From c70ce49ec0e843d506790ba564e5734e49522cd8 Mon Sep 17 00:00:00 2001 From: strawberry Date: Sat, 13 Jan 2024 21:13:45 -0500 Subject: [PATCH] don't allow non-local users to have their creds modified in Deactivate admin cmds Signed-off-by: strawberry --- src/service/admin/mod.rs | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/src/service/admin/mod.rs b/src/service/admin/mod.rs index fd960398..eb8c93b5 100644 --- a/src/service/admin/mod.rs +++ b/src/service/admin/mod.rs @@ -627,6 +627,14 @@ impl Service { user_id, } => { let user_id = Arc::::from(user_id); + + // check if user belongs to our server + if user_id.server_name() != services().globals.server_name() { + return Ok(RoomMessageEventContent::text_plain(format!( + "User {user_id} does not belong to our server." + ))); + } + if services().users.exists(&user_id)? { RoomMessageEventContent::text_plain(format!( "Making {user_id} leave all rooms before deactivation..." @@ -660,6 +668,13 @@ impl Service { } }; + // check if user belongs to our server + if user_id.server_name() != services().globals.server_name() { + return Ok(RoomMessageEventContent::text_plain(format!( + "User {user_id} does not belong to our server." + ))); + } + // Check if the specified user is valid if !services().users.exists(&user_id)? || user_id @@ -725,6 +740,11 @@ impl Service { } for &user_id in &user_ids { + // check if user belongs to our server and skips over non-local users + if user_id.server_name() != services().globals.server_name() { + continue; + } + if services().users.deactivate_account(user_id).is_ok() { deactivation_count += 1 }