0
0
Fork 1
mirror of https://mau.dev/maunium/synapse.git synced 2024-12-14 20:33:53 +01:00

Return a 404 when deleting unknown room alias

As per https://github.com/matrix-org/matrix-doc/issues/1675

Fixes https://github.com/matrix-org/synapse/issues/2782
This commit is contained in:
Richard van der Hoff 2018-09-17 13:19:00 +01:00
parent c6363f7269
commit 85a43f4167
2 changed files with 16 additions and 4 deletions

View file

@ -20,7 +20,14 @@ import string
from twisted.internet import defer from twisted.internet import defer
from synapse.api.constants import EventTypes from synapse.api.constants import EventTypes
from synapse.api.errors import AuthError, CodeMessageException, Codes, SynapseError from synapse.api.errors import (
AuthError,
CodeMessageException,
Codes,
NotFoundError,
StoreError,
SynapseError,
)
from synapse.types import RoomAlias, UserID, get_domain_from_id from synapse.types import RoomAlias, UserID, get_domain_from_id
from ._base import BaseHandler from ._base import BaseHandler
@ -109,7 +116,13 @@ class DirectoryHandler(BaseHandler):
def delete_association(self, requester, user_id, room_alias): def delete_association(self, requester, user_id, room_alias):
# association deletion for human users # association deletion for human users
try:
can_delete = yield self._user_can_delete_alias(room_alias, user_id) can_delete = yield self._user_can_delete_alias(room_alias, user_id)
except StoreError as e:
if e.code == 404:
raise NotFoundError("Unknown room alias")
raise
if not can_delete: if not can_delete:
raise AuthError( raise AuthError(
403, "You don't have permission to delete the alias.", 403, "You don't have permission to delete the alias.",
@ -320,7 +333,7 @@ class DirectoryHandler(BaseHandler):
def _user_can_delete_alias(self, alias, user_id): def _user_can_delete_alias(self, alias, user_id):
creator = yield self.store.get_room_alias_creator(alias.to_string()) creator = yield self.store.get_room_alias_creator(alias.to_string())
if creator and creator == user_id: if creator == user_id:
defer.returnValue(True) defer.returnValue(True)
is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id)) is_admin = yield self.auth.is_server_admin(UserID.from_string(user_id))

View file

@ -75,7 +75,6 @@ class DirectoryWorkerStore(SQLBaseStore):
}, },
retcol="creator", retcol="creator",
desc="get_room_alias_creator", desc="get_room_alias_creator",
allow_none=True
) )
@cached(max_entries=5000) @cached(max_entries=5000)