mirror of
https://git.anonymousland.org/anonymousland/synapse-product.git
synced 2024-10-01 08:25:44 -04:00
Return 404 or member list when getting joined_members after leaving (#13374)
Signed-off-by: Andrew Doh <andrewddo@gmail.com> Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com> Co-authored-by: Andrew Morgan <andrewm@element.io> Co-authored-by: Brendan Abolivier <babolivier@matrix.org>
This commit is contained in:
parent
503a95804e
commit
78a3111c41
1
changelog.d/13374.bugfix
Normal file
1
changelog.d/13374.bugfix
Normal file
@ -0,0 +1 @@
|
|||||||
|
Fix a bug introduced in Synapse 0.24.0 that would respond with the wrong error status code to `/joined_members` requests when the requester is not a current member of the room. Contributed by @andrewdoh.
|
@ -324,8 +324,10 @@ class MessageHandler:
|
|||||||
room_id, user_id, allow_departed_users=True
|
room_id, user_id, allow_departed_users=True
|
||||||
)
|
)
|
||||||
if membership != Membership.JOIN:
|
if membership != Membership.JOIN:
|
||||||
raise NotImplementedError(
|
raise SynapseError(
|
||||||
"Getting joined members after leaving is not implemented"
|
code=403,
|
||||||
|
errcode=Codes.FORBIDDEN,
|
||||||
|
msg="Getting joined members while not being a current member of the room is forbidden.",
|
||||||
)
|
)
|
||||||
|
|
||||||
users_with_profile = await self.store.get_users_in_room_with_profiles(room_id)
|
users_with_profile = await self.store.get_users_in_room_with_profiles(room_id)
|
||||||
|
@ -1772,6 +1772,21 @@ class RoomTestCase(unittest.HomeserverTestCase):
|
|||||||
tok=admin_user_tok,
|
tok=admin_user_tok,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def test_get_joined_members_after_leave_room(self) -> None:
|
||||||
|
"""Test that requesting room members after leaving the room raises a 403 error."""
|
||||||
|
|
||||||
|
# create the room
|
||||||
|
user = self.register_user("foo", "pass")
|
||||||
|
user_tok = self.login("foo", "pass")
|
||||||
|
room_id = self.helper.create_room_as(user, tok=user_tok)
|
||||||
|
self.helper.leave(room_id, user, tok=user_tok)
|
||||||
|
|
||||||
|
# delete the rooms and get joined roomed membership
|
||||||
|
url = f"/_matrix/client/r0/rooms/{room_id}/joined_members"
|
||||||
|
channel = self.make_request("GET", url.encode("ascii"), access_token=user_tok)
|
||||||
|
self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.json_body)
|
||||||
|
self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
|
||||||
|
|
||||||
|
|
||||||
class JoinAliasRoomTestCase(unittest.HomeserverTestCase):
|
class JoinAliasRoomTestCase(unittest.HomeserverTestCase):
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user