forked-synapse/synapse
Grant McLean 5c24d7b9eb
Check required power levels earlier in createRoom handler. (#15695)
* Check required power levels earlier in createRoom handler.

- If a server was configured to reject the creation of rooms with E2EE
  enabled (by specifying an unattainably high power level for
  "m.room.encryption" in default_power_level_content_override), the 403
  error was not being triggered until after the room was created and
  before the "m.room.power_levels" was sent.  This allowed a user to
  access the partially-configured room and complete the setup of E2EE
  and power levels manually.

- This change causes the power level overrides to be checked earlier and
  the request to be rejected before the user gains access to the room.

- A new `_validate_room_config` method is added to contain checks that
  should be run before a room is created.

- The new test case confirms that a user request is rejected by the new
  validation method.

Signed-off-by: Grant McLean <grant@catalyst.net.nz>

* Add a changelog file.

* Formatting fix for black.

* Remove unneeded line from test.

---------

Signed-off-by: Grant McLean <grant@catalyst.net.nz>
2023-06-07 16:21:25 +01:00
..
_scripts Add an admin API endpoint to support per-user feature flags (#15344) 2023-04-28 11:33:45 -07:00
api Stabilize support for MSC3952: Intentional mentions. (#15520) 2023-06-06 09:11:07 +01:00
app Remove old R30 because R30v2 supercedes it (#10428) 2023-05-19 11:13:44 -05:00
appservice Consolidate logic to check for deactivated users. (#15634) 2023-05-23 10:35:43 -04:00
config Stabilize support for MSC3952: Intentional mentions. (#15520) 2023-06-06 09:11:07 +01:00
crypto Factor out an is_mine_server_name method (#15542) 2023-05-05 15:06:22 +01:00
events Stabilize support for MSC3952: Intentional mentions. (#15520) 2023-06-06 09:11:07 +01:00
federation Update error to more plainly explain we can only authorize our own events (#15725) 2023-06-06 16:26:12 -05:00
handlers Check required power levels earlier in createRoom handler. (#15695) 2023-06-07 16:21:25 +01:00
http Add context for when/why to use the long_retries option when sending Federation requests (#15721) 2023-06-06 16:25:03 -05:00
logging Trace functions which return Awaitable (#15650) 2023-06-06 17:39:22 -05:00
media Add stubs package for lxml. (#15697) 2023-05-31 17:06:57 +00:00
metrics Bump black from 22.12.0 to 23.1.0 (#15103) 2023-02-22 15:29:09 -05:00
module_api N + 3: Read from column full_user_id rather than user_id of tables profiles and user_filters (#15649) 2023-06-02 17:24:13 -07:00
push Stabilize support for MSC3952: Intentional mentions. (#15520) 2023-06-06 09:11:07 +01:00
replication Add Unix socket support for Redis connections (#15644) 2023-05-26 15:28:39 -04:00
res Use oEmbed for YouTube Shorts (#15025) 2023-05-03 12:54:42 -04:00
rest Remove some unused server_name fields (#15723) 2023-06-06 12:32:29 +01:00
server_notices Remove unused room_alias field from /createRoom response (#15093) 2023-02-22 11:07:28 +00:00
spam_checker_api Fix import in module_api module and docs on the new check_event_for_spam signature (#12918) 2022-05-31 12:04:53 +02:00
state Instrument state and state_group storage related things (tracing) (#15610) 2023-05-19 12:26:58 -05:00
static Remove registration fallback code. (#15405) 2023-04-13 11:36:29 -04:00
storage Merge branch 'master' into develop 2023-06-07 14:45:19 +01:00
streams Use mypy 1.0 (#15052) 2023-02-16 16:09:11 +00:00
types Save the scopes in the requester 2023-05-30 09:43:06 -04:00
util Add stricter mypy options (#15694) 2023-05-31 07:18:29 -04:00
__init__.py Use immutabledict instead of frozendict (#15113) 2023-03-22 17:15:34 +00:00
event_auth.py Reject instead of erroring on invalid membership events. (#15564) 2023-05-15 15:01:29 -04:00
notifier.py Move ThirdPartyEventRules into module_api/callbacks (#15535) 2023-05-04 14:18:22 +00:00
py.typed Mark Module API error imports as re-exported and mark Synapse as containing type annotations (#11054) 2021-10-13 08:42:41 +01:00
server.py Refactor config to be an experimental feature 2023-05-30 09:43:06 -04:00
visibility.py Log when events are (unexpectedly) filtered out of responses in tests (#14213) 2023-06-01 21:27:18 -05:00