mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2025-08-03 19:44:13 -04:00
Improve signature checking on some federation APIs (#6262)
Make sure that we check that events sent over /send_join, /send_leave, and /invite, are correctly signed and come from the expected servers.
This commit is contained in:
parent
87259b3a3a
commit
172f264ed3
4 changed files with 28 additions and 7 deletions
|
@ -278,9 +278,7 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
|
|||
pdu_to_check.sender_domain,
|
||||
e.getErrorMessage(),
|
||||
)
|
||||
# XX not really sure if these are the right codes, but they are what
|
||||
# we've done for ages
|
||||
raise SynapseError(400, errmsg, Codes.UNAUTHORIZED)
|
||||
raise SynapseError(403, errmsg, Codes.FORBIDDEN)
|
||||
|
||||
for p, d in zip(pdus_to_check_sender, more_deferreds):
|
||||
d.addErrback(sender_err, p)
|
||||
|
@ -314,8 +312,7 @@ def _check_sigs_on_pdus(keyring, room_version, pdus):
|
|||
"event id %s: unable to verify signature for event id domain: %s"
|
||||
% (pdu_to_check.pdu.event_id, e.getErrorMessage())
|
||||
)
|
||||
# XX as above: not really sure if these are the right codes
|
||||
raise SynapseError(400, errmsg, Codes.UNAUTHORIZED)
|
||||
raise SynapseError(403, errmsg, Codes.FORBIDDEN)
|
||||
|
||||
for p, d in zip(pdus_to_check_event_id, more_deferreds):
|
||||
d.addErrback(event_err, p)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue