summary refs log tree commit diff
path: root/changelog.d/15695.bugfix
diff options
context:
space:
mode:
authorGrant McLean <grant@catalyst.net.nz>2023-06-08 03:21:25 +1200
committerGitHub <noreply@github.com>2023-06-07 16:21:25 +0100
commit5c24d7b9ebd8dec2c76dac5118cee22a1bb1032a (patch)
tree2ad9f5e95c543eba9988a74868ced6417326b23e /changelog.d/15695.bugfix
parentMerge branch 'master' into develop (diff)
downloadsynapse-5c24d7b9ebd8dec2c76dac5118cee22a1bb1032a.tar.xz
Check required power levels earlier in createRoom handler. (#15695)
* Check required power levels earlier in createRoom handler.

- If a server was configured to reject the creation of rooms with E2EE
  enabled (by specifying an unattainably high power level for
  "m.room.encryption" in default_power_level_content_override), the 403
  error was not being triggered until after the room was created and
  before the "m.room.power_levels" was sent.  This allowed a user to
  access the partially-configured room and complete the setup of E2EE
  and power levels manually.

- This change causes the power level overrides to be checked earlier and
  the request to be rejected before the user gains access to the room.

- A new `_validate_room_config` method is added to contain checks that
  should be run before a room is created.

- The new test case confirms that a user request is rejected by the new
  validation method.

Signed-off-by: Grant McLean <grant@catalyst.net.nz>

* Add a changelog file.

* Formatting fix for black.

* Remove unneeded line from test.

---------

Signed-off-by: Grant McLean <grant@catalyst.net.nz>
Diffstat (limited to 'changelog.d/15695.bugfix')
-rw-r--r--changelog.d/15695.bugfix1
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/15695.bugfix b/changelog.d/15695.bugfix
new file mode 100644
index 0000000000..99bf1fe05e
--- /dev/null
+++ b/changelog.d/15695.bugfix
@@ -0,0 +1 @@
+Check permissions for enabling encryption earlier during room creation to avoid creating broken rooms.