Return 404 or member list when getting joined_members after leaving (#13374)

Signed-off-by: Andrew Doh <andrewddo@gmail.com>
Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
Co-authored-by: Andrew Morgan <andrewm@element.io>
Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
This commit is contained in:
andrew do 2022-08-03 05:26:31 -07:00 committed by GitHub
parent 503a95804e
commit 78a3111c41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 20 additions and 2 deletions

1
changelog.d/13374.bugfix Normal file
View File

@ -0,0 +1 @@
Fix a bug introduced in Synapse 0.24.0 that would respond with the wrong error status code to `/joined_members` requests when the requester is not a current member of the room. Contributed by @andrewdoh.

View File

@ -324,8 +324,10 @@ class MessageHandler:
room_id, user_id, allow_departed_users=True room_id, user_id, allow_departed_users=True
) )
if membership != Membership.JOIN: if membership != Membership.JOIN:
raise NotImplementedError( raise SynapseError(
"Getting joined members after leaving is not implemented" code=403,
errcode=Codes.FORBIDDEN,
msg="Getting joined members while not being a current member of the room is forbidden.",
) )
users_with_profile = await self.store.get_users_in_room_with_profiles(room_id) users_with_profile = await self.store.get_users_in_room_with_profiles(room_id)

View File

@ -1772,6 +1772,21 @@ class RoomTestCase(unittest.HomeserverTestCase):
tok=admin_user_tok, tok=admin_user_tok,
) )
def test_get_joined_members_after_leave_room(self) -> None:
"""Test that requesting room members after leaving the room raises a 403 error."""
# create the room
user = self.register_user("foo", "pass")
user_tok = self.login("foo", "pass")
room_id = self.helper.create_room_as(user, tok=user_tok)
self.helper.leave(room_id, user, tok=user_tok)
# delete the rooms and get joined roomed membership
url = f"/_matrix/client/r0/rooms/{room_id}/joined_members"
channel = self.make_request("GET", url.encode("ascii"), access_token=user_tok)
self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.json_body)
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
class JoinAliasRoomTestCase(unittest.HomeserverTestCase): class JoinAliasRoomTestCase(unittest.HomeserverTestCase):