summary refs log tree commit diff
path: root/synapse/api
diff options
context:
space:
mode:
authorMark Haines <mark.haines@matrix.org>2015-10-09 19:18:09 +0100
committerMark Haines <mark.haines@matrix.org>2015-10-09 19:18:09 +0100
commitaf7b21447648cba477542bc1786be2a6c0928e37 (patch)
tree74c4481acd515a180c0edeb05d1a03b52ba30fd6 /synapse/api
parentFormat the presence events correctly for v2 (diff)
parentSplit the sections of EventStreamHandler.get_stream that handle presence (diff)
downloadsynapse-af7b21447648cba477542bc1786be2a6c0928e37.tar.xz
Merge branch 'markjh/eventstream_presence' into markjh/v2_sync_api
Diffstat (limited to 'synapse/api')
-rw-r--r--synapse/api/auth.py25
-rw-r--r--synapse/api/constants.py1
2 files changed, 25 insertions, 1 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 847ff60671..e3b8c3099a 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -20,7 +20,7 @@ from twisted.internet import defer
 from synapse.api.constants import EventTypes, Membership, JoinRules
 from synapse.api.errors import AuthError, Codes, SynapseError
 from synapse.util.logutils import log_function
-from synapse.types import UserID, EventID
+from synapse.types import RoomID, UserID, EventID
 
 import logging
 import pymacaroons
@@ -80,6 +80,15 @@ class Auth(object):
                     "Room %r does not exist" % (event.room_id,)
                 )
 
+            creating_domain = RoomID.from_string(event.room_id).domain
+            originating_domain = UserID.from_string(event.sender).domain
+            if creating_domain != originating_domain:
+                if not self.can_federate(event, auth_events):
+                    raise AuthError(
+                        403,
+                        "This room has been marked as unfederatable."
+                    )
+
             # FIXME: Temp hack
             if event.type == EventTypes.Aliases:
                 return True
@@ -219,6 +228,11 @@ class Auth(object):
                 user_id, room_id, repr(member)
             ))
 
+    def can_federate(self, event, auth_events):
+        creation_event = auth_events.get((EventTypes.Create, ""))
+
+        return creation_event.content.get("m.federate", True) is True
+
     @log_function
     def is_membership_change_allowed(self, event, auth_events):
         membership = event.content["membership"]
@@ -234,6 +248,15 @@ class Auth(object):
 
         target_user_id = event.state_key
 
+        creating_domain = RoomID.from_string(event.room_id).domain
+        target_domain = UserID.from_string(target_user_id).domain
+        if creating_domain != target_domain:
+            if not self.can_federate(event, auth_events):
+                raise AuthError(
+                    403,
+                    "This room has been marked as unfederatable."
+                )
+
         # get info about the caller
         key = (EventTypes.Member, event.user_id, )
         caller = auth_events.get(key)
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 3385664394..008ee64727 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -83,3 +83,4 @@ class RejectedReason(object):
 class RoomCreationPreset(object):
     PRIVATE_CHAT = "private_chat"
     PUBLIC_CHAT = "public_chat"
+    TRUSTED_PRIVATE_CHAT = "trusted_private_chat"