||||
# Used by phonehome stats to group together related servers.
|
# Used by phonehome stats to group together related servers.
|
||||||
#server_context: context
|
#server_context: context
|
||||||
|
|
||||||
|
# Whether to require a user to be in the room to add an alias to it.
|
||||||
|
# Defaults to 'true'.
|
||||||
|
#
|
||||||
|
#require_membership_for_aliases: false
|
||||||
|
|
||||||
|
|
||||||
## TLS ##
|
## TLS ##
|
||||||
|
|
||||||
|
|
|
@ -134,6 +134,12 @@ class ServerConfig(Config):
|
||||||
# sending out any replication updates.
|
# sending out any replication updates.
|
||||||
self.replication_torture_level = config.get("replication_torture_level")
|
self.replication_torture_level = config.get("replication_torture_level")
|
||||||
|
|
||||||
|
# Whether to require a user to be in the room to add an alias to it.
|
||||||
|
# Defaults to True.
|
||||||
|
self.require_membership_for_aliases = config.get(
|
||||||
|
"require_membership_for_aliases", True,
|
||||||
|
)
|
||||||
|
|
||||||
self.listeners = []
|
self.listeners = []
|
||||||
for listener in config.get("listeners", []):
|
for listener in config.get("listeners", []):
|
||||||
if not isinstance(listener.get("port", None), int):
|
if not isinstance(listener.get("port", None), int):
|
||||||
|
@ -490,6 +496,11 @@ class ServerConfig(Config):
|
||||||
|
|
||||||
# Used by phonehome stats to group together related servers.
|
# Used by phonehome stats to group together related servers.
|
||||||
#server_context: context
|
#server_context: context
|
||||||
|
|
||||||
|
# Whether to require a user to be in the room to add an alias to it.
|
||||||
|
# Defaults to 'true'.
|
||||||
|
#
|
||||||
|
#require_membership_for_aliases: false
|
||||||
""" % locals()
|
""" % locals()
|
||||||
|
|
||||||
def read_arguments(self, args):
|
def read_arguments(self, args):
|
||||||
|
|
|
@ -36,6 +36,7 @@ logger = logging.getLogger(__name__)
|
||||||
|
|
||||||
|
|
||||||
class DirectoryHandler(BaseHandler):
|
class DirectoryHandler(BaseHandler):
|
||||||
|
MAX_ALIAS_LENGTH = 255
|
||||||
|
|
||||||
def __init__(self, hs):
|
def __init__(self, hs):
|
||||||
super(DirectoryHandler, self).__init__(hs)
|
super(DirectoryHandler, self).__init__(hs)
|
||||||
|
@ -43,8 +44,10 @@ class DirectoryHandler(BaseHandler):
|
||||||
self.state = hs.get_state_handler()
|
self.state = hs.get_state_handler()
|
||||||
self.appservice_handler = hs.get_application_service_handler()
|
self.appservice_handler = hs.get_application_service_handler()
|
||||||
self.event_creation_handler = hs.get_event_creation_handler()
|
self.event_creation_handler = hs.get_event_creation_handler()
|
||||||
|
self.store = hs.get_datastore()
|
||||||
self.config = hs.config
|
self.config = hs.config
|
||||||
self.enable_room_list_search = hs.config.enable_room_list_search
|
self.enable_room_list_search = hs.config.enable_room_list_search
|
||||||
|
self.require_membership = hs.config.require_membership_for_aliases
|
||||||
|
|
||||||
self.federation = hs.get_federation_client()
|
self.federation = hs.get_federation_client()
|
||||||
hs.get_federation_registry().register_query_handler(
|
hs.get_federation_registry().register_query_handler(
|
||||||
|
@ -83,7 +86,7 @@ class DirectoryHandler(BaseHandler):
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def create_association(self, requester, room_alias, room_id, servers=None,
|
def create_association(self, requester, room_alias, room_id, servers=None,
|
||||||
send_event=True):
|
send_event=True, check_membership=True):
|
||||||
"""Attempt to create a new alias
|
"""Attempt to create a new alias
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
|
@ -93,6 +96,8 @@ class DirectoryHandler(BaseHandler):
|
||||||
servers (list[str]|None): List of servers that others servers
|
servers (list[str]|None): List of servers that others servers
|
||||||
should try and join via
|
should try and join via
|
||||||
send_event (bool): Whether to send an updated m.room.aliases event
|
send_event (bool): Whether to send an updated m.room.aliases event
|
||||||
|
check_membership (bool): Whether to check if the user is in the room
|
||||||
|
before the alias can be set (if the server's config requires it).
|
||||||
|
|
||||||
Returns:
|
Returns:
|
||||||
Deferred
|
Deferred
|
||||||
|
@ -100,6 +105,13 @@ class DirectoryHandler(BaseHandler):
|
||||||
|
|
||||||
user_id = requester.user.to_string()
|
user_id = requester.user.to_string()
|
||||||
|
|
||||||
|
if len(room_alias.to_string()) > self.MAX_ALIAS_LENGTH:
|
||||||
|
raise SynapseError(
|
||||||
|
400,
|
||||||
|
"Can't create aliases longer than %s characters" % self.MAX_ALIAS_LENGTH,
|
||||||
|
Codes.INVALID_PARAM,
|
||||||
|
)
|
||||||
|
|
||||||
service = requester.app_service
|
service = requester.app_service
|
||||||
if service:
|
if service:
|
||||||
if not service.is_interested_in_alias(room_alias.to_string()):
|
if not service.is_interested_in_alias(room_alias.to_string()):
|
||||||
|
@ -108,6 +120,14 @@ class DirectoryHandler(BaseHandler):
|
||||||
" this kind of alias.", errcode=Codes.EXCLUSIVE
|
" this kind of alias.", errcode=Codes.EXCLUSIVE
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
|
if self.require_membership and check_membership:
|
||||||
|
rooms_for_user = yield self.store.get_rooms_for_user(user_id)
|
||||||
|
if room_id not in rooms_for_user:
|
||||||
|
raise AuthError(
|
||||||
|
403,
|
||||||
|
"You must be in the room to create an alias for it",
|
||||||
|
)
|
||||||
|
|
||||||
if not self.spam_checker.user_may_create_room_alias(user_id, room_alias):
|
if not self.spam_checker.user_may_create_room_alias(user_id, room_alias):
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
403, "This user is not permitted to create this alias",
|
403, "This user is not permitted to create this alias",
|
||||||
|
|
|
@ -402,7 +402,7 @@ class RoomCreationHandler(BaseHandler):
|
||||||
yield directory_handler.create_association(
|
yield directory_handler.create_association(
|
||||||
requester, RoomAlias.from_string(alias),
|
requester, RoomAlias.from_string(alias),
|
||||||
new_room_id, servers=(self.hs.hostname, ),
|
new_room_id, servers=(self.hs.hostname, ),
|
||||||
send_event=False,
|
send_event=False, check_membership=False,
|
||||||
)
|
)
|
||||||
logger.info("Moved alias %s to new room", alias)
|
logger.info("Moved alias %s to new room", alias)
|
||||||
except SynapseError as e:
|
except SynapseError as e:
|
||||||
|
@ -538,6 +538,7 @@ class RoomCreationHandler(BaseHandler):
|
||||||
room_alias=room_alias,
|
room_alias=room_alias,
|
||||||
servers=[self.hs.hostname],
|
servers=[self.hs.hostname],
|
||||||
send_event=False,
|
send_event=False,
|
||||||
|
check_membership=False,
|
||||||
)
|
)
|
||||||
|
|
||||||
preset_config = config.get(
|
preset_config = config.get(
|
||||||
|
|
Loading…
Reference in a new issue