diff options
Diffstat (limited to 'synapse/api/auth.py')
| -rw-r--r-- | synapse/api/auth.py | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index a99986714d..17ed35d082 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -83,8 +83,8 @@ class Auth(object): if not hasattr(event, "room_id"): raise AuthError(500, "Event has no room_id: %s" % event) + sender_domain = get_domain_from_id(event.sender) if do_sig_check: - sender_domain = get_domain_from_id(event.sender) event_id_domain = get_domain_from_id(event.event_id) is_invite_via_3pid = ( @@ -130,9 +130,15 @@ class Auth(object): "Room %r does not exist" % (event.room_id,) ) + if event.room_id != creation_event.room_id: + raise SynapseError( + 403, "Event has the wrong room_id: %r != %r" % ( + event.room_id, creation_event.room_id + ) + ) + creating_domain = get_domain_from_id(event.room_id) - originating_domain = get_domain_from_id(event.sender) - if creating_domain != originating_domain: + if creating_domain != sender_domain: if not self.can_federate(event, auth_events): raise AuthError( 403, @@ -331,7 +337,8 @@ class Auth(object): create = auth_events.get(key) if create and event.prev_events[0][0] == create.event_id: if create.content["creator"] == event.state_key: - return True + if event.state_key == event.sender: + return True target_user_id = event.state_key |