diff options
author | kegsay <kegan@matrix.org> | 2022-05-11 11:29:23 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-11 11:29:23 +0100 |
commit | c15bfefd0dbbd9619c2606b59b784f2a7926ca20 (patch) | |
tree | 528579b85f7c504430d4e2d05485d02a9fbc4b4d /clientapi/routing | |
parent | 6db08b2874307c516b10ef9c9e996807fbfdb1ff (diff) |
Add RoomExists flag to QueryMembershipForUser (#2450)
Fixes https://github.com/matrix-org/complement/pull/369
Diffstat (limited to 'clientapi/routing')
-rw-r--r-- | clientapi/routing/membership.go | 12 | ||||
-rw-r--r-- | clientapi/routing/state.go | 6 |
2 files changed, 18 insertions, 0 deletions
diff --git a/clientapi/routing/membership.go b/clientapi/routing/membership.go index cfdf6f2d..77f627eb 100644 --- a/clientapi/routing/membership.go +++ b/clientapi/routing/membership.go @@ -188,6 +188,12 @@ func SendUnban( if err != nil { return util.ErrorResponse(err) } + if !queryRes.RoomExists { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("room does not exist"), + } + } // unban is only valid if the user is currently banned if queryRes.Membership != "ban" { return util.JSONResponse{ @@ -471,6 +477,12 @@ func SendForget( logger.WithError(err).Error("QueryMembershipForUser: could not query membership for user") return jsonerror.InternalServerError() } + if !membershipRes.RoomExists { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("room does not exist"), + } + } if membershipRes.IsInRoom { return util.JSONResponse{ Code: http.StatusBadRequest, diff --git a/clientapi/routing/state.go b/clientapi/routing/state.go index c6e9e91d..12984c39 100644 --- a/clientapi/routing/state.go +++ b/clientapi/routing/state.go @@ -56,6 +56,12 @@ func OnIncomingStateRequest(ctx context.Context, device *userapi.Device, rsAPI a util.GetLogger(ctx).WithError(err).Error("queryAPI.QueryLatestEventsAndState failed") return jsonerror.InternalServerError() } + if !stateRes.RoomExists { + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("room does not exist"), + } + } // Look at the room state and see if we have a history visibility event // that marks the room as world-readable. If we don't then we assume that |