From 5ebc994f841508beb48f06d22073e08845c5f593 Mon Sep 17 00:00:00 2001
From: "Paul \"LeoNerd\" Evans" <paul@matrix.org>
Date: Thu, 11 Dec 2014 18:11:43 +0000
Subject: Actually auth-check to ensure people can only send typing
 notifications for rooms they're actually in

---
 synapse/handlers/typing.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'synapse')

diff --git a/synapse/handlers/typing.py b/synapse/handlers/typing.py
index c55221c6df..fa903c251c 100644
--- a/synapse/handlers/typing.py
+++ b/synapse/handlers/typing.py
@@ -67,6 +67,8 @@ class TypingNotificationHandler(BaseHandler):
         if target_user != auth_user:
             raise AuthError(400, "Cannot set another user's typing state")
 
+        yield self.auth.check_joined_room(room_id, target_user.to_string())
+
         logger.debug(
             "%s has started typing in %s", target_user.to_string(), room_id
         )
@@ -102,6 +104,8 @@ class TypingNotificationHandler(BaseHandler):
         if target_user != auth_user:
             raise AuthError(400, "Cannot set another user's typing state")
 
+        yield self.auth.check_joined_room(room_id, target_user.to_string())
+
         logger.debug(
             "%s has stopped typing in %s", target_user.to_string(), room_id
         )
-- 
cgit 1.4.1