From 5c24d7b9ebd8dec2c76dac5118cee22a1bb1032a Mon Sep 17 00:00:00 2001
From: Grant McLean <grant@catalyst.net.nz>
Date: Thu, 8 Jun 2023 03:21:25 +1200
Subject: Check required power levels earlier in createRoom handler. (#15695)

* Check required power levels earlier in createRoom handler.

- If a server was configured to reject the creation of rooms with E2EE
  enabled (by specifying an unattainably high power level for
  "m.room.encryption" in default_power_level_content_override), the 403
  error was not being triggered until after the room was created and
  before the "m.room.power_levels" was sent.  This allowed a user to
  access the partially-configured room and complete the setup of E2EE
  and power levels manually.

- This change causes the power level overrides to be checked earlier and
  the request to be rejected before the user gains access to the room.

- A new `_validate_room_config` method is added to contain checks that
  should be run before a room is created.

- The new test case confirms that a user request is rejected by the new
  validation method.

Signed-off-by: Grant McLean <grant@catalyst.net.nz>

* Add a changelog file.

* Formatting fix for black.

* Remove unneeded line from test.

---------

Signed-off-by: Grant McLean <grant@catalyst.net.nz>
---
 changelog.d/15695.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/15695.bugfix

(limited to 'changelog.d')

diff --git a/changelog.d/15695.bugfix b/changelog.d/15695.bugfix
new file mode 100644
index 0000000000..99bf1fe05e
--- /dev/null
+++ b/changelog.d/15695.bugfix
@@ -0,0 +1 @@
+Check permissions for enabling encryption earlier during room creation to avoid creating broken rooms.
-- 
cgit 1.4.1