Allow appservices to batch send as any local user

2025-08-11 19:30:01 -04:00 · 2023-02-12 15:00:20 +02:00 · 2023-02-12 15:00:20 +02:00 · a7bdc4a1ed
commit a7bdc4a1ed
parent 3ec25f27ab
2 changed files with 7 additions and 3 deletions
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@ -254,7 +254,7 @@ class Auth:
            raise MissingClientTokenError()

    async def validate_appservice_can_control_user_id(
-        self, app_service: ApplicationService, user_id: str
+        self, app_service: ApplicationService, user_id: str, allow_any: bool = False
    ) -> None:
        """Validates that the app service is allowed to control
        the given user.
@ -262,6 +262,7 @@ class Auth:
        Args:
            app_service: The app service that controls the user
            user_id: The author MXID that the app service is controlling
+            allow_any: Allow the appservice to control any local user

        Raises:
            AuthError: If the application service is not allowed to control the user
@ -273,7 +274,7 @@ class Auth:
        if app_service.sender == user_id:
            pass
        # Check to make sure the app service is allowed to control the user
-        elif not app_service.is_interested_in_user(user_id):
+        elif not app_service.is_interested_in_user(user_id) and not allow_any:
            raise AuthError(
                403,
                "Application service cannot masquerade as this user (%s)." % user_id,