diff options
author | Kegan Dougal <kegan@matrix.org> | 2015-04-01 14:05:24 +0100 |
---|---|---|
committer | Kegan Dougal <kegan@matrix.org> | 2015-04-01 14:05:24 +0100 |
commit | 813e54bd5b332e4514ecfea71d33d27f106fe5ff (patch) | |
tree | d31732038d54fda3f776f23b023b022b73850ca7 /synapse | |
parent | Merge pull request #116 from matrix-org/application-services-registration-script (diff) | |
download | synapse-813e54bd5b332e4514ecfea71d33d27f106fe5ff.tar.xz |
Fix more AS sender ID thinkos.
Specifically, the ASes own user ID wasn't being treated as 'exclusive' so a human could nab it. Also, the HS would needlessly send user queries to the AS for its own user ID.
Diffstat (limited to '')
-rw-r--r-- | synapse/appservice/__init__.py | 5 | ||||
-rw-r--r-- | synapse/handlers/appservice.py | 9 |
2 files changed, 12 insertions, 2 deletions
diff --git a/synapse/appservice/__init__.py b/synapse/appservice/__init__.py index ab0a6955f0..63a18b802b 100644 --- a/synapse/appservice/__init__.py +++ b/synapse/appservice/__init__.py @@ -211,7 +211,10 @@ class ApplicationService(object): return self._matches_regex(room_id, ApplicationService.NS_ROOMS) def is_exclusive_user(self, user_id): - return self._is_exclusive(ApplicationService.NS_USERS, user_id) + return ( + self._is_exclusive(ApplicationService.NS_USERS, user_id) + or user_id == self.sender + ) def is_exclusive_alias(self, alias): return self._is_exclusive(ApplicationService.NS_ALIASES, alias) diff --git a/synapse/handlers/appservice.py b/synapse/handlers/appservice.py index 59cf15b037..492a630fdc 100644 --- a/synapse/handlers/appservice.py +++ b/synapse/handlers/appservice.py @@ -180,7 +180,14 @@ class ApplicationServicesHandler(object): return user_info = yield self.store.get_user_by_id(user_id) - defer.returnValue(len(user_info) == 0) + if len(user_info) > 0: + defer.returnValue(False) + return + + # user not found; could be the AS though, so check. + services = yield self.store.get_app_services() + service_list = [s for s in services if s.sender == user_id] + defer.returnValue(len(service_list) == 0) @defer.inlineCallbacks def _check_user_exists(self, user_id): |