Don't allow inviting users that don't exist

2022-10-05 16:42:07 +01:00 · 2022-10-05 16:42:07 +01:00 · 201f363d30
parent 9ba3103f88
commit 201f363d30
3 changed files with 22 additions and 1 deletions
--- a/roomserver/internal/api.go
+++ b/roomserver/internal/api.go
@ -193,6 +193,7 @@ func (r *RoomserverInternalAPI) SetFederationAPI(fsAPI fsAPI.RoomserverFederatio
 }

 func (r *RoomserverInternalAPI) SetUserAPI(userAPI userapi.RoomserverUserAPI) {
+	r.Inviter.UserAPI = userAPI
 	r.Leaver.UserAPI = userAPI
 }

--- a/roomserver/internal/perform/perform_invite.go
+++ b/roomserver/internal/perform/perform_invite.go
@ -27,6 +27,7 @@ import (
 	"github.com/matrix-org/dendrite/roomserver/storage/shared"
 	"github.com/matrix-org/dendrite/roomserver/types"
 	"github.com/matrix-org/dendrite/setup/config"
+	userAPI "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	log "github.com/sirupsen/logrus"
@ -36,6 +37,7 @@ type Inviter struct {
 	DB      storage.Database
 	Cfg     *config.RoomServer
 	FSAPI   federationAPI.RoomserverFederationAPI
+	UserAPI userAPI.RoomserverUserAPI
 	Inputer *input.Inputer
 }

@ -62,7 +64,7 @@ func (r *Inviter) PerformInvite(
 		return nil, fmt.Errorf("failed to load RoomInfo: %w", err)
 	}

-	_, domain, err := gomatrixserverlib.SplitID('@', targetUserID)
+	localpart, domain, err := gomatrixserverlib.SplitID('@', targetUserID)
 	if err != nil {
 		res.Error = &api.PerformError{
 			Code: api.PerformErrorBadRequest,
@ -80,6 +82,23 @@ func (r *Inviter) PerformInvite(
 		return nil, nil
 	}

+	if isTargetLocal {
+		userReq := &userAPI.QueryAccountAvailabilityRequest{
+			Localpart: localpart,
+		}
+		userRes := &userAPI.QueryAccountAvailabilityResponse{}
+		if err = r.UserAPI.QueryAccountAvailability(ctx, userReq, userRes); err != nil {
+			return nil, fmt.Errorf("r.UserAPI.QueryAccountAvailability: %w", err)
+		}
+		if userRes.Available {
+			res.Error = &api.PerformError{
+				Code: api.PerformErrorBadRequest,
+				Msg:  fmt.Sprintf("The user ID %q does not exist!", targetUserID),
+			}
+			return nil, nil
+		}
+	}
+
 	logger := util.GetLogger(ctx).WithFields(map[string]interface{}{
 		"inviter":  event.Sender(),
 		"invitee":  *event.StateKey(),
--- a/userapi/api/api.go
+++ b/userapi/api/api.go
@ -50,6 +50,7 @@ type KeyserverUserAPI interface {

 type RoomserverUserAPI interface {
 	QueryAccountData(ctx context.Context, req *QueryAccountDataRequest, res *QueryAccountDataResponse) error
+	QueryAccountAvailability(ctx context.Context, req *QueryAccountAvailabilityRequest, res *QueryAccountAvailabilityResponse) error
 }

 // api functions required by the media api