Merge branch 'develop' of github.com:matrix-org/synapse into matrix-org-hotfixes

2 files changed, 21 insertions, 11 deletions

diff --git a/synapse/groups/groups_server.py b/synapse/groups/groups_server.py
index 6a85908dd6..1083bc2990 100644
--- a/synapse/groups/groups_server.py
+++ b/synapse/groups/groups_server.py
@@ -400,7 +400,7 @@ class GroupsServerHandler(object):
             if not is_public:
                 entry["is_public"] = False
 
-            if not self.is_mine_id(requester_user_id):
+            if not self.is_mine_id(g_user_id):
                 attestation = yield self.store.get_remote_attestation(group_id, g_user_id)
                 if not attestation:
                     continue
diff --git a/synapse/handlers/groups_local.py b/synapse/handlers/groups_local.py
index a2bacbfc38..50e40548c2 100644
--- a/synapse/handlers/groups_local.py
+++ b/synapse/handlers/groups_local.py
@@ -102,6 +102,8 @@ class GroupsLocalHandler(object):
                 get_domain_from_id(group_id), group_id, requester_user_id,
             )
 
+            group_server_name = get_domain_from_id(group_id)
+
             # Loop through the users and validate the attestations.
             chunk = res["users_section"]["users"]
             valid_users = []
@@ -109,11 +111,13 @@ class GroupsLocalHandler(object):
                 g_user_id = entry["user_id"]
                 attestation = entry.pop("attestation")
                 try:
-                    yield self.attestations.verify_attestation(
-                        attestation,
-                        group_id=group_id,
-                        user_id=g_user_id,
-                    )
+                    if get_domain_from_id(g_user_id) != group_server_name:
+                        yield self.attestations.verify_attestation(
+                            attestation,
+                            group_id=group_id,
+                            user_id=g_user_id,
+                            server_name=get_domain_from_id(g_user_id),
+                        )
                     valid_users.append(entry)
                 except Exception as e:
                     logger.info("Failed to verify user is in group: %s", e)
@@ -160,6 +164,7 @@ class GroupsLocalHandler(object):
                 remote_attestation,
                 group_id=group_id,
                 user_id=user_id,
+                server_name=get_domain_from_id(group_id),
             )
 
         is_publicised = content.get("publicise", False)
@@ -187,6 +192,8 @@ class GroupsLocalHandler(object):
             )
             defer.returnValue(res)
 
+        group_server_name = get_domain_from_id(group_id)
+
         res = yield self.transport_client.get_users_in_group(
             get_domain_from_id(group_id), group_id, requester_user_id,
         )
@@ -197,11 +204,13 @@ class GroupsLocalHandler(object):
             g_user_id = entry["user_id"]
             attestation = entry.pop("attestation")
             try:
-                yield self.attestations.verify_attestation(
-                    attestation,
-                    group_id=group_id,
-                    user_id=g_user_id,
-                )
+                if get_domain_from_id(g_user_id) != group_server_name:
+                    yield self.attestations.verify_attestation(
+                        attestation,
+                        group_id=group_id,
+                        user_id=g_user_id,
+                        server_name=get_domain_from_id(g_user_id),
+                    )
                 valid_entries.append(entry)
             except Exception as e:
                 logger.info("Failed to verify user is in group: %s", e)
@@ -240,6 +249,7 @@ class GroupsLocalHandler(object):
                 remote_attestation,
                 group_id=group_id,
                 user_id=user_id,
+                server_name=get_domain_from_id(group_id),
             )
 
         # TODO: Check that the group is public and we're being added publically