diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index b32049b064..b944f26f91 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -1204,11 +1204,28 @@ class FederationHandler(BaseHandler):
@defer.inlineCallbacks
@log_function
- def on_make_join_request(self, room_id, user_id):
+ def on_make_join_request(self, origin, room_id, user_id):
""" We've received a /make_join/ request, so we create a partial
join event for the room and return that. We do *not* persist or
process it until the other server has signed it and sent it back.
+
+ Args:
+ origin (str): The (verified) server name of the requesting server.
+ room_id (str): Room to create join event in
+ user_id (str): The user to create the join for
+
+ Returns:
+ Deferred[FrozenEvent]
"""
+
+ if get_domain_from_id(user_id) != origin:
+ logger.info(
+ "Got /make_join request for user %r from different origin %s, ignoring",
+ user_id,
+ origin,
+ )
+ raise SynapseError(403, "User not from origin", Codes.FORBIDDEN)
+
event_content = {"membership": Membership.JOIN}
room_version = yield self.store.get_room_version(room_id)
@@ -1411,11 +1428,27 @@ class FederationHandler(BaseHandler):
@defer.inlineCallbacks
@log_function
- def on_make_leave_request(self, room_id, user_id):
+ def on_make_leave_request(self, origin, room_id, user_id):
""" We've received a /make_leave/ request, so we create a partial
leave event for the room and return that. We do *not* persist or
process it until the other server has signed it and sent it back.
+
+ Args:
+ origin (str): The (verified) server name of the requesting server.
+ room_id (str): Room to create leave event in
+ user_id (str): The user to create the leave for
+
+ Returns:
+ Deferred[FrozenEvent]
"""
+ if get_domain_from_id(user_id) != origin:
+ logger.info(
+ "Got /make_leave request for user %r from different origin %s, ignoring",
+ user_id,
+ origin,
+ )
+ raise SynapseError(403, "User not from origin", Codes.FORBIDDEN)
+
room_version = yield self.store.get_room_version(room_id)
builder = self.event_builder_factory.new(
room_version,
diff --git a/synapse/handlers/receipts.py b/synapse/handlers/receipts.py
index a85dd8cdee..e58bf7e360 100644
--- a/synapse/handlers/receipts.py
+++ b/synapse/handlers/receipts.py
@@ -17,7 +17,7 @@ import logging
from twisted.internet import defer
from synapse.handlers._base import BaseHandler
-from synapse.types import ReadReceipt
+from synapse.types import ReadReceipt, get_domain_from_id
logger = logging.getLogger(__name__)
@@ -40,18 +40,27 @@ class ReceiptsHandler(BaseHandler):
def _received_remote_receipt(self, origin, content):
"""Called when we receive an EDU of type m.receipt from a remote HS.
"""
- receipts = [
- ReadReceipt(
- room_id=room_id,
- receipt_type=receipt_type,
- user_id=user_id,
- event_ids=user_values["event_ids"],
- data=user_values.get("data", {}),
- )
- for room_id, room_values in content.items()
- for receipt_type, users in room_values.items()
- for user_id, user_values in users.items()
- ]
+ receipts = []
+ for room_id, room_values in content.items():
+ for receipt_type, users in room_values.items():
+ for user_id, user_values in users.items():
+ if get_domain_from_id(user_id) != origin:
+ logger.info(
+ "Received receipt for user %r from server %s, ignoring",
+ user_id,
+ origin,
+ )
+ continue
+
+ receipts.append(
+ ReadReceipt(
+ room_id=room_id,
+ receipt_type=receipt_type,
+ user_id=user_id,
+ event_ids=user_values["event_ids"],
+ data=user_values.get("data", {}),
+ )
+ )
yield self._handle_new_receipts(receipts)
|
