diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index ae61319a2c..385f93763a 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -77,6 +77,8 @@ class Auth(object):
@defer.inlineCallbacks
def is_membership_change_allowed(self, event):
+ target_user_id = event.state_key
+
# does this room even exist
room = yield self.store.get_room(event.room_id)
if not room:
@@ -94,7 +96,7 @@ class Auth(object):
# get info about the target
try:
target = yield self.store.get_room_member(
- user_id=event.target_user_id,
+ user_id=target_user_id,
room_id=event.room_id)
except:
target = None
@@ -108,12 +110,12 @@ class Auth(object):
raise AuthError(403, "You are not in room %s." % event.room_id)
elif target_in_room: # the target is already in the room.
raise AuthError(403, "%s is already in the room." %
- event.target_user_id)
+ target_user_id)
elif Membership.JOIN == membership:
# Joins are valid iff caller == target and they were:
# invited: They are accepting the invitation
# joined: It's a NOOP
- if event.user_id != event.target_user_id:
+ if event.user_id != target_user_id:
raise AuthError(403, "Cannot force another user to join.")
elif room.is_public:
pass # anyone can join public rooms.
@@ -123,10 +125,10 @@ class Auth(object):
elif Membership.LEAVE == membership:
if not caller_in_room: # trying to leave a room you aren't joined
raise AuthError(403, "You are not in room %s." % event.room_id)
- elif event.target_user_id != event.user_id:
+ elif target_user_id != event.user_id:
# trying to force another user to leave
raise AuthError(403, "Cannot force %s to leave." %
- event.target_user_id)
+ target_user_id)
else:
raise AuthError(500, "Unknown membership %s" % membership)
diff --git a/synapse/api/constants.py b/synapse/api/constants.py
index 1ff1af76ec..2af5424029 100644
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@@ -23,6 +23,7 @@ class Membership(object):
JOIN = u"join"
KNOCK = u"knock"
LEAVE = u"leave"
+ LIST = (INVITE, JOIN, KNOCK, LEAVE)
class Feedback(object):
diff --git a/synapse/api/events/room.py b/synapse/api/events/room.py
index 42459f3f21..2a7b5e8aba 100644
--- a/synapse/api/events/room.py
+++ b/synapse/api/events/room.py
@@ -13,6 +13,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+from synapse.api.constants import Membership
+from synapse.api.errors import SynapseError
from . import SynapseEvent
@@ -59,15 +61,15 @@ class RoomMemberEvent(SynapseEvent):
TYPE = "m.room.member"
valid_keys = SynapseEvent.valid_keys + [
- "target_user_id", # target
+ # target is the state_key
"membership", # action
]
def __init__(self, **kwargs):
- if "target_user_id" in kwargs:
- kwargs["state_key"] = kwargs["target_user_id"]
if "membership" not in kwargs:
kwargs["membership"] = kwargs.get("content", {}).get("membership")
+ if not kwargs["membership"] in Membership.LIST:
+ raise SynapseError(400, "Bad membership value.")
super(RoomMemberEvent, self).__init__(**kwargs)
def get_content_template(self):
@@ -108,7 +110,7 @@ class InviteJoinEvent(SynapseEvent):
TYPE = "m.room.invite_join"
valid_keys = SynapseEvent.valid_keys + [
- "target_user_id",
+ # target_user_id is the state_key
"target_host",
]
diff --git a/synapse/api/notifier.py b/synapse/api/notifier.py
index 9f622df6bb..ec9c4e513d 100644
--- a/synapse/api/notifier.py
+++ b/synapse/api/notifier.py
@@ -56,11 +56,11 @@ class Notifier(object):
# invites MUST prod the person being invited, who won't be in the room.
if (event.type == RoomMemberEvent.TYPE and
event.content["membership"] == Membership.INVITE):
- member_list.append(event.target_user_id)
+ member_list.append(event.state_key)
# similarly, LEAVEs must be sent to the person leaving
if (event.type == RoomMemberEvent.TYPE and
event.content["membership"] == Membership.LEAVE):
- member_list.append(event.target_user_id)
+ member_list.append(event.state_key)
for user_id in member_list:
if user_id in self.stored_event_listeners:
|
