Merge branch 'develop' into daniel/3pidinvites

2025-05-02 09:06:06 -04:00 · 2015-10-05 10:33:41 -05:00 · 2015-10-05 10:33:41 -05:00 · 58e6a58eb7
commit 58e6a58eb7
parent 5b3e9713dd 40017a9a11
10 changed files with 220 additions and 85 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -20,9 +20,9 @@ from twisted.internet import defer

 from synapse.api.constants import EventTypes, Membership, JoinRules
 from synapse.api.errors import AuthError, Codes, SynapseError
+from synapse.types import RoomID, UserID, EventID
 from synapse.util.logutils import log_function
 from synapse.util.thirdpartyinvites import ThirdPartyInvites
-from synapse.types import UserID, EventID
 from unpaddedbase64 import decode_base64

 import logging
@ -85,6 +85,15 @@ class Auth(object):
                    "Room %r does not exist" % (event.room_id,)
                )

+            creating_domain = RoomID.from_string(event.room_id).domain
+            originating_domain = UserID.from_string(event.sender).domain
+            if creating_domain != originating_domain:
+                if not self.can_federate(event, auth_events):
+                    raise AuthError(
+                        403,
+                        "This room has been marked as unfederatable."
+                    )
+
            # FIXME: Temp hack
            if event.type == EventTypes.Aliases:
                return True
@ -224,6 +233,11 @@ class Auth(object):
                user_id, room_id, repr(member)
            ))

+    def can_federate(self, event, auth_events):
+        creation_event = auth_events.get((EventTypes.Create, ""))
+
+        return creation_event.content.get("m.federate", True) is True
+
    @log_function
    def is_membership_change_allowed(self, event, auth_events):
        membership = event.content["membership"]
@ -239,6 +253,15 @@ class Auth(object):

        target_user_id = event.state_key

+        creating_domain = RoomID.from_string(event.room_id).domain
+        target_domain = UserID.from_string(target_user_id).domain
+        if creating_domain != target_domain:
+            if not self.can_federate(event, auth_events):
+                raise AuthError(
+                    403,
+                    "This room has been marked as unfederatable."
+                )
+
        # get info about the caller
        key = (EventTypes.Member, event.user_id, )
        caller = auth_events.get(key)
--- a/synapse/api/constants.py
+++ b/synapse/api/constants.py
@ -84,3 +84,4 @@ class RejectedReason(object):
 class RoomCreationPreset(object):
    PRIVATE_CHAT = "private_chat"
    PUBLIC_CHAT = "public_chat"
+    TRUSTED_PRIVATE_CHAT = "trusted_private_chat"