summary refs log tree commit diff
path: root/synapse/api/auth.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2016-07-13 13:07:19 +0100
committerErik Johnston <erik@matrix.org>2016-07-13 13:07:19 +0100
commit560c71c7352946f70f58d6fc3d0c459084127b21 (patch)
tree73c5c6bf51d96c72eba2f20f27002f268c1e6801 /synapse/api/auth.py
parentMerge pull request #914 from matrix-org/markjh/upgrade (diff)
downloadsynapse-560c71c7352946f70f58d6fc3d0c459084127b21.tar.xz
Check creation event's room_id domain matches sender's
Diffstat (limited to '')
-rw-r--r--synapse/api/auth.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index a4d658a9d0..29b4ac456c 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -86,6 +86,13 @@ class Auth(object):
                 return True
 
             if event.type == EventTypes.Create:
+                room_id_domain = get_domain_from_id(event.room_id)
+                sender_domain = get_domain_from_id(event.sender)
+                if room_id_domain != sender_domain:
+                    raise AuthError(
+                        403,
+                        "Creation event's room_id domain does not match sender's"
+                    )
                 # FIXME
                 return True