diff options
| author | Will Hunt <will@half-shot.uk> | 2019-07-11 15:01:09 +0100 |
|---|---|---|
| committer | Will Hunt <will@half-shot.uk> | 2019-07-11 15:01:09 +0100 |
| commit | de810f92b5b3ca564935a36597e648e63578d833 (patch) | |
| tree | d811e8888927938bffe2bc9eb498e48ef7f9b782 | |
| parent | Newline (diff) | |
| download | synapse-de810f92b5b3ca564935a36597e648e63578d833.tar.xz | |
Return 403 when hitting presence endpoints while presence is disabled.
| -rw-r--r-- | synapse/rest/client/v1/presence.py | 10 | ||||
| -rw-r--r-- | tests/rest/client/v1/test_presence.py | 24 |
2 files changed, 31 insertions, 3 deletions
diff --git a/synapse/rest/client/v1/presence.py b/synapse/rest/client/v1/presence.py index 3e87f0fdb3..cb4c47451e 100644 --- a/synapse/rest/client/v1/presence.py +++ b/synapse/rest/client/v1/presence.py @@ -45,6 +45,10 @@ class PresenceStatusRestServlet(RestServlet): requester = yield self.auth.get_user_by_req(request) user = UserID.from_string(user_id) + if not self.hs.config.use_presence: + raise AuthError(403, "Presence is disabled on this homeserver") + + if requester.user != user: allowed = yield self.presence_handler.is_visible( observed_user=user, observer_user=requester.user @@ -63,6 +67,9 @@ class PresenceStatusRestServlet(RestServlet): requester = yield self.auth.get_user_by_req(request) user = UserID.from_string(user_id) + if not self.hs.config.use_presence: + raise AuthError(403, "Presence is disabled on this homeserver") + if requester.user != user: raise AuthError(403, "Can only set your own presence state") @@ -85,8 +92,7 @@ class PresenceStatusRestServlet(RestServlet): except Exception: raise SynapseError(400, "Unable to parse state") - if self.hs.config.use_presence: - yield self.presence_handler.set_state(user, state) + yield self.presence_handler.set_state(user, state) defer.returnValue((200, {})) diff --git a/tests/rest/client/v1/test_presence.py b/tests/rest/client/v1/test_presence.py index 66c2b68707..5853ad0ca0 100644 --- a/tests/rest/client/v1/test_presence.py +++ b/tests/rest/client/v1/test_presence.py @@ -68,5 +68,27 @@ class PresenceTestCase(unittest.HomeserverTestCase): ) self.render(request) - self.assertEqual(channel.code, 200) + self.assertEqual(channel.code, 403) + self.assertEqual({ + "errcode": "M_FORBIDDEN", + "error": "Presence is disabled on this homeserver" + }, channel.json_body) self.assertEqual(self.hs.presence_handler.set_state.call_count, 0) + + def test_get_presence_disabled(self): + """ + GET to the status endpoint with use_presence disbled will respond + with M_FORBIDDEN + """ + self.hs.config.use_presence = False + + request, channel = self.make_request( + "GET", "/presence/%s/status" % (self.user_id,) + ) + self.render(request) + + self.assertEqual(channel.code, 403) + self.assertEqual({ + "errcode": "M_FORBIDDEN", + "error": "Presence is disabled on this homeserver" + }, channel.json_body) |