forked from MirrorHub/synapse
MSC2260: Block direct sends of m.room.aliases events (#6794)
as per MSC2260
This commit is contained in:
parent
57ad702af0
commit
184303b865
4 changed files with 28 additions and 33 deletions
1
changelog.d/6794.feature
Normal file
1
changelog.d/6794.feature
Normal file
|
@ -0,0 +1 @@
|
|||
Implement updated authorization rules for aliases events, from [MSC2260](https://github.com/matrix-org/matrix-doc/pull/2260).
|
|
@ -184,6 +184,12 @@ class RoomStateEventRestServlet(TransactionRestServlet):
|
|||
|
||||
content = parse_json_object_from_request(request)
|
||||
|
||||
if event_type == EventTypes.Aliases:
|
||||
# MSC2260
|
||||
raise SynapseError(
|
||||
400, "Cannot send m.room.aliases events via /rooms/{room_id}/state"
|
||||
)
|
||||
|
||||
event_dict = {
|
||||
"type": event_type,
|
||||
"content": content,
|
||||
|
@ -231,6 +237,12 @@ class RoomSendEventRestServlet(TransactionRestServlet):
|
|||
requester = await self.auth.get_user_by_req(request, allow_guest=True)
|
||||
content = parse_json_object_from_request(request)
|
||||
|
||||
if event_type == EventTypes.Aliases:
|
||||
# MSC2260
|
||||
raise SynapseError(
|
||||
400, "Cannot send m.room.aliases events via /rooms/{room_id}/send"
|
||||
)
|
||||
|
||||
event_dict = {
|
||||
"type": event_type,
|
||||
"content": content,
|
||||
|
|
|
@ -868,13 +868,6 @@ class RoomTestCase(unittest.HomeserverTestCase):
|
|||
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
|
||||
|
||||
# Set this new alias as the canonical alias for this room
|
||||
self.helper.send_state(
|
||||
room_id,
|
||||
"m.room.aliases",
|
||||
{"aliases": [test_alias]},
|
||||
tok=self.admin_user_tok,
|
||||
state_key="test",
|
||||
)
|
||||
self.helper.send_state(
|
||||
room_id,
|
||||
"m.room.canonical_alias",
|
||||
|
|
|
@ -51,26 +51,30 @@ class DirectoryTestCase(unittest.HomeserverTestCase):
|
|||
self.user = self.register_user("user", "test")
|
||||
self.user_tok = self.login("user", "test")
|
||||
|
||||
def test_state_event_not_in_room(self):
|
||||
self.ensure_user_left_room()
|
||||
self.set_alias_via_state_event(403)
|
||||
def test_cannot_set_alias_via_state_event(self):
|
||||
self.ensure_user_joined_room()
|
||||
url = "/_matrix/client/r0/rooms/%s/state/m.room.aliases/%s" % (
|
||||
self.room_id,
|
||||
self.hs.hostname,
|
||||
)
|
||||
|
||||
data = {"aliases": [self.random_alias(5)]}
|
||||
request_data = json.dumps(data)
|
||||
|
||||
request, channel = self.make_request(
|
||||
"PUT", url, request_data, access_token=self.user_tok
|
||||
)
|
||||
self.render(request)
|
||||
self.assertEqual(channel.code, 400, channel.result)
|
||||
|
||||
def test_directory_endpoint_not_in_room(self):
|
||||
self.ensure_user_left_room()
|
||||
self.set_alias_via_directory(403)
|
||||
|
||||
def test_state_event_in_room_too_long(self):
|
||||
self.ensure_user_joined_room()
|
||||
self.set_alias_via_state_event(400, alias_length=256)
|
||||
|
||||
def test_directory_in_room_too_long(self):
|
||||
self.ensure_user_joined_room()
|
||||
self.set_alias_via_directory(400, alias_length=256)
|
||||
|
||||
def test_state_event_in_room(self):
|
||||
self.ensure_user_joined_room()
|
||||
self.set_alias_via_state_event(200)
|
||||
|
||||
def test_directory_in_room(self):
|
||||
self.ensure_user_joined_room()
|
||||
self.set_alias_via_directory(200)
|
||||
|
@ -102,21 +106,6 @@ class DirectoryTestCase(unittest.HomeserverTestCase):
|
|||
self.render(request)
|
||||
self.assertEqual(channel.code, 200, channel.result)
|
||||
|
||||
def set_alias_via_state_event(self, expected_code, alias_length=5):
|
||||
url = "/_matrix/client/r0/rooms/%s/state/m.room.aliases/%s" % (
|
||||
self.room_id,
|
||||
self.hs.hostname,
|
||||
)
|
||||
|
||||
data = {"aliases": [self.random_alias(alias_length)]}
|
||||
request_data = json.dumps(data)
|
||||
|
||||
request, channel = self.make_request(
|
||||
"PUT", url, request_data, access_token=self.user_tok
|
||||
)
|
||||
self.render(request)
|
||||
self.assertEqual(channel.code, expected_code, channel.result)
|
||||
|
||||
def set_alias_via_directory(self, expected_code, alias_length=5):
|
||||
url = "/_matrix/client/r0/directory/room/%s" % self.random_alias(alias_length)
|
||||
data = {"room_id": self.room_id}
|
||||
|
|
Loading…
Reference in a new issue