diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 71a955b281..bf004a44c6 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -20,7 +20,7 @@ from twisted.internet import defer
from synapse.api.constants import EventTypes, Membership, JoinRules
from synapse.api.errors import AuthError, Codes, SynapseError
from synapse.util.logutils import log_function
-from synapse.types import UserID, EventID
+from synapse.types import EventID, RoomID, UserID
import logging
@@ -66,16 +66,29 @@ class Auth(object):
return True
creation_event = auth_events.get((EventTypes.Create, ""), None)
-
if not creation_event:
raise SynapseError(
403,
"Room %r does not exist" % (event.room_id,)
)
+ creating_domain = RoomID.from_string(event.room_id).domain
+ originating_domain = EventID.from_string(event.event_id).domain
+ if creating_domain != originating_domain:
+ if not self.can_federate(event, auth_events):
+ raise SynapseError(
+ 403,
+ "This room has been marked as unfederatable."
+ )
+
# FIXME: Temp hack
if event.type == EventTypes.Aliases:
- return True
+ alias_domain = UserID.from_string(event.state_key).domain
+ if alias_domain != originating_domain:
+ raise AuthError(
+ 403,
+ "Can only set aliases for own domain"
+ )
logger.debug(
"Auth events: %s",
@@ -161,6 +174,11 @@ class Auth(object):
user_id, room_id, repr(member)
))
+ def can_federate(self, event, auth_events):
+ creation_event = auth_events.get((EventTypes.Create, ""))
+
+ return creation_event.content.get("m.federate", True) is True
+
@log_function
def is_membership_change_allowed(self, event, auth_events):
membership = event.content["membership"]
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index c5d1001b50..4f8ad824b5 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -150,12 +150,15 @@ class RoomCreationHandler(BaseHandler):
for val in raw_initial_state:
initial_state[(val["type"], val.get("state_key", ""))] = val["content"]
+ creation_content = config.get("creation_content", {})
+
user = UserID.from_string(user_id)
creation_events = self._create_events_for_new_room(
user, room_id,
preset_config=preset_config,
invite_list=invite_list,
initial_state=initial_state,
+ creation_content=creation_content,
)
msg_handler = self.hs.get_handlers().message_handler
@@ -203,7 +206,7 @@ class RoomCreationHandler(BaseHandler):
defer.returnValue(result)
def _create_events_for_new_room(self, creator, room_id, preset_config,
- invite_list, initial_state):
+ invite_list, initial_state, creation_content):
config = RoomCreationHandler.PRESETS_DICT[preset_config]
creator_id = creator.to_string()
@@ -225,9 +228,10 @@ class RoomCreationHandler(BaseHandler):
return e
+ creation_content.update({"creator": creator.to_string()})
creation_event = create(
etype=EventTypes.Create,
- content={"creator": creator.to_string()},
+ content=creation_content,
)
join_event = create(
|
