Check if alias event's state_key matches sender's domain

This commit is contained in:
Erik Johnston 2016-07-13 13:12:25 +01:00
parent 560c71c735
commit 2cb758ac75

View file

@ -115,6 +115,17 @@ class Auth(object):
# FIXME: Temp hack
if event.type == EventTypes.Aliases:
if not event.state_key:
raise AuthError(
403,
"Alias event must have non-empty state_key"
)
sender_domain = get_domain_from_id(event.sender)
if event.state_key != sender_domain:
raise AuthError(
403,
"Alias event's state_key does not match sender's domain"
)
return True
logger.debug(