summary refs log tree commit diff
diff options
context:
space:
mode:
authorDaniel Wagner-Hall <dawagner@gmail.com>2015-12-17 18:09:51 +0100
committerDaniel Wagner-Hall <dawagner@gmail.com>2015-12-17 18:09:51 +0100
commit8c5f252edbb0c62663116c6a541ce8691414996a (patch)
tree88ff46299b4dd435579e172add4e4e29231c1dad
parentMerge pull request #447 from matrix-org/rav/fix_search_pagination (diff)
downloadsynapse-8c5f252edbb0c62663116c6a541ce8691414996a.tar.xz
Strip address and such out of 3pid invites
We're not meant to leak that into the graph
-rw-r--r--synapse/api/auth.py2
-rw-r--r--synapse/handlers/federation.py13
2 files changed, 13 insertions, 2 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index b9c3e6d2c4..adb7d64482 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -778,7 +778,7 @@ class Auth(object):
                 if "third_party_invite" in event.content:
                     key = (
                         EventTypes.ThirdPartyInvite,
-                        event.content["third_party_invite"]["token"]
+                        event.content["third_party_invite"]["signed"]["token"]
                     )
                     third_party_invite = current_state.get(key)
                     if third_party_invite:
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index e7ad48c948..1255241461 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -1650,11 +1650,22 @@ class FederationHandler(BaseHandler):
         sender = invite["sender"]
         room_id = invite["room_id"]
 
+        if "signed" not in invite:
+            logger.info(
+                "Discarding received notification of third party invite "
+                "without signed: %s" % (invite,)
+            )
+            return
+
+        third_party_invite = {
+            "signed": invite["signed"],
+        }
+
         event_dict = {
             "type": EventTypes.Member,
             "content": {
                 "membership": Membership.INVITE,
-                "third_party_invite": invite,
+                "third_party_invite": third_party_invite,
             },
             "room_id": room_id,
             "sender": sender,