mirror of
https://github.com/element-hq/synapse.git
synced 2024-11-23 01:55:53 +03:00
Deny peeking into rooms that have been blocked
This commit is contained in:
parent
4a8a1ac962
commit
536a266520
3 changed files with 76 additions and 3 deletions
|
@ -19,7 +19,7 @@ import random
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
from synapse.api.constants import EventTypes, Membership
|
from synapse.api.constants import EventTypes, Membership
|
||||||
from synapse.api.errors import AuthError
|
from synapse.api.errors import AuthError, SynapseError
|
||||||
from synapse.events import EventBase
|
from synapse.events import EventBase
|
||||||
from synapse.events.utils import serialize_event
|
from synapse.events.utils import serialize_event
|
||||||
from synapse.types import UserID
|
from synapse.types import UserID
|
||||||
|
@ -61,6 +61,11 @@ class EventStreamHandler(BaseHandler):
|
||||||
If `only_keys` is not None, events from keys will be sent down.
|
If `only_keys` is not None, events from keys will be sent down.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
if room_id:
|
||||||
|
blocked = yield self.store.is_room_blocked(room_id)
|
||||||
|
if blocked:
|
||||||
|
raise SynapseError(403, "This room has been blocked on this server")
|
||||||
|
|
||||||
# send any outstanding server notices to the user.
|
# send any outstanding server notices to the user.
|
||||||
yield self._server_notices_sender.on_user_syncing(auth_user_id)
|
yield self._server_notices_sender.on_user_syncing(auth_user_id)
|
||||||
|
|
||||||
|
|
|
@ -18,7 +18,7 @@ import logging
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
from synapse.api.constants import EventTypes, Membership
|
from synapse.api.constants import EventTypes, Membership
|
||||||
from synapse.api.errors import AuthError, Codes
|
from synapse.api.errors import AuthError, Codes, SynapseError
|
||||||
from synapse.events.utils import serialize_event
|
from synapse.events.utils import serialize_event
|
||||||
from synapse.events.validator import EventValidator
|
from synapse.events.validator import EventValidator
|
||||||
from synapse.handlers.presence import format_user_presence_state
|
from synapse.handlers.presence import format_user_presence_state
|
||||||
|
@ -262,6 +262,10 @@ class InitialSyncHandler(BaseHandler):
|
||||||
A JSON serialisable dict with the snapshot of the room.
|
A JSON serialisable dict with the snapshot of the room.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
blocked = yield self.store.is_room_blocked(room_id)
|
||||||
|
if blocked:
|
||||||
|
raise SynapseError(403, "This room has been blocked on this server")
|
||||||
|
|
||||||
user_id = requester.user.to_string()
|
user_id = requester.user.to_string()
|
||||||
|
|
||||||
membership, member_event_id = yield self._check_in_room_or_world_readable(
|
membership, member_event_id = yield self._check_in_room_or_world_readable(
|
||||||
|
|
|
@ -20,7 +20,7 @@ import json
|
||||||
from mock import Mock
|
from mock import Mock
|
||||||
|
|
||||||
from synapse.api.constants import UserTypes
|
from synapse.api.constants import UserTypes
|
||||||
from synapse.rest.client.v1 import admin, login, room
|
from synapse.rest.client.v1 import admin, login, room, events
|
||||||
|
|
||||||
from tests import unittest
|
from tests import unittest
|
||||||
|
|
||||||
|
@ -359,7 +359,9 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase):
|
||||||
servlets = [
|
servlets = [
|
||||||
admin.register_servlets,
|
admin.register_servlets,
|
||||||
login.register_servlets,
|
login.register_servlets,
|
||||||
|
events.register_servlets,
|
||||||
room.register_servlets,
|
room.register_servlets,
|
||||||
|
room.register_deprecated_servlets,
|
||||||
]
|
]
|
||||||
|
|
||||||
def prepare(self, reactor, clock, hs):
|
def prepare(self, reactor, clock, hs):
|
||||||
|
@ -422,3 +424,65 @@ class ShutdownRoomTestCase(unittest.HomeserverTestCase):
|
||||||
self.store.get_users_in_room(room_id),
|
self.store.get_users_in_room(room_id),
|
||||||
)
|
)
|
||||||
self.assertEqual([], users_in_room)
|
self.assertEqual([], users_in_room)
|
||||||
|
|
||||||
|
@unittest.DEBUG
|
||||||
|
def test_shutdown_room_block_peek(self):
|
||||||
|
"""Test that a world_readable room can no longer be peeked into after
|
||||||
|
it has been shut down.
|
||||||
|
"""
|
||||||
|
|
||||||
|
self.event_creation_handler._block_events_without_consent_error = None
|
||||||
|
|
||||||
|
room_id = self.helper.create_room_as(self.other_user, tok=self.other_user_token)
|
||||||
|
|
||||||
|
# Enable world readable
|
||||||
|
url = "rooms/%s/state/m.room.history_visibility" % (room_id,)
|
||||||
|
request, channel = self.make_request(
|
||||||
|
"PUT",
|
||||||
|
url.encode('ascii'),
|
||||||
|
json.dumps({"history_visibility": "world_readable"}),
|
||||||
|
access_token=self.other_user_token,
|
||||||
|
)
|
||||||
|
self.render(request)
|
||||||
|
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
|
||||||
|
|
||||||
|
# Test that the admin can still send shutdown
|
||||||
|
url = "admin/shutdown_room/" + room_id
|
||||||
|
request, channel = self.make_request(
|
||||||
|
"POST",
|
||||||
|
url.encode('ascii'),
|
||||||
|
json.dumps({"new_room_user_id": self.admin_user}),
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
self.render(request)
|
||||||
|
|
||||||
|
self.assertEqual(200, int(channel.result["code"]), msg=channel.result["body"])
|
||||||
|
|
||||||
|
# Assert we can no longer peek into the room
|
||||||
|
self._assert_peek(room_id, expect_code=403)
|
||||||
|
|
||||||
|
def _assert_peek(self, room_id, expect_code):
|
||||||
|
"""Assert that the admin user can (or cannot) peek into the room.
|
||||||
|
"""
|
||||||
|
|
||||||
|
url = "rooms/%s/initialSync" % (room_id,)
|
||||||
|
request, channel = self.make_request(
|
||||||
|
"GET",
|
||||||
|
url.encode('ascii'),
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
self.render(request)
|
||||||
|
self.assertEqual(
|
||||||
|
expect_code, int(channel.result["code"]), msg=channel.result["body"],
|
||||||
|
)
|
||||||
|
|
||||||
|
url = "events?timeout=0&room_id=" + room_id
|
||||||
|
request, channel = self.make_request(
|
||||||
|
"GET",
|
||||||
|
url.encode('ascii'),
|
||||||
|
access_token=self.admin_user_tok,
|
||||||
|
)
|
||||||
|
self.render(request)
|
||||||
|
self.assertEqual(
|
||||||
|
expect_code, int(channel.result["code"]), msg=channel.result["body"],
|
||||||
|
)
|
||||||
|
|
Loading…
Reference in a new issue