From 5e801bb5b1d98ff7c866e86c73db0470353006da Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Mon, 23 May 2022 13:41:30 +0100 Subject: [PATCH] Return `Restricted` to determine if the room was restricted or not --- federationapi/routing/join.go | 18 ++++++++++++++++++ roomserver/api/query.go | 5 +++-- roomserver/internal/query/query.go | 3 ++- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/federationapi/routing/join.go b/federationapi/routing/join.go index 68ea1e8ac..2f9d4ca0f 100644 --- a/federationapi/routing/join.go +++ b/federationapi/routing/join.go @@ -386,18 +386,36 @@ func checkRestrictedJoin( if err := rsAPI.QueryRestrictedJoinAllowed(httpReq.Context(), req, res); err != nil { return nil, err } + switch { + case !res.Restricted: + // The join rules for the room don't restrict membership. + return nil, nil + case !res.Resident: + // The join rules restrict membership but our server isn't currently + // joined to all of the allowed rooms, so we can't actually decide + // whether or not to allow the user to join. This error code should + // tell the joining server to try joining via another resident server + // instead. return &util.JSONResponse{ Code: http.StatusBadRequest, JSON: jsonerror.UnableToAuthoriseJoin("This server cannot authorise the join."), }, nil + case !res.Allowed: + // The join rules restrict membership, our server is in the relevant + // rooms and the user wasn't joined to join any of the allowed rooms + // and therefore can't join this room. return &util.JSONResponse{ Code: http.StatusForbidden, JSON: jsonerror.Forbidden("You are not joined to any matching rooms."), }, nil + default: + // The join rules restrict membership, our server is in the relevant + // rooms and the user was allowed to join because they belong to one + // of the allowed rooms. return nil, nil } } diff --git a/roomserver/api/query.go b/roomserver/api/query.go index 33a235829..6107b3f82 100644 --- a/roomserver/api/query.go +++ b/roomserver/api/query.go @@ -354,8 +354,9 @@ type QueryRestrictedJoinAllowedRequest struct { } type QueryRestrictedJoinAllowedResponse struct { - Resident bool `json:"resident"` // Is our homeserver in the relevant rooms? - Allowed bool `json:"allowed"` // Is the join allowed by the rules? + Restricted bool `json:"restricted"` // Is the room membership restricted? + Resident bool `json:"resident"` // Is our homeserver in the relevant rooms? + Allowed bool `json:"allowed"` // Is the join allowed by the rules? } // MarshalJSON stringifies the room ID and StateKeyTuple keys so they can be sent over the wire in HTTP API mode. diff --git a/roomserver/internal/query/query.go b/roomserver/internal/query/query.go index 5b37c4185..f298e9ae5 100644 --- a/roomserver/internal/query/query.go +++ b/roomserver/internal/query/query.go @@ -787,7 +787,8 @@ func (r *Queryer) QueryRestrictedJoinAllowed(ctx context.Context, req *api.Query return fmt.Errorf("json.Unmarshal: %w", err) } // If the join rule isn't "restricted" then there's nothing more to do. - if joinRules.JoinRule != gomatrixserverlib.Restricted { + res.Restricted = joinRules.JoinRule == gomatrixserverlib.Restricted + if !res.Restricted { return nil } // Start off by populating the "resident" flag in the response. If we