mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-12 09:23:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add checks

Browse source
This commit is contained in:
Brendan Abolivier 2017-09-12 17:10:56 +01:00
parent 40a8d732fd
commit f423e9d052
No known key found for this signature in database
GPG key ID: 8EF1500759F70623
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go
View file

@ -109,6 +109,23 @@ func ExchangeThirdPartyInvite(
} }
} }
// Check that the state key is correct.
_, targetDomain, err := gomatrixserverlib.SplitID('@', *builder.StateKey)
if err != nil {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("The event's state key isn't a Matrix user ID"),
}
}
// Check that the target user is from the requesting homeserver.
if targetDomain != request.Origin() {
return util.JSONResponse{
Code: 400,
JSON: jsonerror.BadJSON("The event's state key doesn't have the same domain as the request's origin"),
}
}
// Auth and build the event from what the remote server sent us // Auth and build the event from what the remote server sent us
event, err := buildMembershipEvent(&builder, queryAPI, cfg) event, err := buildMembershipEvent(&builder, queryAPI, cfg)
if err == errNotInRoom { if err == errNotInRoom {