From 9b05ef6f394bae9c844ead1a5edf53d1ef6c4fd7 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Tue, 1 Sep 2015 16:17:25 +0100 Subject: [PATCH] Also check the domains for membership state_keys --- synapse/api/auth.py | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/synapse/api/auth.py b/synapse/api/auth.py index 90f11fdc94..944fbbf532 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -190,6 +190,15 @@ class Auth(object): target_user_id = event.state_key + creating_domain = RoomID.from_string(event.room_id).domain + target_domain = UserID.from_string(target_user_id).domain + if creating_domain != target_domain: + if not self.can_federate(event, auth_events): + raise AuthError( + 403, + "This room has been marked as unfederatable." + ) + # get info about the caller key = (EventTypes.Member, event.user_id, ) caller = auth_events.get(key)