forked from MirrorHub/synapse
Make sure we reject attempts to invite the notices user
This commit is contained in:
parent
d10707c810
commit
26305788fe
3 changed files with 20 additions and 0 deletions
|
@ -81,6 +81,7 @@ class FederationHandler(BaseHandler):
|
||||||
self.pusher_pool = hs.get_pusherpool()
|
self.pusher_pool = hs.get_pusherpool()
|
||||||
self.spam_checker = hs.get_spam_checker()
|
self.spam_checker = hs.get_spam_checker()
|
||||||
self.event_creation_handler = hs.get_event_creation_handler()
|
self.event_creation_handler = hs.get_event_creation_handler()
|
||||||
|
self._server_notices_mxid = hs.config.server_notices_mxid
|
||||||
|
|
||||||
# When joining a room we need to queue any events for that room up
|
# When joining a room we need to queue any events for that room up
|
||||||
self.room_queues = {}
|
self.room_queues = {}
|
||||||
|
@ -1180,6 +1181,13 @@ class FederationHandler(BaseHandler):
|
||||||
if not self.is_mine_id(event.state_key):
|
if not self.is_mine_id(event.state_key):
|
||||||
raise SynapseError(400, "The invite event must be for this server")
|
raise SynapseError(400, "The invite event must be for this server")
|
||||||
|
|
||||||
|
# block any attempts to invite the server notices mxid
|
||||||
|
if event.state_key == self._server_notices_mxid:
|
||||||
|
raise SynapseError(
|
||||||
|
http_client.FORBIDDEN,
|
||||||
|
"Cannot invite this user",
|
||||||
|
)
|
||||||
|
|
||||||
event.internal_metadata.outlier = True
|
event.internal_metadata.outlier = True
|
||||||
event.internal_metadata.invite_from_remote = True
|
event.internal_metadata.invite_from_remote = True
|
||||||
|
|
||||||
|
|
|
@ -309,6 +309,13 @@ class RoomMemberHandler(object):
|
||||||
)
|
)
|
||||||
|
|
||||||
if effective_membership_state == Membership.INVITE:
|
if effective_membership_state == Membership.INVITE:
|
||||||
|
# block any attempts to invite the server notices mxid
|
||||||
|
if target.to_string() == self._server_notices_mxid:
|
||||||
|
raise SynapseError(
|
||||||
|
http_client.FORBIDDEN,
|
||||||
|
"Cannot invite this user",
|
||||||
|
)
|
||||||
|
|
||||||
block_invite = False
|
block_invite = False
|
||||||
|
|
||||||
if (self._server_notices_mxid is not None and
|
if (self._server_notices_mxid is not None and
|
||||||
|
|
|
@ -78,6 +78,11 @@ class ServerNoticesManager(object):
|
||||||
)
|
)
|
||||||
system_mxid = self._config.server_notices_mxid
|
system_mxid = self._config.server_notices_mxid
|
||||||
for room in rooms:
|
for room in rooms:
|
||||||
|
# it's worth noting that there is an asymmetry here in that we
|
||||||
|
# expect the user to be invited or joined, but the system user must
|
||||||
|
# be joined. This is kinda deliberate, in that if somebody somehow
|
||||||
|
# manages to invite the system user to a room, that doesn't make it
|
||||||
|
# the server notices room.
|
||||||
user_ids = yield self._store.get_users_in_room(room.room_id)
|
user_ids = yield self._store.get_users_in_room(room.room_id)
|
||||||
if system_mxid in user_ids:
|
if system_mxid in user_ids:
|
||||||
# we found a room which our user shares with the system notice
|
# we found a room which our user shares with the system notice
|
||||||
|
|
Loading…
Reference in a new issue