Drop support for calling /_matrix/client/v3/rooms/{roomId}/invite without an id_access_token (#13241)

Fixes #13206 Signed-off-by: Jacek Kusnierz jacek.kusnierz@tum.de
2025-06-25 14:30:28 -04:00 · 2022-08-31 14:10:25 +02:00 · 2022-08-31 14:10:25 +02:00 · 84ddcd7bbf
commit 84ddcd7bbf
parent 42b11d5565
9 changed files with 81 additions and 137 deletions
--- a/synapse/rest/client/room.py
+++ b/synapse/rest/client/room.py
@ -17,6 +17,7 @@
 import logging
 import re
 from enum import Enum
+from http import HTTPStatus
 from typing import TYPE_CHECKING, Awaitable, Dict, List, Optional, Tuple
 from urllib import parse as urlparse

@ -947,7 +948,16 @@ class RoomMembershipRestServlet(TransactionRestServlet):
            # cheekily send invalid bodies.
            content = {}

-        if membership_action == "invite" and self._has_3pid_invite_keys(content):
+        if membership_action == "invite" and all(
+            key in content for key in ("medium", "address")
+        ):
+            if not all(key in content for key in ("id_server", "id_access_token")):
+                raise SynapseError(
+                    HTTPStatus.BAD_REQUEST,
+                    "`id_server` and `id_access_token` are required when doing 3pid invite",
+                    Codes.MISSING_PARAM,
+                )
+
            try:
                await self.room_member_handler.do_3pid_invite(
                    room_id,
@ -957,7 +967,7 @@ class RoomMembershipRestServlet(TransactionRestServlet):
                    content["id_server"],
                    requester,
                    txn_id,
-                    content.get("id_access_token"),
+                    content["id_access_token"],
                )
            except ShadowBanError:
                # Pretend the request succeeded.
@ -994,12 +1004,6 @@ class RoomMembershipRestServlet(TransactionRestServlet):

        return 200, return_value

-    def _has_3pid_invite_keys(self, content: JsonDict) -> bool:
-        for key in {"id_server", "medium", "address"}:
-            if key not in content:
-                return False
-        return True
-
    def on_PUT(
        self, request: SynapseRequest, room_id: str, membership_action: str, txn_id: str
    ) -> Awaitable[Tuple[int, JsonDict]]: