check state_key matches sender user at /send_leave

Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-05-26 16:39:51 -04:00 committed by June 🍓🦴
parent 445015e9ea
commit 50bc7cc005

View file

@ -1540,6 +1540,22 @@ async fn create_leave_event(origin: &ServerName, room_id: &RoomId, pdu: &RawJson
));
}
let state_key: OwnedUserId = serde_json::from_value(
value
.get("state_key")
.ok_or_else(|| Error::BadRequest(ErrorKind::InvalidParam, "PDU does not a state key"))?
.clone()
.into(),
)
.map_err(|_| Error::BadRequest(ErrorKind::BadJson, "State key is invalid or not a user ID"))?;
if state_key != sender {
return Err(Error::BadRequest(
ErrorKind::InvalidParam,
"State key does not match sender user",
));
}
let origin: OwnedServerName = serde_json::from_value(
serde_json::to_value(
value