summary refs log tree commit diff
path: root/synapse/api
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2016-07-13 13:12:25 +0100
committerErik Johnston <erik@matrix.org>2016-07-13 13:12:25 +0100
commit2cb758ac75e529d9d093122a207ec43bcfa5f067 (patch)
tree0eb9f58fb96c0c482204b3d3cbb86b27cf5c608d /synapse/api
parentCheck creation event's room_id domain matches sender's (diff)
downloadsynapse-2cb758ac75e529d9d093122a207ec43bcfa5f067.tar.xz
Check if alias event's state_key matches sender's domain
Diffstat (limited to 'synapse/api')
-rw-r--r--synapse/api/auth.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 29b4ac456c..e05defd7d8 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -115,6 +115,17 @@ class Auth(object):
 
             # FIXME: Temp hack
             if event.type == EventTypes.Aliases:
+                if not event.state_key:
+                    raise AuthError(
+                        403,
+                        "Alias event must have non-empty state_key"
+                    )
+                sender_domain = get_domain_from_id(event.sender)
+                if event.state_key != sender_domain:
+                    raise AuthError(
+                        403,
+                        "Alias event's state_key does not match sender's domain"
+                    )
                 return True
 
             logger.debug(