check user ID server against ACLs for /make_join
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
parent
81bf4b7150
commit
3981e77ec6
1 changed files with 14 additions and 1 deletions
|
@ -880,7 +880,20 @@ pub(crate) async fn create_join_event_template_route(
|
||||||
services()
|
services()
|
||||||
.rooms
|
.rooms
|
||||||
.event_handler
|
.event_handler
|
||||||
.acl_check(sender_servername, &body.room_id)?;
|
.acl_check(origin, &body.room_id)?;
|
||||||
|
|
||||||
|
// ACL check invited user server name
|
||||||
|
services()
|
||||||
|
.rooms
|
||||||
|
.event_handler
|
||||||
|
.acl_check(body.user_id.server_name(), &body.room_id)?;
|
||||||
|
|
||||||
|
if body.user_id.server_name() != origin {
|
||||||
|
return Err(Error::BadRequest(
|
||||||
|
ErrorKind::InvalidParam,
|
||||||
|
"Not allowed to join on behalf of another server/user",
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
if services()
|
if services()
|
||||||
.globals
|
.globals
|
||||||
|
|
Loading…
Add table
Reference in a new issue