diff options
| author | Daniel Wagner-Hall <dawagner@gmail.com> | 2015-10-05 10:33:41 -0500 |
|---|---|---|
| committer | Daniel Wagner-Hall <dawagner@gmail.com> | 2015-10-05 10:33:41 -0500 |
| commit | 58e6a58eb7de0c0a8b0f7b30fe02c056a27f0e12 (patch) | |
| tree | 711215f7fe3121b61e7cd32d57ec47cec3ee5671 /synapse/api | |
| parent | Implement third party identifier invites (diff) | |
| parent | Add 'trusted_private_chat' to room creation presets (diff) | |
| download | synapse-58e6a58eb7de0c0a8b0f7b30fe02c056a27f0e12.tar.xz | |
Merge branch 'develop' into daniel/3pidinvites
Diffstat (limited to 'synapse/api')
| -rw-r--r-- | synapse/api/auth.py | 25 | ||||
| -rw-r--r-- | synapse/api/constants.py | 1 |
2 files changed, 25 insertions, 1 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 37f7f1bf79..6607d08488 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -20,9 +20,9 @@ from twisted.internet import defer from synapse.api.constants import EventTypes, Membership, JoinRules from synapse.api.errors import AuthError, Codes, SynapseError +from synapse.types import RoomID, UserID, EventID from synapse.util.logutils import log_function from synapse.util.thirdpartyinvites import ThirdPartyInvites -from synapse.types import UserID, EventID from unpaddedbase64 import decode_base64 import logging @@ -85,6 +85,15 @@ class Auth(object): "Room %r does not exist" % (event.room_id,) ) + creating_domain = RoomID.from_string(event.room_id).domain + originating_domain = UserID.from_string(event.sender).domain + if creating_domain != originating_domain: + if not self.can_federate(event, auth_events): + raise AuthError( + 403, + "This room has been marked as unfederatable." + ) + # FIXME: Temp hack if event.type == EventTypes.Aliases: return True @@ -224,6 +233,11 @@ class Auth(object): user_id, room_id, repr(member) )) + def can_federate(self, event, auth_events): + creation_event = auth_events.get((EventTypes.Create, "")) + + return creation_event.content.get("m.federate", True) is True + @log_function def is_membership_change_allowed(self, event, auth_events): membership = event.content["membership"] @@ -239,6 +253,15 @@ class Auth(object): target_user_id = event.state_key + creating_domain = RoomID.from_string(event.room_id).domain + target_domain = UserID.from_string(target_user_id).domain + if creating_domain != target_domain: + if not self.can_federate(event, auth_events): + raise AuthError( + 403, + "This room has been marked as unfederatable." + ) + # get info about the caller key = (EventTypes.Member, event.user_id, ) caller = auth_events.get(key) diff --git a/synapse/api/constants.py b/synapse/api/constants.py index bfc230d126..41125e8719 100644 --- a/synapse/api/constants.py +++ b/synapse/api/constants.py @@ -84,3 +84,4 @@ class RejectedReason(object): class RoomCreationPreset(object): PRIVATE_CHAT = "private_chat" PUBLIC_CHAT = "public_chat" + TRUSTED_PRIVATE_CHAT = "trusted_private_chat" |