summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--synapse/api/auth.py7
1 files changed, 6 insertions, 1 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index f8ac9d2495..81012f99c1 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -83,7 +83,12 @@ class Auth(object):
 
             # FIXME: Temp hack
             if event.type == EventTypes.Aliases:
-                return True
+                alias_domain = UserID.from_string(event.state_key).domain
+                if alias_domain != originating_domain:
+                    raise AuthError(
+                        403,
+                        "Can only set aliases for own domain"
+                    )
 
             logger.debug(
                 "Auth events: %s",