dont allow creating remote users in admin room

Signed-off-by: strawberry <strawberry@puppygock.gay>
2024-05-02 16:51:43 -04:00 · 2024-05-02 16:51:43 -04:00 · 75b9332917
commit 75b9332917
parent de26bf22dc
1 changed files with 9 additions and 1 deletions
--- a/src/service/admin/user/user_commands.rs
+++ b/src/service/admin/user/user_commands.rs
@ -6,7 +6,9 @@ use tracing::{error, info, warn};
 use crate::{
 	api::client_server::{join_room_by_id_helper, leave_all_rooms, AUTO_GEN_PASSWORD_LENGTH},
 	service::admin::{escape_html, get_room_info},
-	services, utils, Result,
+	services,
+	utils::{self, user_id::user_is_local},
+	Result,
 };

 pub(crate) async fn list(_body: Vec<&str>) -> Result<RoomMessageEventContent> {
@ -36,6 +38,12 @@ pub(crate) async fn create(
 			},
 		};

+	if !user_is_local(&user_id) {
+		return Ok(RoomMessageEventContent::text_plain(format!(
+			"User {user_id} does not belong to our server."
+		)));
+	}
+
 	if user_id.is_historical() {
 		return Ok(RoomMessageEventContent::text_plain(format!(
 			"Userid {user_id} is not allowed due to historical"