diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2018-07-27 09:17:11 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-07-27 09:17:11 +0100 |
commit | 7041cd872b8f1105d58f8e8ac79ffd32c76a1994 (patch) | |
tree | 4736db867cfd029d8e7627edb971eccc926371bc /synapse/api/auth.py | |
parent | Merge remote-tracking branch 'upstream/develop' into send_sni_for_federation_... (diff) | |
parent | Merge pull request #3616 from matrix-org/travis/event_id_send_leave (diff) | |
download | synapse-7041cd872b8f1105d58f8e8ac79ffd32c76a1994.tar.xz |
Merge branch 'develop' into send_sni_for_federation_requests
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r-- | synapse/api/auth.py | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index bc629832d9..073229b4c4 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -65,8 +65,9 @@ class Auth(object): @defer.inlineCallbacks def check_from_context(self, event, context, do_sig_check=True): + prev_state_ids = yield context.get_prev_state_ids(self.store) auth_events_ids = yield self.compute_auth_events( - event, context.prev_state_ids, for_verification=True, + event, prev_state_ids, for_verification=True, ) auth_events = yield self.store.get_events(auth_events_ids) auth_events = { @@ -544,7 +545,8 @@ class Auth(object): @defer.inlineCallbacks def add_auth_events(self, builder, context): - auth_ids = yield self.compute_auth_events(builder, context.prev_state_ids) + prev_state_ids = yield context.get_prev_state_ids(self.store) + auth_ids = yield self.compute_auth_events(builder, prev_state_ids) auth_events_entries = yield self.store.add_event_hashes( auth_ids @@ -737,3 +739,37 @@ class Auth(object): ) return query_params[0] + + @defer.inlineCallbacks + def check_in_room_or_world_readable(self, room_id, user_id): + """Checks that the user is or was in the room or the room is world + readable. If it isn't then an exception is raised. + + Returns: + Deferred[tuple[str, str|None]]: Resolves to the current membership of + the user in the room and the membership event ID of the user. If + the user is not in the room and never has been, then + `(Membership.JOIN, None)` is returned. + """ + + try: + # check_user_was_in_room will return the most recent membership + # event for the user if: + # * The user is a non-guest user, and was ever in the room + # * The user is a guest user, and has joined the room + # else it will throw. + member_event = yield self.check_user_was_in_room(room_id, user_id) + defer.returnValue((member_event.membership, member_event.event_id)) + except AuthError: + visibility = yield self.state.get_current_state( + room_id, EventTypes.RoomHistoryVisibility, "" + ) + if ( + visibility and + visibility.content["history_visibility"] == "world_readable" + ): + defer.returnValue((Membership.JOIN, None)) + return + raise AuthError( + 403, "Guest access not allowed", errcode=Codes.GUEST_ACCESS_FORBIDDEN + ) |