mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-12-26 11:19:22 -05:00
Check sender signed event
This commit is contained in:
parent
2cb758ac75
commit
ebdafd8114
@ -63,7 +63,7 @@ class Auth(object):
|
|||||||
"user_id = ",
|
"user_id = ",
|
||||||
])
|
])
|
||||||
|
|
||||||
def check(self, event, auth_events):
|
def check(self, event, auth_events, do_sig_check=True):
|
||||||
""" Checks if this event is correctly authed.
|
""" Checks if this event is correctly authed.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
@ -79,6 +79,13 @@ class Auth(object):
|
|||||||
|
|
||||||
if not hasattr(event, "room_id"):
|
if not hasattr(event, "room_id"):
|
||||||
raise AuthError(500, "Event has no room_id: %s" % event)
|
raise AuthError(500, "Event has no room_id: %s" % event)
|
||||||
|
|
||||||
|
sender_domain = get_domain_from_id(event.sender)
|
||||||
|
|
||||||
|
# Check the sender's domain has signed the event
|
||||||
|
if do_sig_check and not event.signatures.get(sender_domain):
|
||||||
|
raise AuthError(403, "Event not signed by sending server")
|
||||||
|
|
||||||
if auth_events is None:
|
if auth_events is None:
|
||||||
# Oh, we don't know what the state of the room was, so we
|
# Oh, we don't know what the state of the room was, so we
|
||||||
# are trusting that this is allowed (at least for now)
|
# are trusting that this is allowed (at least for now)
|
||||||
@ -87,7 +94,6 @@ class Auth(object):
|
|||||||
|
|
||||||
if event.type == EventTypes.Create:
|
if event.type == EventTypes.Create:
|
||||||
room_id_domain = get_domain_from_id(event.room_id)
|
room_id_domain = get_domain_from_id(event.room_id)
|
||||||
sender_domain = get_domain_from_id(event.sender)
|
|
||||||
if room_id_domain != sender_domain:
|
if room_id_domain != sender_domain:
|
||||||
raise AuthError(
|
raise AuthError(
|
||||||
403,
|
403,
|
||||||
|
@ -688,7 +688,7 @@ class FederationHandler(BaseHandler):
|
|||||||
logger.warn("Failed to create join %r because %s", event, e)
|
logger.warn("Failed to create join %r because %s", event, e)
|
||||||
raise e
|
raise e
|
||||||
|
|
||||||
self.auth.check(event, auth_events=context.current_state)
|
self.auth.check(event, auth_events=context.current_state, do_sig_check=False)
|
||||||
|
|
||||||
defer.returnValue(event)
|
defer.returnValue(event)
|
||||||
|
|
||||||
@ -918,7 +918,7 @@ class FederationHandler(BaseHandler):
|
|||||||
)
|
)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.auth.check(event, auth_events=context.current_state)
|
self.auth.check(event, auth_events=context.current_state, do_sig_check=False)
|
||||||
except AuthError as e:
|
except AuthError as e:
|
||||||
logger.warn("Failed to create new leave %r because %s", event, e)
|
logger.warn("Failed to create new leave %r because %s", event, e)
|
||||||
raise e
|
raise e
|
||||||
|
@ -379,7 +379,7 @@ class StateHandler(object):
|
|||||||
try:
|
try:
|
||||||
# FIXME: hs.get_auth() is bad style, but we need to do it to
|
# FIXME: hs.get_auth() is bad style, but we need to do it to
|
||||||
# get around circular deps.
|
# get around circular deps.
|
||||||
self.hs.get_auth().check(event, auth_events)
|
self.hs.get_auth().check(event, auth_events, do_sig_check=False)
|
||||||
prev_event = event
|
prev_event = event
|
||||||
except AuthError:
|
except AuthError:
|
||||||
return prev_event
|
return prev_event
|
||||||
@ -391,7 +391,7 @@ class StateHandler(object):
|
|||||||
try:
|
try:
|
||||||
# FIXME: hs.get_auth() is bad style, but we need to do it to
|
# FIXME: hs.get_auth() is bad style, but we need to do it to
|
||||||
# get around circular deps.
|
# get around circular deps.
|
||||||
self.hs.get_auth().check(event, auth_events)
|
self.hs.get_auth().check(event, auth_events, do_sig_check=False)
|
||||||
return event
|
return event
|
||||||
except AuthError:
|
except AuthError:
|
||||||
pass
|
pass
|
||||||
|
Loading…
Reference in New Issue
Block a user