diff options
Diffstat (limited to 'synapse/api')
| -rw-r--r-- | synapse/api/auth.py | 28 | ||||
| -rw-r--r-- | synapse/api/constants.py | 1 | ||||
| -rw-r--r-- | synapse/api/events/room.py | 10 | ||||
| -rw-r--r-- | synapse/api/notifier.py | 4 |
4 files changed, 24 insertions, 19 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 31852b29a5..385f93763a 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -44,15 +44,15 @@ class Auth(object): be raised only if raises=True. """ try: - if event.type in [RoomTopicEvent.TYPE, MessageEvent.TYPE, - FeedbackEvent.TYPE]: - yield self.check_joined_room(event.room_id, event.user_id) - defer.returnValue(True) - elif event.type == RoomMemberEvent.TYPE: - allowed = yield self.is_membership_change_allowed(event) - defer.returnValue(allowed) + if hasattr(event, "room_id"): + if event.type == RoomMemberEvent.TYPE: + allowed = yield self.is_membership_change_allowed(event) + defer.returnValue(allowed) + else: + yield self.check_joined_room(event.room_id, event.user_id) + defer.returnValue(True) else: - raise AuthError(500, "Unknown event type %s" % event.type) + raise AuthError(500, "Unknown event: %s" % event) except AuthError as e: logger.info("Event auth check failed on event %s with msg: %s", event, e.msg) @@ -77,6 +77,8 @@ class Auth(object): @defer.inlineCallbacks def is_membership_change_allowed(self, event): + target_user_id = event.state_key + # does this room even exist room = yield self.store.get_room(event.room_id) if not room: @@ -94,7 +96,7 @@ class Auth(object): # get info about the target try: target = yield self.store.get_room_member( - user_id=event.target_user_id, + user_id=target_user_id, room_id=event.room_id) except: target = None @@ -108,12 +110,12 @@ class Auth(object): raise AuthError(403, "You are not in room %s." % event.room_id) elif target_in_room: # the target is already in the room. raise AuthError(403, "%s is already in the room." % - event.target_user_id) + target_user_id) elif Membership.JOIN == membership: # Joins are valid iff caller == target and they were: # invited: They are accepting the invitation # joined: It's a NOOP - if event.user_id != event.target_user_id: + if event.user_id != target_user_id: raise AuthError(403, "Cannot force another user to join.") elif room.is_public: pass # anyone can join public rooms. @@ -123,10 +125,10 @@ class Auth(object): elif Membership.LEAVE == membership: if not caller_in_room: # trying to leave a room you aren't joined raise AuthError(403, "You are not in room %s." % event.room_id) - elif event.target_user_id != event.user_id: + elif target_user_id != event.user_id: # trying to force another user to leave raise AuthError(403, "Cannot force %s to leave." % - event.target_user_id) + target_user_id) else: raise AuthError(500, "Unknown membership %s" % membership) diff --git a/synapse/api/constants.py b/synapse/api/constants.py index 1ff1af76ec..2af5424029 100644 --- a/synapse/api/constants.py +++ b/synapse/api/constants.py @@ -23,6 +23,7 @@ class Membership(object): JOIN = u"join" KNOCK = u"knock" LEAVE = u"leave" + LIST = (INVITE, JOIN, KNOCK, LEAVE) class Feedback(object): diff --git a/synapse/api/events/room.py b/synapse/api/events/room.py index 42459f3f21..2a7b5e8aba 100644 --- a/synapse/api/events/room.py +++ b/synapse/api/events/room.py @@ -13,6 +13,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +from synapse.api.constants import Membership +from synapse.api.errors import SynapseError from . import SynapseEvent @@ -59,15 +61,15 @@ class RoomMemberEvent(SynapseEvent): TYPE = "m.room.member" valid_keys = SynapseEvent.valid_keys + [ - "target_user_id", # target + # target is the state_key "membership", # action ] def __init__(self, **kwargs): - if "target_user_id" in kwargs: - kwargs["state_key"] = kwargs["target_user_id"] if "membership" not in kwargs: kwargs["membership"] = kwargs.get("content", {}).get("membership") + if not kwargs["membership"] in Membership.LIST: + raise SynapseError(400, "Bad membership value.") super(RoomMemberEvent, self).__init__(**kwargs) def get_content_template(self): @@ -108,7 +110,7 @@ class InviteJoinEvent(SynapseEvent): TYPE = "m.room.invite_join" valid_keys = SynapseEvent.valid_keys + [ - "target_user_id", + # target_user_id is the state_key "target_host", ] diff --git a/synapse/api/notifier.py b/synapse/api/notifier.py index 9f622df6bb..ec9c4e513d 100644 --- a/synapse/api/notifier.py +++ b/synapse/api/notifier.py @@ -56,11 +56,11 @@ class Notifier(object): # invites MUST prod the person being invited, who won't be in the room. if (event.type == RoomMemberEvent.TYPE and event.content["membership"] == Membership.INVITE): - member_list.append(event.target_user_id) + member_list.append(event.state_key) # similarly, LEAVEs must be sent to the person leaving if (event.type == RoomMemberEvent.TYPE and event.content["membership"] == Membership.LEAVE): - member_list.append(event.target_user_id) + member_list.append(event.state_key) for user_id in member_list: if user_id in self.stored_event_listeners: |