Check creation event's room_id domain matches sender's

This commit is contained in:
Erik Johnston 2016-07-13 13:07:19 +01:00
parent 10f4856b0c
commit 560c71c735

View File

@ -86,6 +86,13 @@ class Auth(object):
return True return True
if event.type == EventTypes.Create: if event.type == EventTypes.Create:
room_id_domain = get_domain_from_id(event.room_id)
sender_domain = get_domain_from_id(event.sender)
if room_id_domain != sender_domain:
raise AuthError(
403,
"Creation event's room_id domain does not match sender's"
)
# FIXME # FIXME
return True return True