summary refs log tree commit diff
diff options
context:
space:
mode:
authorErik Johnston <erikj@jki.re>2018-07-04 09:41:33 +0100
committerGitHub <noreply@github.com>2018-07-04 09:41:33 +0100
commit40252d13d14dfda187ccc28e1c14379a136da08c (patch)
tree5c2540c3d03f6ee9957373f890ae539478425b87
parentReject invalid server names (#3480) (diff)
parentNewsfile (diff)
downloadsynapse-40252d13d14dfda187ccc28e1c14379a136da08c.tar.xz
Merge pull request #3474 from matrix-org/erikj/py3_auth
Fix up auth check
-rw-r--r--changelog.d/3474.misc0
-rw-r--r--synapse/event_auth.py7
2 files changed, 6 insertions, 1 deletions
diff --git a/changelog.d/3474.misc b/changelog.d/3474.misc
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/changelog.d/3474.misc
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index f512d88145..cdf99fd140 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -76,6 +76,7 @@ def check(event, auth_events, do_sig_check=True, do_size_check=True):
         return
 
     if event.type == EventTypes.Create:
+        sender_domain = get_domain_from_id(event.sender)
         room_id_domain = get_domain_from_id(event.room_id)
         if room_id_domain != sender_domain:
             raise AuthError(
@@ -524,7 +525,11 @@ def _check_power_levels(event, auth_events):
                     "to your own"
                 )
 
-        if old_level > user_level or new_level > user_level:
+        # Check if the old and new levels are greater than the user level
+        # (if defined)
+        old_level_too_big = old_level is not None and old_level > user_level
+        new_level_too_big = new_level is not None and new_level > user_level
+        if old_level_too_big or new_level_too_big:
             raise AuthError(
                 403,
                 "You don't have permission to add ops level greater "