forked from MirrorHub/synapse
Move third_party_rules check to event creation time
Rather than waiting until we handle the event, call the ThirdPartyRules check when we fist create the event.
This commit is contained in:
parent
d59378d86b
commit
123711ed19
2 changed files with 13 additions and 52 deletions
|
@ -1507,18 +1507,9 @@ class FederationHandler(BaseHandler):
|
||||||
event, context = await self.event_creation_handler.create_new_client_event(
|
event, context = await self.event_creation_handler.create_new_client_event(
|
||||||
builder=builder
|
builder=builder
|
||||||
)
|
)
|
||||||
except AuthError as e:
|
except SynapseError as e:
|
||||||
logger.warning("Failed to create join to %s because %s", room_id, e)
|
logger.warning("Failed to create join to %s because %s", room_id, e)
|
||||||
raise e
|
raise
|
||||||
|
|
||||||
event_allowed = await self.third_party_event_rules.check_event_allowed(
|
|
||||||
event, context
|
|
||||||
)
|
|
||||||
if not event_allowed:
|
|
||||||
logger.info("Creation of join %s forbidden by third-party rules", event)
|
|
||||||
raise SynapseError(
|
|
||||||
403, "This event is not allowed in this context", Codes.FORBIDDEN
|
|
||||||
)
|
|
||||||
|
|
||||||
# The remote hasn't signed it yet, obviously. We'll do the full checks
|
# The remote hasn't signed it yet, obviously. We'll do the full checks
|
||||||
# when we get the event back in `on_send_join_request`
|
# when we get the event back in `on_send_join_request`
|
||||||
|
@ -1739,15 +1730,6 @@ class FederationHandler(BaseHandler):
|
||||||
builder=builder
|
builder=builder
|
||||||
)
|
)
|
||||||
|
|
||||||
event_allowed = await self.third_party_event_rules.check_event_allowed(
|
|
||||||
event, context
|
|
||||||
)
|
|
||||||
if not event_allowed:
|
|
||||||
logger.warning("Creation of leave %s forbidden by third-party rules", event)
|
|
||||||
raise SynapseError(
|
|
||||||
403, "This event is not allowed in this context", Codes.FORBIDDEN
|
|
||||||
)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
# The remote hasn't signed it yet, obviously. We'll do the full checks
|
# The remote hasn't signed it yet, obviously. We'll do the full checks
|
||||||
# when we get the event back in `on_send_leave_request`
|
# when we get the event back in `on_send_leave_request`
|
||||||
|
@ -2676,18 +2658,6 @@ class FederationHandler(BaseHandler):
|
||||||
builder=builder
|
builder=builder
|
||||||
)
|
)
|
||||||
|
|
||||||
event_allowed = await self.third_party_event_rules.check_event_allowed(
|
|
||||||
event, context
|
|
||||||
)
|
|
||||||
if not event_allowed:
|
|
||||||
logger.info(
|
|
||||||
"Creation of threepid invite %s forbidden by third-party rules",
|
|
||||||
event,
|
|
||||||
)
|
|
||||||
raise SynapseError(
|
|
||||||
403, "This event is not allowed in this context", Codes.FORBIDDEN
|
|
||||||
)
|
|
||||||
|
|
||||||
event, context = await self.add_display_name_to_third_party_invite(
|
event, context = await self.add_display_name_to_third_party_invite(
|
||||||
room_version, event_dict, event, context
|
room_version, event_dict, event, context
|
||||||
)
|
)
|
||||||
|
@ -2738,18 +2708,6 @@ class FederationHandler(BaseHandler):
|
||||||
event, context = await self.event_creation_handler.create_new_client_event(
|
event, context = await self.event_creation_handler.create_new_client_event(
|
||||||
builder=builder
|
builder=builder
|
||||||
)
|
)
|
||||||
|
|
||||||
event_allowed = await self.third_party_event_rules.check_event_allowed(
|
|
||||||
event, context
|
|
||||||
)
|
|
||||||
if not event_allowed:
|
|
||||||
logger.warning(
|
|
||||||
"Exchange of threepid invite %s forbidden by third-party rules", event
|
|
||||||
)
|
|
||||||
raise SynapseError(
|
|
||||||
403, "This event is not allowed in this context", Codes.FORBIDDEN
|
|
||||||
)
|
|
||||||
|
|
||||||
event, context = await self.add_display_name_to_third_party_invite(
|
event, context = await self.add_display_name_to_third_party_invite(
|
||||||
room_version, event_dict, event, context
|
room_version, event_dict, event, context
|
||||||
)
|
)
|
||||||
|
|
|
@ -795,6 +795,17 @@ class EventCreationHandler:
|
||||||
if requester:
|
if requester:
|
||||||
context.app_service = requester.app_service
|
context.app_service = requester.app_service
|
||||||
|
|
||||||
|
event_allowed = await self.third_party_event_rules.check_event_allowed(
|
||||||
|
event, context
|
||||||
|
)
|
||||||
|
if not event_allowed:
|
||||||
|
logger.info(
|
||||||
|
"Event %s forbidden by third-party rules", event,
|
||||||
|
)
|
||||||
|
raise SynapseError(
|
||||||
|
403, "This event is not allowed in this context", Codes.FORBIDDEN
|
||||||
|
)
|
||||||
|
|
||||||
self.validator.validate_new(event, self.config)
|
self.validator.validate_new(event, self.config)
|
||||||
|
|
||||||
# If this event is an annotation then we check that that the sender
|
# If this event is an annotation then we check that that the sender
|
||||||
|
@ -881,14 +892,6 @@ class EventCreationHandler:
|
||||||
else:
|
else:
|
||||||
room_version = await self.store.get_room_version_id(event.room_id)
|
room_version = await self.store.get_room_version_id(event.room_id)
|
||||||
|
|
||||||
event_allowed = await self.third_party_event_rules.check_event_allowed(
|
|
||||||
event, context
|
|
||||||
)
|
|
||||||
if not event_allowed:
|
|
||||||
raise SynapseError(
|
|
||||||
403, "This event is not allowed in this context", Codes.FORBIDDEN
|
|
||||||
)
|
|
||||||
|
|
||||||
if event.internal_metadata.is_out_of_band_membership():
|
if event.internal_metadata.is_out_of_band_membership():
|
||||||
# the only sort of out-of-band-membership events we expect to see here
|
# the only sort of out-of-band-membership events we expect to see here
|
||||||
# are invite rejections we have generated ourselves.
|
# are invite rejections we have generated ourselves.
|
||||||
|
|
Loading…
Reference in a new issue