diff options
author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2019-04-04 13:05:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-04-04 13:05:51 +0100 |
commit | db265f064272205d1e473ee35632e3ff3846dae5 (patch) | |
tree | e4322a93d0e81d1e3f064fe443062ab2124ce2a8 | |
parent | Avoid redundant URL encoding (#4555) (diff) | |
download | synapse-db265f064272205d1e473ee35632e3ff3846dae5.tar.xz |
Prevent kicking users who aren't in the room (#4999)
Prevent kick events from succeeding if the user is not currently in the room.
-rw-r--r-- | changelog.d/4999.bugfix | 1 | ||||
-rw-r--r-- | synapse/handlers/room_member.py | 9 |
2 files changed, 10 insertions, 0 deletions
diff --git a/changelog.d/4999.bugfix b/changelog.d/4999.bugfix new file mode 100644 index 0000000000..acbc191960 --- /dev/null +++ b/changelog.d/4999.bugfix @@ -0,0 +1 @@ +Prevent the ability to kick users from a room they aren't in. diff --git a/synapse/handlers/room_member.py b/synapse/handlers/room_member.py index 71ce5b54e5..e432740832 100644 --- a/synapse/handlers/room_member.py +++ b/synapse/handlers/room_member.py @@ -421,6 +421,9 @@ class RoomMemberHandler(object): room_id, latest_event_ids=latest_event_ids, ) + # TODO: Refactor into dictionary of explicitly allowed transitions + # between old and new state, with specific error messages for some + # transitions and generic otherwise old_state_id = current_state_ids.get((EventTypes.Member, target.to_string())) if old_state_id: old_state = yield self.store.get_event(old_state_id, allow_none=True) @@ -446,6 +449,9 @@ class RoomMemberHandler(object): if same_sender and same_membership and same_content: defer.returnValue(old_state) + if old_membership in ["ban", "leave"] and action == "kick": + raise AuthError(403, "The target user is not in the room") + # we don't allow people to reject invites to the server notice # room, but they can leave it once they are joined. if ( @@ -459,6 +465,9 @@ class RoomMemberHandler(object): "You cannot reject this invite", errcode=Codes.CANNOT_LEAVE_SERVER_NOTICE_ROOM, ) + else: + if action == "kick": + raise AuthError(403, "The target user is not in the room") is_host_in_room = yield self._is_host_in_room(current_state_ids) |