From 2088b6cfbf07990582d70e7d731ceff13a29783e Mon Sep 17 00:00:00 2001 From: Till Faelligen Date: Wed, 23 Feb 2022 10:42:13 +0100 Subject: [PATCH] Fix appservice username check --- clientapi/routing/directory.go | 10 ++++++++-- sytest-blacklist | 1 + sytest-whitelist | 5 +++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/clientapi/routing/directory.go b/clientapi/routing/directory.go index e408c264f..ac355b5d4 100644 --- a/clientapi/routing/directory.go +++ b/clientapi/routing/directory.go @@ -139,11 +139,17 @@ func SetLocalAlias( // TODO: This code should eventually be refactored with: // 1. The new method for checking for things matching an AS's namespace // 2. Using an overall Regex object for all AS's just like we did for usernames - + reqUserID, _, err := gomatrixserverlib.SplitID('@', device.UserID) + if err != nil { + return util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.BadJSON("User ID must be in the form '@localpart:domain'"), + } + } for _, appservice := range cfg.Derived.ApplicationServices { // Don't prevent AS from creating aliases in its own namespace // Note that Dendrite uses SenderLocalpart as UserID for AS users - if device.UserID != appservice.SenderLocalpart { + if reqUserID != appservice.SenderLocalpart { if aliasNamespaces, ok := appservice.NamespaceMap["aliases"]; ok { for _, namespace := range aliasNamespaces { if namespace.Exclusive && namespace.RegexpObject.MatchString(alias) { diff --git a/sytest-blacklist b/sytest-blacklist index 16abce8da..e8617dcdf 100644 --- a/sytest-blacklist +++ b/sytest-blacklist @@ -24,6 +24,7 @@ Local device key changes get to remote servers with correct prev_id # Flakey Local device key changes appear in /keys/changes +/context/ with lazy_load_members filter works # we don't support groups Remove group category diff --git a/sytest-whitelist b/sytest-whitelist index d3144572d..5e9d36b44 100644 --- a/sytest-whitelist +++ b/sytest-whitelist @@ -601,3 +601,8 @@ Can query remote device keys using POST after notification Device deletion propagates over federation Get left notifs in sync and /keys/changes when other user leaves Remote banned user is kicked and may not rejoin until unbanned +AS can make room aliases +AS-ghosted users can use rooms via AS +AS-ghosted users can use rooms themselves +Accesing an AS-hosted room alias asks the AS server +Events in rooms with AS-hosted room aliases are sent to AS server