summary refs log tree commit diff
path: root/synapse/api/auth.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r--synapse/api/auth.py11
1 files changed, 11 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py

index 29b4ac456c..e05defd7d8 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -115,6 +115,17 @@ class Auth(object):
 
             # FIXME: Temp hack
             if event.type == EventTypes.Aliases:
+                if not event.state_key:
+                    raise AuthError(
+                        403,
+                        "Alias event must have non-empty state_key"
+                    )
+                sender_domain = get_domain_from_id(event.sender)
+                if event.state_key != sender_domain:
+                    raise AuthError(
+                        403,
+                        "Alias event's state_key does not match sender's domain"
+                    )
                 return True
 
             logger.debug(
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-03-12 07:04:01 +0000