2929 SynapseError ,
3030)
3131from synapse .api .filtering import Filter
32+
33+
34+ from synapse .appservice import ApplicationService
3235from synapse .events .utils import format_event_for_client_v2
3336from synapse .http .servlet import (
3437 RestServlet ,
4750from synapse .streams .config import PaginationConfig
4851from synapse .types import (
4952 JsonDict ,
53+ Requester ,
5054 RoomAlias ,
5155 RoomID ,
5256 StreamToken ,
@@ -379,6 +383,35 @@ def _create_insertion_event_dict(
379383
380384 return insertion_event
381385
386+ async def _create_requester_from_app_service (
387+ self , user_id : str , app_service : ApplicationService
388+ ) -> Requester :
389+ """Creates a new requester for the given user_id
390+ and validates that the app service is allowed to control
391+ the given user.
392+
393+ Args:
394+ user_id: The author MXID that the app service is controlling
395+ app_service: The app service that controls the user
396+
397+ Returns:
398+ Requester object
399+ """
400+
401+ if app_service .sender == user_id :
402+ pass
403+ elif not app_service .is_interested_in_user (user_id ):
404+ raise AuthError (
405+ 403 ,
406+ "Application service cannot masquerade as this user (%s)." % user_id ,
407+ )
408+ elif not (await self .store .get_user_by_id (user_id )):
409+ raise AuthError (
410+ 403 , "Application service has not registered this user (%s)" % user_id
411+ )
412+
413+ return create_requester (user_id , app_service = app_service )
414+
382415 async def on_POST (self , request , room_id ):
383416 requester = await self .auth .get_user_by_req (request , allow_guest = False )
384417
@@ -444,8 +477,8 @@ async def on_POST(self, request, room_id):
444477 if event_dict ["type" ] == EventTypes .Member :
445478 membership = event_dict ["content" ].get ("membership" , None )
446479 event_id , _ = await self .room_member_handler .update_membership (
447- create_requester (
448- state_event ["sender" ], app_service = requester .app_service
480+ await self . _create_requester_from_app_service (
481+ state_event ["sender" ], requester .app_service
449482 ),
450483 target = UserID .from_string (event_dict ["state_key" ]),
451484 room_id = room_id ,
@@ -466,8 +499,8 @@ async def on_POST(self, request, room_id):
466499 event ,
467500 _ ,
468501 ) = await self .event_creation_handler .create_and_send_nonmember_event (
469- create_requester (
470- state_event ["sender" ], app_service = requester .app_service
502+ await self . _create_requester_from_app_service (
503+ state_event ["sender" ], requester .app_service
471504 ),
472505 event_dict ,
473506 outlier = True ,
@@ -516,7 +549,10 @@ async def on_POST(self, request, room_id):
516549 base_insertion_event ,
517550 _ ,
518551 ) = await self .event_creation_handler .create_and_send_nonmember_event (
519- requester ,
552+ await self ._create_requester_from_app_service (
553+ base_insertion_event_dict ["sender" ],
554+ requester .app_service ,
555+ ),
520556 base_insertion_event_dict ,
521557 prev_event_ids = base_insertion_event_dict .get ("prev_events" ),
522558 auth_event_ids = auth_event_ids ,
@@ -565,7 +601,9 @@ async def on_POST(self, request, room_id):
565601 }
566602
567603 event , context = await self .event_creation_handler .create_event (
568- create_requester (ev ["sender" ], app_service = requester .app_service ),
604+ await self ._create_requester_from_app_service (
605+ ev ["sender" ], requester .app_service
606+ ),
569607 event_dict ,
570608 prev_event_ids = event_dict .get ("prev_events" ),
571609 auth_event_ids = auth_event_ids ,
@@ -595,7 +633,9 @@ async def on_POST(self, request, room_id):
595633 # where topological_ordering is just depth.
596634 for (event , context ) in reversed (events_to_persist ):
597635 ev = await self .event_creation_handler .handle_new_client_event (
598- create_requester (event ["sender" ], app_service = requester .app_service ),
636+ await self ._create_requester_from_app_service (
637+ event ["sender" ], requester .app_service
638+ ),
599639 event = event ,
600640 context = context ,
601641 )
0 commit comments