fix: unauthorized pdus will be responded to with FORBIDDEN

next
Timo Kösters 2021-05-21 18:12:02 +02:00
parent 09157b2096
commit 989d843c40
No known key found for this signature in database
GPG Key ID: 24DA7517711A2BA4
3 changed files with 6 additions and 12 deletions

View File

@ -569,13 +569,7 @@ async fn join_room_by_id_helper(
{ {
let (event_id, value) = match result { let (event_id, value) = match result {
Ok(t) => t, Ok(t) => t,
Err(e) => { Err(_) => continue,
warn!(
"PDU could not be verified: {:?} {:?} {:?}",
e, event_id, pdu
);
continue;
}
}; };
let pdu = PduEvent::from_id_val(&event_id, value.clone()).map_err(|e| { let pdu = PduEvent::from_id_val(&event_id, value.clone()).map_err(|e| {
@ -701,7 +695,7 @@ async fn validate_and_add_event_id(
db: &Database, db: &Database,
) -> Result<(EventId, CanonicalJsonObject)> { ) -> Result<(EventId, CanonicalJsonObject)> {
let mut value = serde_json::from_str::<CanonicalJsonObject>(pdu.json().get()).map_err(|e| { let mut value = serde_json::from_str::<CanonicalJsonObject>(pdu.json().get()).map_err(|e| {
error!("{:?}: {:?}", pdu, e); error!("Invalid PDU in server response: {:?}: {:?}", pdu, e);
Error::BadServerResponse("Invalid PDU in server response") Error::BadServerResponse("Invalid PDU in server response")
})?; })?;
let event_id = EventId::try_from(&*format!( let event_id = EventId::try_from(&*format!(
@ -745,7 +739,7 @@ async fn validate_and_add_event_id(
&value, &value,
room_version, room_version,
) { ) {
warn!("Event {} failed verification: {}", event_id, e); warn!("Event {} failed verification {:?} {}", event_id, pdu, e);
back_off(event_id); back_off(event_id);
return Err(Error::BadServerResponse("Event failed verification.")); return Err(Error::BadServerResponse("Event failed verification."));
} }

View File

@ -1309,7 +1309,7 @@ impl Rooms {
if !auth_check { if !auth_check {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::InvalidParam, ErrorKind::Forbidden,
"Event is not authorized.", "Event is not authorized.",
)); ));
} }

View File

@ -1484,7 +1484,7 @@ pub(crate) async fn fetch_signing_keys(
} }
} }
debug!("Loading signing keys for {}", origin); trace!("Loading signing keys for {}", origin);
let mut result = db let mut result = db
.globals .globals
@ -1943,7 +1943,7 @@ pub fn create_join_event_template_route<'a>(
if !auth_check { if !auth_check {
return Err(Error::BadRequest( return Err(Error::BadRequest(
ErrorKind::InvalidParam, ErrorKind::Forbidden,
"Event is not authorized.", "Event is not authorized.",
)); ));
} }