diff options
Diffstat (limited to 'synapse/api')
-rw-r--r-- | synapse/api/auth.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index a4d658a9d0..29b4ac456c 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -86,6 +86,13 @@ class Auth(object): return True if event.type == EventTypes.Create: + room_id_domain = get_domain_from_id(event.room_id) + sender_domain = get_domain_from_id(event.sender) + if room_id_domain != sender_domain: + raise AuthError( + 403, + "Creation event's room_id domain does not match sender's" + ) # FIXME return True |