diff options
author | Grant McLean <grant@catalyst.net.nz> | 2023-06-08 03:21:25 +1200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-06-07 16:21:25 +0100 |
commit | 5c24d7b9ebd8dec2c76dac5118cee22a1bb1032a (patch) | |
tree | 2ad9f5e95c543eba9988a74868ced6417326b23e /changelog.d | |
parent | Merge branch 'master' into develop (diff) | |
download | synapse-5c24d7b9ebd8dec2c76dac5118cee22a1bb1032a.tar.xz |
Check required power levels earlier in createRoom handler. (#15695)
* Check required power levels earlier in createRoom handler. - If a server was configured to reject the creation of rooms with E2EE enabled (by specifying an unattainably high power level for "m.room.encryption" in default_power_level_content_override), the 403 error was not being triggered until after the room was created and before the "m.room.power_levels" was sent. This allowed a user to access the partially-configured room and complete the setup of E2EE and power levels manually. - This change causes the power level overrides to be checked earlier and the request to be rejected before the user gains access to the room. - A new `_validate_room_config` method is added to contain checks that should be run before a room is created. - The new test case confirms that a user request is rejected by the new validation method. Signed-off-by: Grant McLean <grant@catalyst.net.nz> * Add a changelog file. * Formatting fix for black. * Remove unneeded line from test. --------- Signed-off-by: Grant McLean <grant@catalyst.net.nz>
Diffstat (limited to 'changelog.d')
-rw-r--r-- | changelog.d/15695.bugfix | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changelog.d/15695.bugfix b/changelog.d/15695.bugfix new file mode 100644 index 0000000000..99bf1fe05e --- /dev/null +++ b/changelog.d/15695.bugfix @@ -0,0 +1 @@ +Check permissions for enabling encryption earlier during room creation to avoid creating broken rooms. |