Fix more AS sender ID thinkos.

Specifically, the ASes own user ID wasn't being treated as 'exclusive' so
a human could nab it. Also, the HS would needlessly send user queries to the
AS for its own user ID.
pull/117/head
Kegan Dougal 2015-04-01 14:05:24 +01:00
parent 80a620a83a
commit 813e54bd5b
2 changed files with 12 additions and 2 deletions

View File

@ -211,7 +211,10 @@ class ApplicationService(object):
return self._matches_regex(room_id, ApplicationService.NS_ROOMS) return self._matches_regex(room_id, ApplicationService.NS_ROOMS)
def is_exclusive_user(self, user_id): def is_exclusive_user(self, user_id):
return self._is_exclusive(ApplicationService.NS_USERS, user_id) return (
self._is_exclusive(ApplicationService.NS_USERS, user_id)
or user_id == self.sender
)
def is_exclusive_alias(self, alias): def is_exclusive_alias(self, alias):
return self._is_exclusive(ApplicationService.NS_ALIASES, alias) return self._is_exclusive(ApplicationService.NS_ALIASES, alias)

View File

@ -180,7 +180,14 @@ class ApplicationServicesHandler(object):
return return
user_info = yield self.store.get_user_by_id(user_id) user_info = yield self.store.get_user_by_id(user_id)
defer.returnValue(len(user_info) == 0) if len(user_info) > 0:
defer.returnValue(False)
return
# user not found; could be the AS though, so check.
services = yield self.store.get_app_services()
service_list = [s for s in services if s.sender == user_id]
defer.returnValue(len(service_list) == 0)
@defer.inlineCallbacks @defer.inlineCallbacks
def _check_user_exists(self, user_id): def _check_user_exists(self, user_id):