From a82936226d5cce323959eb6d94c9fb0fe1484818 Mon Sep 17 00:00:00 2001
From: Kegan Dougal <kegan@matrix.org>
Date: Wed, 24 Jun 2020 16:50:52 +0100
Subject: [PATCH] Make same membership transitions 403, add sytests

---
 roomserver/api/perform.go | 5 +++++
 sytest-whitelist          | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/roomserver/api/perform.go b/roomserver/api/perform.go
index 0b8e6df25..12ba15167 100644
--- a/roomserver/api/perform.go
+++ b/roomserver/api/perform.go
@@ -38,6 +38,11 @@ func (p *PerformError) JSONResponse() util.JSONResponse {
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden(p.Msg),
 		}
+	case PerformErrorNoOperation:
+		return util.JSONResponse{
+			Code: http.StatusForbidden,
+			JSON: jsonerror.Forbidden(p.Msg),
+		}
 	default:
 		return util.ErrorResponse(p)
 	}
diff --git a/sytest-whitelist b/sytest-whitelist
index 0036d60ea..18bb7ca43 100644
--- a/sytest-whitelist
+++ b/sytest-whitelist
@@ -357,6 +357,8 @@ Getting state checks the events requested belong to the room
 Getting state IDs checks the events requested belong to the room
 Can invite users to invite-only rooms
 Uninvited users cannot join the room
+Users cannot invite themselves to a room
+Users cannot invite a user that is already in the room
 Invited user can reject invite
 Invited user can reject invite for empty room
 Invited user can reject local invite after originator leaves