diff options
author | Patrick Cloke <clokep@users.noreply.github.com> | 2023-02-28 10:11:20 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-28 10:11:20 -0500 |
commit | e746f80b4fd57fb0296c06c11c8d1240fe118c45 (patch) | |
tree | f9711b6eb58551a1514002d3f60d945559a5d035 /synapse/http | |
parent | Add documentation for caching in a module (#14026) (diff) | |
download | synapse-e746f80b4fd57fb0296c06c11c8d1240fe118c45.tar.xz |
Do not accept pattern_type from user input in push rules. (#15088)
Internally the push rules module uses a `pattern_type` property for `event_match` conditions (and `related_event_match`) to mark the condition as matching the current user's Matrix ID or localpart. This is leaky to the Client-Server API where a user can successfully set a condition which provides `pattern_type` instead of `pattern` (note that there's no benefit to doing this -- the user can just use their own Matrix ID or localpart instead). When serializing back to the client the `pattern_type` property is converted into a proper `pattern`. The following changes are made to avoid this: * Separate the `KnownCondition::EventMatch` enum value into `EventMatch` and `EventMatchType`, each with their own expected properties. (Note that a similar change is made for `RelatedEventMatch`.) * Make it such that the `pattern_type` variants serialize to the same condition kind, but cannot be deserialized (since they're only provided by base rules). * As a final tweak, convert `user_id` vs. `user_localpart` values into an enum.
Diffstat (limited to 'synapse/http')
0 files changed, 0 insertions, 0 deletions