diff --git a/synapse/rest/client/room.py b/synapse/rest/client/room.py
index fb4d44211e..903c74f6d8 100644
--- a/synapse/rest/client/room.py
+++ b/synapse/rest/client/room.py
@@ -292,6 +292,9 @@ class RoomStateEventRestServlet(RestServlet):
try:
if event_type == EventTypes.Member:
membership = content.get("membership", None)
+ if not isinstance(membership, str):
+ raise SynapseError(400, "Invalid membership (must be a string)")
+
event_id, _ = await self.room_member_handler.update_membership(
requester,
target=UserID.from_string(state_key),
@@ -414,6 +417,7 @@ class JoinRoomAliasServlet(ResolveRoomIdMixin, TransactionRestServlet):
super().__init__(hs)
super(ResolveRoomIdMixin, self).__init__(hs) # ensure the Mixin is set up
self.auth = hs.get_auth()
+ self._support_via = hs.config.experimental.msc4156_enabled
def register(self, http_server: HttpServer) -> None:
# /join/$room_identifier[/$txn_id]
@@ -432,6 +436,13 @@ class JoinRoomAliasServlet(ResolveRoomIdMixin, TransactionRestServlet):
# twisted.web.server.Request.args is incorrectly defined as Optional[Any]
args: Dict[bytes, List[bytes]] = request.args # type: ignore
remote_room_hosts = parse_strings_from_args(args, "server_name", required=False)
+ if self._support_via:
+ remote_room_hosts = parse_strings_from_args(
+ args,
+ "org.matrix.msc4156.via",
+ default=remote_room_hosts,
+ required=False,
+ )
room_id, remote_room_hosts = await self.resolve_room_id(
room_identifier,
remote_room_hosts,
@@ -499,7 +510,7 @@ class PublicRoomListRestServlet(RestServlet):
if server:
raise e
- limit: Optional[int] = parse_integer(request, "limit", 0, negative=False)
+ limit: Optional[int] = parse_integer(request, "limit", 0)
since_token = parse_string(request, "since")
if limit == 0:
@@ -1109,6 +1120,20 @@ class RoomRedactEventRestServlet(TransactionRestServlet):
) -> Tuple[int, JsonDict]:
content = parse_json_object_from_request(request)
+ requester_suspended = await self._store.get_user_suspended_status(
+ requester.user.to_string()
+ )
+
+ if requester_suspended:
+ event = await self._store.get_event(event_id, allow_none=True)
+ if event:
+ if event.sender != requester.user.to_string():
+ raise SynapseError(
+ 403,
+ "You can only redact your own events while account is suspended.",
+ Codes.USER_ACCOUNT_SUSPENDED,
+ )
+
# Ensure the redacts property in the content matches the one provided in
# the URL.
room_version = await self._store.get_room_version(room_id)
@@ -1419,16 +1444,7 @@ class RoomHierarchyRestServlet(RestServlet):
requester = await self._auth.get_user_by_req(request, allow_guest=True)
max_depth = parse_integer(request, "max_depth")
- if max_depth is not None and max_depth < 0:
- raise SynapseError(
- 400, "'max_depth' must be a non-negative integer", Codes.BAD_JSON
- )
-
limit = parse_integer(request, "limit")
- if limit is not None and limit <= 0:
- raise SynapseError(
- 400, "'limit' must be a positive integer", Codes.BAD_JSON
- )
return 200, await self._room_summary_handler.get_room_hierarchy(
requester,
|
