Add RoomExists flag to QueryMembershipForUser (#2450)

Fixes https://github.com/matrix-org/complement/pull/369
This commit is contained in:
kegsay 2022-05-11 11:29:23 +01:00 committed by GitHub
parent 6db08b2874
commit c15bfefd0d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 38 additions and 5 deletions

View file

@ -188,6 +188,12 @@ func SendUnban(
if err != nil { if err != nil {
return util.ErrorResponse(err) return util.ErrorResponse(err)
} }
if !queryRes.RoomExists {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("room does not exist"),
}
}
// unban is only valid if the user is currently banned // unban is only valid if the user is currently banned
if queryRes.Membership != "ban" { if queryRes.Membership != "ban" {
return util.JSONResponse{ return util.JSONResponse{
@ -471,6 +477,12 @@ func SendForget(
logger.WithError(err).Error("QueryMembershipForUser: could not query membership for user") logger.WithError(err).Error("QueryMembershipForUser: could not query membership for user")
return jsonerror.InternalServerError() return jsonerror.InternalServerError()
} }
if !membershipRes.RoomExists {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("room does not exist"),
}
}
if membershipRes.IsInRoom { if membershipRes.IsInRoom {
return util.JSONResponse{ return util.JSONResponse{
Code: http.StatusBadRequest, Code: http.StatusBadRequest,

View file

@ -56,6 +56,12 @@ func OnIncomingStateRequest(ctx context.Context, device *userapi.Device, rsAPI a
util.GetLogger(ctx).WithError(err).Error("queryAPI.QueryLatestEventsAndState failed") util.GetLogger(ctx).WithError(err).Error("queryAPI.QueryLatestEventsAndState failed")
return jsonerror.InternalServerError() return jsonerror.InternalServerError()
} }
if !stateRes.RoomExists {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("room does not exist"),
}
}
// Look at the room state and see if we have a history visibility event // Look at the room state and see if we have a history visibility event
// that marks the room as world-readable. If we don't then we assume that // that marks the room as world-readable. If we don't then we assume that

View file

@ -122,6 +122,7 @@ type QueryMembershipForUserResponse struct {
Membership string `json:"membership"` Membership string `json:"membership"`
// True if the user asked to forget this room. // True if the user asked to forget this room.
IsRoomForgotten bool `json:"is_room_forgotten"` IsRoomForgotten bool `json:"is_room_forgotten"`
RoomExists bool `json:"room_exists"`
} }
// QueryMembershipsForRoomRequest is a request to QueryMembershipsForRoom // QueryMembershipsForRoomRequest is a request to QueryMembershipsForRoom

View file

@ -169,8 +169,10 @@ func (r *Queryer) QueryMembershipForUser(
return err return err
} }
if info == nil { if info == nil {
return fmt.Errorf("QueryMembershipForUser: unknown room %s", request.RoomID) response.RoomExists = false
return nil
} }
response.RoomExists = true
membershipEventNID, stillInRoom, isRoomforgotten, err := r.DB.GetMembership(ctx, info.RoomNID, request.UserID) membershipEventNID, stillInRoom, isRoomforgotten, err := r.DB.GetMembership(ctx, info.RoomNID, request.UserID)
if err != nil { if err != nil {

View file

@ -73,6 +73,12 @@ func Context(
logrus.WithError(err).Error("unable to query membership") logrus.WithError(err).Error("unable to query membership")
return jsonerror.InternalServerError() return jsonerror.InternalServerError()
} }
if !membershipRes.RoomExists {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("room does not exist"),
}
}
stateFilter := gomatrixserverlib.StateFilter{ stateFilter := gomatrixserverlib.StateFilter{
Limit: 100, Limit: 100,

View file

@ -68,10 +68,16 @@ func OnIncomingMessagesRequest(
var err error var err error
// check if the user has already forgotten about this room // check if the user has already forgotten about this room
isForgotten, err := checkIsRoomForgotten(req.Context(), roomID, device.UserID, rsAPI) isForgotten, roomExists, err := checkIsRoomForgotten(req.Context(), roomID, device.UserID, rsAPI)
if err != nil { if err != nil {
return jsonerror.InternalServerError() return jsonerror.InternalServerError()
} }
if !roomExists {
return util.JSONResponse{
Code: http.StatusForbidden,
JSON: jsonerror.Forbidden("room does not exist"),
}
}
if isForgotten { if isForgotten {
return util.JSONResponse{ return util.JSONResponse{
@ -244,17 +250,17 @@ func OnIncomingMessagesRequest(
} }
} }
func checkIsRoomForgotten(ctx context.Context, roomID, userID string, rsAPI api.SyncRoomserverAPI) (bool, error) { func checkIsRoomForgotten(ctx context.Context, roomID, userID string, rsAPI api.SyncRoomserverAPI) (forgotten bool, exists bool, err error) {
req := api.QueryMembershipForUserRequest{ req := api.QueryMembershipForUserRequest{
RoomID: roomID, RoomID: roomID,
UserID: userID, UserID: userID,
} }
resp := api.QueryMembershipForUserResponse{} resp := api.QueryMembershipForUserResponse{}
if err := rsAPI.QueryMembershipForUser(ctx, &req, &resp); err != nil { if err := rsAPI.QueryMembershipForUser(ctx, &req, &resp); err != nil {
return false, err return false, false, err
} }
return resp.IsRoomForgotten, nil return resp.IsRoomForgotten, resp.RoomExists, nil
} }
// retrieveEvents retrieves events from the local database for a request on // retrieveEvents retrieves events from the local database for a request on