mirror of
https://mau.dev/maunium/synapse.git
synced 2024-10-01 01:36:05 -04:00
5c24d7b9eb
* Check required power levels earlier in createRoom handler. - If a server was configured to reject the creation of rooms with E2EE enabled (by specifying an unattainably high power level for "m.room.encryption" in default_power_level_content_override), the 403 error was not being triggered until after the room was created and before the "m.room.power_levels" was sent. This allowed a user to access the partially-configured room and complete the setup of E2EE and power levels manually. - This change causes the power level overrides to be checked earlier and the request to be rejected before the user gains access to the room. - A new `_validate_room_config` method is added to contain checks that should be run before a room is created. - The new test case confirms that a user request is rejected by the new validation method. Signed-off-by: Grant McLean <grant@catalyst.net.nz> * Add a changelog file. * Formatting fix for black. * Remove unneeded line from test. --------- Signed-off-by: Grant McLean <grant@catalyst.net.nz> |
||
---|---|---|
.. | ||
_scripts | ||
api | ||
app | ||
appservice | ||
config | ||
crypto | ||
events | ||
federation | ||
handlers | ||
http | ||
logging | ||
media | ||
metrics | ||
module_api | ||
push | ||
replication | ||
res | ||
rest | ||
server_notices | ||
spam_checker_api | ||
state | ||
static | ||
storage | ||
streams | ||
types | ||
util | ||
__init__.py | ||
event_auth.py | ||
notifier.py | ||
py.typed | ||
server.py | ||
visibility.py |