From 9db1f5a13c32a6a6aea86be65524623a527e0dbe Mon Sep 17 00:00:00 2001 From: Matthias Ahouansou Date: Thu, 2 May 2024 10:45:04 +0100 Subject: [PATCH] fix(admin): don't allow creation of remote users --- Cargo.lock | 1 - src/service/admin/mod.rs | 8 ++++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index c5f2fa2e..8453335a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -432,7 +432,6 @@ dependencies = [ "tracing-flame", "tracing-opentelemetry", "tracing-subscriber", - "trust-dns-resolver", "url", ] diff --git a/src/service/admin/mod.rs b/src/service/admin/mod.rs index 484fc134..ab677f64 100644 --- a/src/service/admin/mod.rs +++ b/src/service/admin/mod.rs @@ -605,6 +605,14 @@ impl Service { ))) } }; + + // Checks if user is local + if user_id.server_name() != services().globals.server_name() { + return Ok(RoomMessageEventContent::text_plain( + "The specified user is not from this server!", + )); + }; + if user_id.is_historical() { return Ok(RoomMessageEventContent::text_plain(format!( "Userid {user_id} is not allowed due to historical"