summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changelog.d/13374.bugfix1
-rw-r--r--synapse/handlers/message.py6
-rw-r--r--tests/rest/admin/test_room.py15
3 files changed, 20 insertions, 2 deletions
diff --git a/changelog.d/13374.bugfix b/changelog.d/13374.bugfix
new file mode 100644
index 0000000000..1c5bd1b363
--- /dev/null
+++ b/changelog.d/13374.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in Synapse 0.24.0 that would respond with the wrong error status code to `/joined_members` requests when the requester is not a current member of the room. Contributed by @andrewdoh.
\ No newline at end of file
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index e85b540451..ee0773988e 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -324,8 +324,10 @@ class MessageHandler:
                 room_id, user_id, allow_departed_users=True
             )
             if membership != Membership.JOIN:
-                raise NotImplementedError(
-                    "Getting joined members after leaving is not implemented"
+                raise SynapseError(
+                    code=403,
+                    errcode=Codes.FORBIDDEN,
+                    msg="Getting joined members while not being a current member of the room is forbidden.",
                 )
 
         users_with_profile = await self.store.get_users_in_room_with_profiles(room_id)
diff --git a/tests/rest/admin/test_room.py b/tests/rest/admin/test_room.py
index 623883b53c..989cbdb5e2 100644
--- a/tests/rest/admin/test_room.py
+++ b/tests/rest/admin/test_room.py
@@ -1772,6 +1772,21 @@ class RoomTestCase(unittest.HomeserverTestCase):
             tok=admin_user_tok,
         )
 
+    def test_get_joined_members_after_leave_room(self) -> None:
+        """Test that requesting room members after leaving the room raises a 403 error."""
+
+        # create the room
+        user = self.register_user("foo", "pass")
+        user_tok = self.login("foo", "pass")
+        room_id = self.helper.create_room_as(user, tok=user_tok)
+        self.helper.leave(room_id, user, tok=user_tok)
+
+        # delete the rooms and get joined roomed membership
+        url = f"/_matrix/client/r0/rooms/{room_id}/joined_members"
+        channel = self.make_request("GET", url.encode("ascii"), access_token=user_tok)
+        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.json_body)
+        self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
+
 
 class JoinAliasRoomTestCase(unittest.HomeserverTestCase):
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-11 10:28:14 +0000