summary refs log tree commit diff
diff options
context:
space:
mode:
authorandrew do <andrewddo@gmail.com>2022-08-03 05:26:31 -0700
committerGitHub <noreply@github.com>2022-08-03 14:26:31 +0200
commit78a3111c41bf93fd52774965af50d62b74d937de (patch)
treedfbf7dfc38a6252a5e66f8d417f4e27765be5009
parentInstall cryptography build dependencies in requirements image. (#13372) (diff)
downloadsynapse-78a3111c41bf93fd52774965af50d62b74d937de.tar.xz
Return 404 or member list when getting joined_members after leaving (#13374)
Signed-off-by: Andrew Doh <andrewddo@gmail.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Andrew Morgan <andrewm@element.io>
Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
-rw-r--r--changelog.d/13374.bugfix1
-rw-r--r--synapse/handlers/message.py6
-rw-r--r--tests/rest/admin/test_room.py15
3 files changed, 20 insertions, 2 deletions
diff --git a/changelog.d/13374.bugfix b/changelog.d/13374.bugfix
new file mode 100644
index 0000000000..1c5bd1b363
--- /dev/null
+++ b/changelog.d/13374.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in Synapse 0.24.0 that would respond with the wrong error status code to `/joined_members` requests when the requester is not a current member of the room. Contributed by @andrewdoh.
\ No newline at end of file
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
index e85b540451..ee0773988e 100644
--- a/synapse/handlers/message.py
+++ b/synapse/handlers/message.py
@@ -324,8 +324,10 @@ class MessageHandler:
                 room_id, user_id, allow_departed_users=True
             )
             if membership != Membership.JOIN:
-                raise NotImplementedError(
-                    "Getting joined members after leaving is not implemented"
+                raise SynapseError(
+                    code=403,
+                    errcode=Codes.FORBIDDEN,
+                    msg="Getting joined members while not being a current member of the room is forbidden.",
                 )
 
         users_with_profile = await self.store.get_users_in_room_with_profiles(room_id)
diff --git a/tests/rest/admin/test_room.py b/tests/rest/admin/test_room.py
index 623883b53c..989cbdb5e2 100644
--- a/tests/rest/admin/test_room.py
+++ b/tests/rest/admin/test_room.py
@@ -1772,6 +1772,21 @@ class RoomTestCase(unittest.HomeserverTestCase):
             tok=admin_user_tok,
         )
 
+    def test_get_joined_members_after_leave_room(self) -> None:
+        """Test that requesting room members after leaving the room raises a 403 error."""
+
+        # create the room
+        user = self.register_user("foo", "pass")
+        user_tok = self.login("foo", "pass")
+        room_id = self.helper.create_room_as(user, tok=user_tok)
+        self.helper.leave(room_id, user, tok=user_tok)
+
+        # delete the rooms and get joined roomed membership
+        url = f"/_matrix/client/r0/rooms/{room_id}/joined_members"
+        channel = self.make_request("GET", url.encode("ascii"), access_token=user_tok)
+        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.json_body)
+        self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
+
 
 class JoinAliasRoomTestCase(unittest.HomeserverTestCase):