Return 404 instead of 403 when retrieving an event without perms (#5798)
Part of fixing matrix-org/sytest#652 Sytest PR: matrix-org/sytest#667pull/5838/head
parent
8ed9e63432
commit
edeae53221
|
@ -0,0 +1 @@
|
||||||
|
Return 404 instead of 403 when accessing /rooms/{roomId}/event/{eventId} for an event without the appropriate permissions.
|
|
@ -568,14 +568,22 @@ class RoomEventServlet(RestServlet):
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def on_GET(self, request, room_id, event_id):
|
def on_GET(self, request, room_id, event_id):
|
||||||
requester = yield self.auth.get_user_by_req(request, allow_guest=True)
|
requester = yield self.auth.get_user_by_req(request, allow_guest=True)
|
||||||
event = yield self.event_handler.get_event(requester.user, room_id, event_id)
|
try:
|
||||||
|
event = yield self.event_handler.get_event(
|
||||||
|
requester.user, room_id, event_id
|
||||||
|
)
|
||||||
|
except AuthError:
|
||||||
|
# This endpoint is supposed to return a 404 when the requester does
|
||||||
|
# not have permission to access the event
|
||||||
|
# https://matrix.org/docs/spec/client_server/r0.5.0#get-matrix-client-r0-rooms-roomid-event-eventid
|
||||||
|
raise SynapseError(404, "Event not found.", errcode=Codes.NOT_FOUND)
|
||||||
|
|
||||||
time_now = self.clock.time_msec()
|
time_now = self.clock.time_msec()
|
||||||
if event:
|
if event:
|
||||||
event = yield self._event_serializer.serialize_event(event, time_now)
|
event = yield self._event_serializer.serialize_event(event, time_now)
|
||||||
return (200, event)
|
return (200, event)
|
||||||
else:
|
|
||||||
return (404, "Event not found.")
|
return SynapseError(404, "Event not found.", errcode=Codes.NOT_FOUND)
|
||||||
|
|
||||||
|
|
||||||
class RoomEventContextServlet(RestServlet):
|
class RoomEventContextServlet(RestServlet):
|
||||||
|
|
Loading…
Reference in New Issue