29
29
SynapseError ,
30
30
)
31
31
from synapse .api .filtering import Filter
32
+
33
+
34
+ from synapse .appservice import ApplicationService
32
35
from synapse .events .utils import format_event_for_client_v2
33
36
from synapse .http .servlet import (
34
37
RestServlet ,
47
50
from synapse .streams .config import PaginationConfig
48
51
from synapse .types import (
49
52
JsonDict ,
53
+ Requester ,
50
54
RoomAlias ,
51
55
RoomID ,
52
56
StreamToken ,
@@ -379,6 +383,35 @@ def _create_insertion_event_dict(
379
383
380
384
return insertion_event
381
385
386
+ async def _create_requester_from_app_service (
387
+ self , user_id : str , app_service : ApplicationService
388
+ ) -> Requester :
389
+ """Creates a new requester for the given user_id
390
+ and validates that the app service is allowed to control
391
+ the given user.
392
+
393
+ Args:
394
+ user_id: The author MXID that the app service is controlling
395
+ app_service: The app service that controls the user
396
+
397
+ Returns:
398
+ Requester object
399
+ """
400
+
401
+ if app_service .sender == user_id :
402
+ pass
403
+ elif not app_service .is_interested_in_user (user_id ):
404
+ raise AuthError (
405
+ 403 ,
406
+ "Application service cannot masquerade as this user (%s)." % user_id ,
407
+ )
408
+ elif not (await self .store .get_user_by_id (user_id )):
409
+ raise AuthError (
410
+ 403 , "Application service has not registered this user (%s)" % user_id
411
+ )
412
+
413
+ return create_requester (user_id , app_service = app_service )
414
+
382
415
async def on_POST (self , request , room_id ):
383
416
requester = await self .auth .get_user_by_req (request , allow_guest = False )
384
417
@@ -444,8 +477,8 @@ async def on_POST(self, request, room_id):
444
477
if event_dict ["type" ] == EventTypes .Member :
445
478
membership = event_dict ["content" ].get ("membership" , None )
446
479
event_id , _ = await self .room_member_handler .update_membership (
447
- create_requester (
448
- state_event ["sender" ], app_service = requester .app_service
480
+ await self . _create_requester_from_app_service (
481
+ state_event ["sender" ], requester .app_service
449
482
),
450
483
target = UserID .from_string (event_dict ["state_key" ]),
451
484
room_id = room_id ,
@@ -466,8 +499,8 @@ async def on_POST(self, request, room_id):
466
499
event ,
467
500
_ ,
468
501
) = await self .event_creation_handler .create_and_send_nonmember_event (
469
- create_requester (
470
- state_event ["sender" ], app_service = requester .app_service
502
+ await self . _create_requester_from_app_service (
503
+ state_event ["sender" ], requester .app_service
471
504
),
472
505
event_dict ,
473
506
outlier = True ,
@@ -516,7 +549,10 @@ async def on_POST(self, request, room_id):
516
549
base_insertion_event ,
517
550
_ ,
518
551
) = await self .event_creation_handler .create_and_send_nonmember_event (
519
- requester ,
552
+ await self ._create_requester_from_app_service (
553
+ base_insertion_event_dict ["sender" ],
554
+ requester .app_service ,
555
+ ),
520
556
base_insertion_event_dict ,
521
557
prev_event_ids = base_insertion_event_dict .get ("prev_events" ),
522
558
auth_event_ids = auth_event_ids ,
@@ -565,7 +601,9 @@ async def on_POST(self, request, room_id):
565
601
}
566
602
567
603
event , context = await self .event_creation_handler .create_event (
568
- create_requester (ev ["sender" ], app_service = requester .app_service ),
604
+ await self ._create_requester_from_app_service (
605
+ ev ["sender" ], requester .app_service
606
+ ),
569
607
event_dict ,
570
608
prev_event_ids = event_dict .get ("prev_events" ),
571
609
auth_event_ids = auth_event_ids ,
@@ -595,7 +633,9 @@ async def on_POST(self, request, room_id):
595
633
# where topological_ordering is just depth.
596
634
for (event , context ) in reversed (events_to_persist ):
597
635
ev = await self .event_creation_handler .handle_new_client_event (
598
- create_requester (event ["sender" ], app_service = requester .app_service ),
636
+ await self ._create_requester_from_app_service (
637
+ event ["sender" ], requester .app_service
638
+ ),
599
639
event = event ,
600
640
context = context ,
601
641
)
0 commit comments