From a124025dab9f64b72cac0ae42c2e0a78f58f301f Mon Sep 17 00:00:00 2001 From: Neil Johnson Date: Tue, 29 Jan 2019 11:37:56 +0000 Subject: enforce auth for capabilities endpoint --- synapse/rest/client/v2_alpha/capabilities.py | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'synapse/rest') diff --git a/synapse/rest/client/v2_alpha/capabilities.py b/synapse/rest/client/v2_alpha/capabilities.py index 61319a7a2e..767e6c9798 100644 --- a/synapse/rest/client/v2_alpha/capabilities.py +++ b/synapse/rest/client/v2_alpha/capabilities.py @@ -12,6 +12,7 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. +from twisted.internet import defer from synapse.http.servlet import RestServlet @@ -28,20 +29,26 @@ class CapabilitiesRestServlet(RestServlet): """ super(CapabilitiesRestServlet, self).__init__() self.hs = hs + self.auth = hs.get_auth() + @defer.inlineCallbacks def on_GET(self, request): - return 200, { - "capabilities": { - "m.room_versions": { - "default": "1", - "available": { - "1": "stable", - "2": "stable", - "state-v2-test": "unstable", + + yield self.auth.get_user_by_req(request, allow_guest=True) + defer.returnValue( + (200, { + "capabilities": { + "m.room_versions": { + "default": "1", + "available": { + "1": "stable", + "2": "stable", + "state-v2-test": "unstable", + } } } - } - } + }) + ) def register_servlets(hs, http_server): -- cgit 1.4.1