Check creation event's room_id domain matches sender's

pull/919/head
Erik Johnston 2016-07-13 13:07:19 +01:00
parent 10f4856b0c
commit 560c71c735
1 changed files with 7 additions and 0 deletions

View File

@ -86,6 +86,13 @@ class Auth(object):
return True return True
if event.type == EventTypes.Create: if event.type == EventTypes.Create:
room_id_domain = get_domain_from_id(event.room_id)
sender_domain = get_domain_from_id(event.sender)
if room_id_domain != sender_domain:
raise AuthError(
403,
"Creation event's room_id domain does not match sender's"
)
# FIXME # FIXME
return True return True