Actually auth-check to ensure people can only send typing notifications for rooms they're actually in
Paul "LeoNerd" Evans
parent
966c4b2b04
commit
5ebc994f84
|
|
@ -67,6 +67,8 @@ class TypingNotificationHandler(BaseHandler):
|
||||||
if target_user != auth_user:
|
if target_user != auth_user:
|
||||||
raise AuthError(400, "Cannot set another user's typing state")
|
raise AuthError(400, "Cannot set another user's typing state")
|
||||||
|
|
||||||
|
yield self.auth.check_joined_room(room_id, target_user.to_string())
|
||||||
|
|
||||||
logger.debug(
|
logger.debug(
|
||||||
"%s has started typing in %s", target_user.to_string(), room_id
|
"%s has started typing in %s", target_user.to_string(), room_id
|
||||||
)
|
)
|
||||||
|
|
@ -102,6 +104,8 @@ class TypingNotificationHandler(BaseHandler):
|
||||||
if target_user != auth_user:
|
if target_user != auth_user:
|
||||||
raise AuthError(400, "Cannot set another user's typing state")
|
raise AuthError(400, "Cannot set another user's typing state")
|
||||||
|
|
||||||
|
yield self.auth.check_joined_room(room_id, target_user.to_string())
|
||||||
|
|
||||||
logger.debug(
|
logger.debug(
|
||||||
"%s has stopped typing in %s", target_user.to_string(), room_id
|
"%s has stopped typing in %s", target_user.to_string(), room_id
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,7 @@ import json
|
||||||
|
|
||||||
from ..utils import MockHttpResource, MockClock, DeferredMockCallable, MockKey
|
from ..utils import MockHttpResource, MockClock, DeferredMockCallable, MockKey
|
||||||
|
|
||||||
|
from synapse.api.errors import AuthError
|
||||||
from synapse.server import HomeServer
|
from synapse.server import HomeServer
|
||||||
from synapse.handlers.typing import TypingNotificationHandler
|
from synapse.handlers.typing import TypingNotificationHandler
|
||||||
|
|
||||||
|
|
@ -68,7 +69,10 @@ class TypingNotificationsTestCase(unittest.TestCase):
|
||||||
mock_notifier = Mock(spec=["on_new_user_event"])
|
mock_notifier = Mock(spec=["on_new_user_event"])
|
||||||
self.on_new_user_event = mock_notifier.on_new_user_event
|
self.on_new_user_event = mock_notifier.on_new_user_event
|
||||||
|
|
||||||
|
self.auth = Mock(spec=[])
|
||||||
|
|
||||||
hs = HomeServer("test",
|
hs = HomeServer("test",
|
||||||
|
auth=self.auth,
|
||||||
clock=self.clock,
|
clock=self.clock,
|
||||||
db_pool=None,
|
db_pool=None,
|
||||||
datastore=Mock(spec=[
|
datastore=Mock(spec=[
|
||||||
|
|
@ -142,6 +146,12 @@ class TypingNotificationsTestCase(unittest.TestCase):
|
||||||
self.room_member_handler.fetch_room_distributions_into = (
|
self.room_member_handler.fetch_room_distributions_into = (
|
||||||
fetch_room_distributions_into)
|
fetch_room_distributions_into)
|
||||||
|
|
||||||
|
def check_joined_room(room_id, user_id):
|
||||||
|
if user_id not in [u.to_string() for u in self.room_members]:
|
||||||
|
raise AuthError(401, "User is not in the room")
|
||||||
|
|
||||||
|
self.auth.check_joined_room = check_joined_room
|
||||||
|
|
||||||
# Some local users to test with
|
# Some local users to test with
|
||||||
self.u_apple = hs.parse_userid("@apple:test")
|
self.u_apple = hs.parse_userid("@apple:test")
|
||||||
self.u_banana = hs.parse_userid("@banana:test")
|
self.u_banana = hs.parse_userid("@banana:test")
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue