Allow appservices to batch send as any local user

This commit is contained in:
Tulir Asokan 2023-02-12 15:00:20 +02:00
parent 3ec25f27ab
commit a7bdc4a1ed
2 changed files with 7 additions and 3 deletions

View File

@ -254,7 +254,7 @@ class Auth:
raise MissingClientTokenError() raise MissingClientTokenError()
async def validate_appservice_can_control_user_id( async def validate_appservice_can_control_user_id(
self, app_service: ApplicationService, user_id: str self, app_service: ApplicationService, user_id: str, allow_any: bool = False
) -> None: ) -> None:
"""Validates that the app service is allowed to control """Validates that the app service is allowed to control
the given user. the given user.
@ -262,6 +262,7 @@ class Auth:
Args: Args:
app_service: The app service that controls the user app_service: The app service that controls the user
user_id: The author MXID that the app service is controlling user_id: The author MXID that the app service is controlling
allow_any: Allow the appservice to control any local user
Raises: Raises:
AuthError: If the application service is not allowed to control the user AuthError: If the application service is not allowed to control the user
@ -273,7 +274,7 @@ class Auth:
if app_service.sender == user_id: if app_service.sender == user_id:
pass pass
# Check to make sure the app service is allowed to control the user # Check to make sure the app service is allowed to control the user
elif not app_service.is_interested_in_user(user_id): elif not app_service.is_interested_in_user(user_id) and not allow_any:
raise AuthError( raise AuthError(
403, 403,
"Application service cannot masquerade as this user (%s)." % user_id, "Application service cannot masquerade as this user (%s)." % user_id,

View File

@ -21,6 +21,7 @@ class RoomBatchHandler:
self.event_creation_handler = hs.get_event_creation_handler() self.event_creation_handler = hs.get_event_creation_handler()
self.room_member_handler = hs.get_room_member_handler() self.room_member_handler = hs.get_room_member_handler()
self.auth = hs.get_auth() self.auth = hs.get_auth()
self.allow_send_any = self.hs.config.meow.appservice_batch_send_any
async def inherit_depth_from_prev_ids(self, prev_event_ids: List[str]) -> int: async def inherit_depth_from_prev_ids(self, prev_event_ids: List[str]) -> int:
"""Finds the depth which would sort it after the most-recent """Finds the depth which would sort it after the most-recent
@ -118,7 +119,9 @@ class RoomBatchHandler:
Requester object Requester object
""" """
await self.auth.validate_appservice_can_control_user_id(app_service, user_id) await self.auth.validate_appservice_can_control_user_id(
app_service, user_id, allow_any=self.allow_send_any
)
return create_requester(user_id, app_service=app_service) return create_requester(user_id, app_service=app_service)