diff options
author | Erik Johnston <erik@matrix.org> | 2016-07-13 13:07:19 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2016-07-13 13:07:19 +0100 |
commit | 560c71c7352946f70f58d6fc3d0c459084127b21 (patch) | |
tree | 73c5c6bf51d96c72eba2f20f27002f268c1e6801 | |
parent | Merge pull request #914 from matrix-org/markjh/upgrade (diff) | |
download | synapse-560c71c7352946f70f58d6fc3d0c459084127b21.tar.xz |
Check creation event's room_id domain matches sender's
Diffstat (limited to '')
-rw-r--r-- | synapse/api/auth.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index a4d658a9d0..29b4ac456c 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -86,6 +86,13 @@ class Auth(object): return True if event.type == EventTypes.Create: + room_id_domain = get_domain_from_id(event.room_id) + sender_domain = get_domain_from_id(event.sender) + if room_id_domain != sender_domain: + raise AuthError( + 403, + "Creation event's room_id domain does not match sender's" + ) # FIXME return True |