Merge pull request #5124 from matrix-org/babolivier/aliases

Add some limitations to alias creation
This commit is contained in:
Brendan Abolivier 2019-05-02 11:22:40 +01:00 committed by GitHub
commit c193b39134
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 40 additions and 2 deletions

1
changelog.d/5124.bugfix Normal file
View file

@ -0,0 +1 @@
Add some missing limitations to room alias creation.

View file

@ -239,6 +239,11 @@ listeners:
# Used by phonehome stats to group together related servers. # Used by phonehome stats to group together related servers.
#server_context: context #server_context: context
# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
#
#require_membership_for_aliases: false
## TLS ## ## TLS ##

View file

@ -134,6 +134,12 @@ class ServerConfig(Config):
# sending out any replication updates. # sending out any replication updates.
self.replication_torture_level = config.get("replication_torture_level") self.replication_torture_level = config.get("replication_torture_level")
# Whether to require a user to be in the room to add an alias to it.
# Defaults to True.
self.require_membership_for_aliases = config.get(
"require_membership_for_aliases", True,
)
self.listeners = [] self.listeners = []
for listener in config.get("listeners", []): for listener in config.get("listeners", []):
if not isinstance(listener.get("port", None), int): if not isinstance(listener.get("port", None), int):
@ -490,6 +496,11 @@ class ServerConfig(Config):
# Used by phonehome stats to group together related servers. # Used by phonehome stats to group together related servers.
#server_context: context #server_context: context
# Whether to require a user to be in the room to add an alias to it.
# Defaults to 'true'.
#
#require_membership_for_aliases: false
""" % locals() """ % locals()
def read_arguments(self, args): def read_arguments(self, args):

View file

@ -36,6 +36,7 @@ logger = logging.getLogger(__name__)
class DirectoryHandler(BaseHandler): class DirectoryHandler(BaseHandler):
MAX_ALIAS_LENGTH = 255
def __init__(self, hs): def __init__(self, hs):
super(DirectoryHandler, self).__init__(hs) super(DirectoryHandler, self).__init__(hs)
@ -43,8 +44,10 @@ class DirectoryHandler(BaseHandler):
self.state = hs.get_state_handler() self.state = hs.get_state_handler()
self.appservice_handler = hs.get_application_service_handler() self.appservice_handler = hs.get_application_service_handler()
self.event_creation_handler = hs.get_event_creation_handler() self.event_creation_handler = hs.get_event_creation_handler()
self.store = hs.get_datastore()
self.config = hs.config self.config = hs.config
self.enable_room_list_search = hs.config.enable_room_list_search self.enable_room_list_search = hs.config.enable_room_list_search
self.require_membership = hs.config.require_membership_for_aliases
self.federation = hs.get_federation_client() self.federation = hs.get_federation_client()
hs.get_federation_registry().register_query_handler( hs.get_federation_registry().register_query_handler(
@ -83,7 +86,7 @@ class DirectoryHandler(BaseHandler):
@defer.inlineCallbacks @defer.inlineCallbacks
def create_association(self, requester, room_alias, room_id, servers=None, def create_association(self, requester, room_alias, room_id, servers=None,
send_event=True): send_event=True, check_membership=True):
"""Attempt to create a new alias """Attempt to create a new alias
Args: Args:
@ -93,6 +96,8 @@ class DirectoryHandler(BaseHandler):
servers (list[str]|None): List of servers that others servers servers (list[str]|None): List of servers that others servers
should try and join via should try and join via
send_event (bool): Whether to send an updated m.room.aliases event send_event (bool): Whether to send an updated m.room.aliases event
check_membership (bool): Whether to check if the user is in the room
before the alias can be set (if the server's config requires it).
Returns: Returns:
Deferred Deferred
@ -100,6 +105,13 @@ class DirectoryHandler(BaseHandler):
user_id = requester.user.to_string() user_id = requester.user.to_string()
if len(room_alias.to_string()) > self.MAX_ALIAS_LENGTH:
raise SynapseError(
400,
"Can't create aliases longer than %s characters" % self.MAX_ALIAS_LENGTH,
Codes.INVALID_PARAM,
)
service = requester.app_service service = requester.app_service
if service: if service:
if not service.is_interested_in_alias(room_alias.to_string()): if not service.is_interested_in_alias(room_alias.to_string()):
@ -108,6 +120,14 @@ class DirectoryHandler(BaseHandler):
" this kind of alias.", errcode=Codes.EXCLUSIVE " this kind of alias.", errcode=Codes.EXCLUSIVE
) )
else: else:
if self.require_membership and check_membership:
rooms_for_user = yield self.store.get_rooms_for_user(user_id)
if room_id not in rooms_for_user:
raise AuthError(
403,
"You must be in the room to create an alias for it",
)
if not self.spam_checker.user_may_create_room_alias(user_id, room_alias): if not self.spam_checker.user_may_create_room_alias(user_id, room_alias):
raise AuthError( raise AuthError(
403, "This user is not permitted to create this alias", 403, "This user is not permitted to create this alias",

View file

@ -402,7 +402,7 @@ class RoomCreationHandler(BaseHandler):
yield directory_handler.create_association( yield directory_handler.create_association(
requester, RoomAlias.from_string(alias), requester, RoomAlias.from_string(alias),
new_room_id, servers=(self.hs.hostname, ), new_room_id, servers=(self.hs.hostname, ),
send_event=False, send_event=False, check_membership=False,
) )
logger.info("Moved alias %s to new room", alias) logger.info("Moved alias %s to new room", alias)
except SynapseError as e: except SynapseError as e:
@ -538,6 +538,7 @@ class RoomCreationHandler(BaseHandler):
room_alias=room_alias, room_alias=room_alias,
servers=[self.hs.hostname], servers=[self.hs.hostname],
send_event=False, send_event=False,
check_membership=False,
) )
preset_config = config.get( preset_config = config.get(