aboutsummaryrefslogtreecommitdiff
path: root/clientapi/routing
diff options
context:
space:
mode:
authorkegsay <kegan@matrix.org>2022-05-11 11:29:23 +0100
committerGitHub <noreply@github.com>2022-05-11 11:29:23 +0100
commitc15bfefd0dbbd9619c2606b59b784f2a7926ca20 (patch)
tree528579b85f7c504430d4e2d05485d02a9fbc4b4d /clientapi/routing
parent6db08b2874307c516b10ef9c9e996807fbfdb1ff (diff)
Add RoomExists flag to QueryMembershipForUser (#2450)
Fixes https://github.com/matrix-org/complement/pull/369
Diffstat (limited to 'clientapi/routing')
-rw-r--r--clientapi/routing/membership.go12
-rw-r--r--clientapi/routing/state.go6
2 files changed, 18 insertions, 0 deletions
diff --git a/clientapi/routing/membership.go b/clientapi/routing/membership.go
index cfdf6f2d..77f627eb 100644
--- a/clientapi/routing/membership.go
+++ b/clientapi/routing/membership.go
@@ -188,6 +188,12 @@ func SendUnban(
if err != nil {
return util.ErrorResponse(err)
}
+ if !queryRes.RoomExists {
+ return util.JSONResponse{
+ Code: http.StatusForbidden,
+ JSON: jsonerror.Forbidden("room does not exist"),
+ }
+ }
// unban is only valid if the user is currently banned
if queryRes.Membership != "ban" {
return util.JSONResponse{
@@ -471,6 +477,12 @@ func SendForget(
logger.WithError(err).Error("QueryMembershipForUser: could not query membership for user")
return jsonerror.InternalServerError()
}
+ if !membershipRes.RoomExists {
+ return util.JSONResponse{
+ Code: http.StatusForbidden,
+ JSON: jsonerror.Forbidden("room does not exist"),
+ }
+ }
if membershipRes.IsInRoom {
return util.JSONResponse{
Code: http.StatusBadRequest,
diff --git a/clientapi/routing/state.go b/clientapi/routing/state.go
index c6e9e91d..12984c39 100644
--- a/clientapi/routing/state.go
+++ b/clientapi/routing/state.go
@@ -56,6 +56,12 @@ func OnIncomingStateRequest(ctx context.Context, device *userapi.Device, rsAPI a
util.GetLogger(ctx).WithError(err).Error("queryAPI.QueryLatestEventsAndState failed")
return jsonerror.InternalServerError()
}
+ if !stateRes.RoomExists {
+ return util.JSONResponse{
+ Code: http.StatusForbidden,
+ JSON: jsonerror.Forbidden("room does not exist"),
+ }
+ }
// Look at the room state and see if we have a history visibility event
// that marks the room as world-readable. If we don't then we assume that