Matrix-Mirrors/anonymousland-synapse
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse.git synced 2025-02-17 20:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Only require consent for events with an associated request

Browse Source 
There are a number of instances where a server or admin may puppet a
user to join/leave rooms, which we don't want to fail if the user has
not consented to the privacy policy. We fix this by adding a check to
test if the requester has an associated access_token, which is used as a
proxy to answer the question of whether the action is being done on
behalf of a real request from the user.
This commit is contained in:
Erik Johnston 2019-03-20 16:50:23 +00:00
parent 67d618e111
commit 74c46d81fa
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
synapse/handlers/message.py
View File

@ -316,8 +316,12 @@ class EventCreationHandler(object):
target, e target, e
) )
# Check if the user has accepted the privacy policy. We only do this if
# the requester has an associated access_token_id, which indicates that
# this action came from a user request rather than an automatice server
# or admin action.
is_exempt = yield self._is_exempt_from_privacy_policy(builder, requester) is_exempt = yield self._is_exempt_from_privacy_policy(builder, requester)
if not is_exempt: if requester.access_token_id and not is_exempt:
yield self.assert_accepted_privacy_policy(requester) yield self.assert_accepted_privacy_policy(requester)
if token_id is not None: if token_id is not None: