diff options
author | Daniel Wagner-Hall <dawagner@gmail.com> | 2015-12-17 18:09:51 +0100 |
---|---|---|
committer | Daniel Wagner-Hall <dawagner@gmail.com> | 2015-12-17 18:09:51 +0100 |
commit | 8c5f252edbb0c62663116c6a541ce8691414996a (patch) | |
tree | 88ff46299b4dd435579e172add4e4e29231c1dad /synapse | |
parent | Merge pull request #447 from matrix-org/rav/fix_search_pagination (diff) | |
download | synapse-8c5f252edbb0c62663116c6a541ce8691414996a.tar.xz |
Strip address and such out of 3pid invites
We're not meant to leak that into the graph
Diffstat (limited to '')
-rw-r--r-- | synapse/api/auth.py | 2 | ||||
-rw-r--r-- | synapse/handlers/federation.py | 13 |
2 files changed, 13 insertions, 2 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index b9c3e6d2c4..adb7d64482 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -778,7 +778,7 @@ class Auth(object): if "third_party_invite" in event.content: key = ( EventTypes.ThirdPartyInvite, - event.content["third_party_invite"]["token"] + event.content["third_party_invite"]["signed"]["token"] ) third_party_invite = current_state.get(key) if third_party_invite: diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index e7ad48c948..1255241461 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -1650,11 +1650,22 @@ class FederationHandler(BaseHandler): sender = invite["sender"] room_id = invite["room_id"] + if "signed" not in invite: + logger.info( + "Discarding received notification of third party invite " + "without signed: %s" % (invite,) + ) + return + + third_party_invite = { + "signed": invite["signed"], + } + event_dict = { "type": EventTypes.Member, "content": { "membership": Membership.INVITE, - "third_party_invite": invite, + "third_party_invite": third_party_invite, }, "room_id": room_id, "sender": sender, |