Allow appservices to batch send as any local user

2023-02-12 15:00:20 +02:00 · 2023-02-12 15:00:20 +02:00 · 3d3c46e36b
parent 069401d09d
commit 3d3c46e36b
2 changed files with 7 additions and 3 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -254,7 +254,7 @@ class Auth:
            raise MissingClientTokenError()

    async def validate_appservice_can_control_user_id(
-        self, app_service: ApplicationService, user_id: str
+        self, app_service: ApplicationService, user_id: str, allow_any: bool = False
    ) -> None:
        """Validates that the app service is allowed to control
        the given user.
@ -262,6 +262,7 @@ class Auth:
        Args:
            app_service: The app service that controls the user
            user_id: The author MXID that the app service is controlling
+            allow_any: Allow the appservice to control any local user

        Raises:
            AuthError: If the application service is not allowed to control the user
@ -273,7 +274,7 @@ class Auth:
        if app_service.sender == user_id:
            pass
        # Check to make sure the app service is allowed to control the user
-        elif not app_service.is_interested_in_user(user_id):
+        elif not app_service.is_interested_in_user(user_id) and not allow_any:
            raise AuthError(
                403,
                "Application service cannot masquerade as this user (%s)." % user_id,
--- a/synapse/handlers/room_batch.py
+++ b/synapse/handlers/room_batch.py
@ -21,6 +21,7 @@ class RoomBatchHandler:
        self.event_creation_handler = hs.get_event_creation_handler()
        self.room_member_handler = hs.get_room_member_handler()
        self.auth = hs.get_auth()
+        self.allow_send_any = self.hs.config.meow.appservice_batch_send_any

    async def inherit_depth_from_prev_ids(self, prev_event_ids: List[str]) -> int:
        """Finds the depth which would sort it after the most-recent
@ -118,7 +119,9 @@ class RoomBatchHandler:
            Requester object
        """

-        await self.auth.validate_appservice_can_control_user_id(app_service, user_id)
+        await self.auth.validate_appservice_can_control_user_id(
+            app_service, user_id, allow_any=self.allow_send_any
+        )

        return create_requester(user_id, app_service=app_service)