check user ID server against ACLs for /make_join

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-05-26 15:29:49 -04:00 committed by June 🍓🦴
parent 81bf4b7150
commit 3981e77ec6

View file

@ -880,7 +880,20 @@ pub(crate) async fn create_join_event_template_route(
services() services()
.rooms .rooms
.event_handler .event_handler
.acl_check(sender_servername, &body.room_id)?; .acl_check(origin, &body.room_id)?;
// ACL check invited user server name
services()
.rooms
.event_handler
.acl_check(body.user_id.server_name(), &body.room_id)?;
if body.user_id.server_name() != origin {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"Not allowed to join on behalf of another server/user",
));
}
if services() if services()
.globals .globals