Drop support for calling `/_matrix/client/v3/rooms/{roomId}/invite` without an `id_access_token` (#13241)

Fixes #13206 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
author: Jacek Kuśnierz <jacek.kusnierz@tum.de> 2022-08-31 14:10:25 +0200
committer: GitHub <noreply@github.com> 2022-08-31 12:10:25 +0000
commit: 84ddcd7bbfe4100101741a408a91f283a8f742c7 (patch)
tree: fc2f6d6c2bc0fc52d7198902dbcaa05c74b0f1e8 /synapse/rest
parent: Remove cached wrap on `_get_joined_users_from_context` method (#13569) (diff)
download: synapse-84ddcd7bbfe4100101741a408a91f283a8f742c7.tar.xz
2 files changed, 12 insertions, 9 deletions
diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
index 0e2834008e..0bca012535 100644
--- a/synapse/rest/client/room.py
+++ b/synapse/rest/client/room.py
@@ -17,6 +17,7 @@
 import logging
 import re
 from enum import Enum
+from http import HTTPStatus
 from typing import TYPE_CHECKING, Awaitable, Dict, List, Optional, Tuple
 from urllib import parse as urlparse
 
@@ -947,7 +948,16 @@ class RoomMembershipRestServlet(TransactionRestServlet):
             # cheekily send invalid bodies.
             content = {}
 
-        if membership_action == "invite" and self._has_3pid_invite_keys(content):
+        if membership_action == "invite" and all(
+            key in content for key in ("medium", "address")
+        ):
+            if not all(key in content for key in ("id_server", "id_access_token")):
+                raise SynapseError(
+                    HTTPStatus.BAD_REQUEST,
+                    "`id_server` and `id_access_token` are required when doing 3pid invite",
+                    Codes.MISSING_PARAM,
+                )
+
             try:
                 await self.room_member_handler.do_3pid_invite(
                     room_id,
@@ -957,7 +967,7 @@ class RoomMembershipRestServlet(TransactionRestServlet):
                     content["id_server"],
                     requester,
                     txn_id,
-                    content.get("id_access_token"),
+                    content["id_access_token"],
                 )
             except ShadowBanError:
                 # Pretend the request succeeded.
@@ -994,12 +1004,6 @@ class RoomMembershipRestServlet(TransactionRestServlet):
 
         return 200, return_value
 
-    def _has_3pid_invite_keys(self, content: JsonDict) -> bool:
-        for key in {"id_server", "medium", "address"}:
-            if key not in content:
-                return False
-        return True
-
     def on_PUT(
         self, request: SynapseRequest, room_id: str, membership_action: str, txn_id: str
     ) -> Awaitable[Tuple[int, JsonDict]]:
diff --git a/synapse/rest/media/v1/media_repository.py b/synapse/rest/media/v1/media_repository.py
index 7435fd9130..9dd3c8d4bb 100644
--- a/synapse/rest/media/v1/media_repository.py
+++ b/synapse/rest/media/v1/media_repository.py
@@ -64,7 +64,6 @@ if TYPE_CHECKING:
 
 logger = logging.getLogger(__name__)
 
-
 # How often to run the background job to update the "recently accessed"
 # attribute of local and remote media.
 UPDATE_RECENTLY_ACCESSED_TS = 60 * 1000  # 1 minute
author	Jacek Kuśnierz <jacek.kusnierz@tum.de>	2022-08-31 14:10:25 +0200
committer	GitHub <noreply@github.com>	2022-08-31 12:10:25 +0000
commit	84ddcd7bbfe4100101741a408a91f283a8f742c7 (patch)
tree	fc2f6d6c2bc0fc52d7198902dbcaa05c74b0f1e8 /synapse/rest
parent	Remove cached wrap on `_get_joined_users_from_context` method (#13569) (diff)
download	synapse-84ddcd7bbfe4100101741a408a91f283a8f742c7.tar.xz