diff options
author | Erik Johnston <erik@matrix.org> | 2016-09-22 11:08:12 +0100 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2016-09-22 11:08:12 +0100 |
commit | a61e4522b51a51261865b24238a42c0cdd6fb6c8 (patch) | |
tree | 80a2a700a5e58e3bec5595515d167af048d240b4 /synapse/api/auth.py | |
parent | Allow invites via 3pid to bypass sender sig check (diff) | |
download | synapse-a61e4522b51a51261865b24238a42c0cdd6fb6c8.tar.xz |
Shuffle things around to make unit tests work
Diffstat (limited to '')
-rw-r--r-- | synapse/api/auth.py | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index d60c1b15ae..377bfcc482 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -91,23 +91,24 @@ class Auth(object): if not hasattr(event, "room_id"): raise AuthError(500, "Event has no room_id: %s" % event) - sender_domain = get_domain_from_id(event.sender) - event_id_domain = get_domain_from_id(event.event_id) + if do_sig_check: + sender_domain = get_domain_from_id(event.sender) + event_id_domain = get_domain_from_id(event.event_id) - is_invite_via_3pid = ( - event.type == EventTypes.Member - and event.membership == Membership.INVITE - and "third_party_invite" in event.content - ) + is_invite_via_3pid = ( + event.type == EventTypes.Member + and event.membership == Membership.INVITE + and "third_party_invite" in event.content + ) - # Check the sender's domain has signed the event - if do_sig_check and not event.signatures.get(sender_domain): - if not is_invite_via_3pid: - raise AuthError(403, "Event not signed by sender's server") + # Check the sender's domain has signed the event + if not event.signatures.get(sender_domain): + if not is_invite_via_3pid: + raise AuthError(403, "Event not signed by sender's server") - # Check the event_id's domain has signed the event - if do_sig_check and not event.signatures.get(event_id_domain): - raise AuthError(403, "Event not signed by sending server") + # Check the event_id's domain has signed the event + if not event.signatures.get(event_id_domain): + raise AuthError(403, "Event not signed by sending server") if auth_events is None: # Oh, we don't know what the state of the room was, so we |