summary refs log tree commit diff
path: root/synapse/api/auth.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r--synapse/api/auth.py18
1 files changed, 13 insertions, 5 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index 886e132e10..2473a2b2bb 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -33,7 +33,7 @@ class Auth(object):
         self.store = hs.get_datastore()
 
     @defer.inlineCallbacks
-    def check(self, event, raises=False):
+    def check(self, event, snapshot, raises=False):
         """ Checks if this event is correctly authed.
 
         Returns:
@@ -48,7 +48,11 @@ class Auth(object):
                     allowed = yield self.is_membership_change_allowed(event)
                     defer.returnValue(allowed)
                 else:
-                    yield self.check_joined_room(event.room_id, event.user_id)
+                    self._check_joined_room(
+                        member=snapshot.membership_state,
+                        user_id=snapshot.user_id,
+                        room_id=snapshot.room_id,
+                    )
                     defer.returnValue(True)
             else:
                 raise AuthError(500, "Unknown event: %s" % event)
@@ -66,14 +70,18 @@ class Auth(object):
                 room_id=room_id,
                 user_id=user_id
             )
-            if not member or member.membership != Membership.JOIN:
-                raise AuthError(403, "User %s not in room %s" %
-                                (user_id, room_id))
+            self._check_joined_room(member, user_id, room_id)
             defer.returnValue(member)
         except AttributeError:
             pass
         defer.returnValue(None)
 
+    def _check_joined_room(self, member, user_id, room_id):
+        if not member or member.membership != Membership.JOIN:
+            raise AuthError(403, "User %s not in room %s (%s)" % (
+                user_id, room_id, repr(member)
+            ))
+
     @defer.inlineCallbacks
     def is_membership_change_allowed(self, event):
         target_user_id = event.state_key