From de810f92b5b3ca564935a36597e648e63578d833 Mon Sep 17 00:00:00 2001
From: Will Hunt <will@half-shot.uk>
Date: Thu, 11 Jul 2019 15:01:09 +0100
Subject: Return 403 when hitting presence endpoints while presence is
 disabled.

---
 synapse/rest/client/v1/presence.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'synapse')

diff --git a/synapse/rest/client/v1/presence.py b/synapse/rest/client/v1/presence.py
index 3e87f0fdb3..cb4c47451e 100644
--- a/synapse/rest/client/v1/presence.py
+++ b/synapse/rest/client/v1/presence.py
@@ -45,6 +45,10 @@ class PresenceStatusRestServlet(RestServlet):
         requester = yield self.auth.get_user_by_req(request)
         user = UserID.from_string(user_id)
 
+        if not self.hs.config.use_presence:
+            raise AuthError(403, "Presence is disabled on this homeserver")
+
+
         if requester.user != user:
             allowed = yield self.presence_handler.is_visible(
                 observed_user=user, observer_user=requester.user
@@ -63,6 +67,9 @@ class PresenceStatusRestServlet(RestServlet):
         requester = yield self.auth.get_user_by_req(request)
         user = UserID.from_string(user_id)
 
+        if not self.hs.config.use_presence:
+            raise AuthError(403, "Presence is disabled on this homeserver")
+
         if requester.user != user:
             raise AuthError(403, "Can only set your own presence state")
 
@@ -85,8 +92,7 @@ class PresenceStatusRestServlet(RestServlet):
         except Exception:
             raise SynapseError(400, "Unable to parse state")
 
-        if self.hs.config.use_presence:
-            yield self.presence_handler.set_state(user, state)
+        yield self.presence_handler.set_state(user, state)
 
         defer.returnValue((200, {}))
 
-- 
cgit 1.5.1