fix: unauthorized pdus will be responded to with FORBIDDEN
parent
09157b2096
commit
989d843c40
|
@ -569,13 +569,7 @@ async fn join_room_by_id_helper(
|
||||||
{
|
{
|
||||||
let (event_id, value) = match result {
|
let (event_id, value) = match result {
|
||||||
Ok(t) => t,
|
Ok(t) => t,
|
||||||
Err(e) => {
|
Err(_) => continue,
|
||||||
warn!(
|
|
||||||
"PDU could not be verified: {:?} {:?} {:?}",
|
|
||||||
e, event_id, pdu
|
|
||||||
);
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
};
|
};
|
||||||
|
|
||||||
let pdu = PduEvent::from_id_val(&event_id, value.clone()).map_err(|e| {
|
let pdu = PduEvent::from_id_val(&event_id, value.clone()).map_err(|e| {
|
||||||
|
@ -701,7 +695,7 @@ async fn validate_and_add_event_id(
|
||||||
db: &Database,
|
db: &Database,
|
||||||
) -> Result<(EventId, CanonicalJsonObject)> {
|
) -> Result<(EventId, CanonicalJsonObject)> {
|
||||||
let mut value = serde_json::from_str::<CanonicalJsonObject>(pdu.json().get()).map_err(|e| {
|
let mut value = serde_json::from_str::<CanonicalJsonObject>(pdu.json().get()).map_err(|e| {
|
||||||
error!("{:?}: {:?}", pdu, e);
|
error!("Invalid PDU in server response: {:?}: {:?}", pdu, e);
|
||||||
Error::BadServerResponse("Invalid PDU in server response")
|
Error::BadServerResponse("Invalid PDU in server response")
|
||||||
})?;
|
})?;
|
||||||
let event_id = EventId::try_from(&*format!(
|
let event_id = EventId::try_from(&*format!(
|
||||||
|
@ -745,7 +739,7 @@ async fn validate_and_add_event_id(
|
||||||
&value,
|
&value,
|
||||||
room_version,
|
room_version,
|
||||||
) {
|
) {
|
||||||
warn!("Event {} failed verification: {}", event_id, e);
|
warn!("Event {} failed verification {:?} {}", event_id, pdu, e);
|
||||||
back_off(event_id);
|
back_off(event_id);
|
||||||
return Err(Error::BadServerResponse("Event failed verification."));
|
return Err(Error::BadServerResponse("Event failed verification."));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1309,7 +1309,7 @@ impl Rooms {
|
||||||
|
|
||||||
if !auth_check {
|
if !auth_check {
|
||||||
return Err(Error::BadRequest(
|
return Err(Error::BadRequest(
|
||||||
ErrorKind::InvalidParam,
|
ErrorKind::Forbidden,
|
||||||
"Event is not authorized.",
|
"Event is not authorized.",
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
|
@ -1484,7 +1484,7 @@ pub(crate) async fn fetch_signing_keys(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
debug!("Loading signing keys for {}", origin);
|
trace!("Loading signing keys for {}", origin);
|
||||||
|
|
||||||
let mut result = db
|
let mut result = db
|
||||||
.globals
|
.globals
|
||||||
|
@ -1943,7 +1943,7 @@ pub fn create_join_event_template_route<'a>(
|
||||||
|
|
||||||
if !auth_check {
|
if !auth_check {
|
||||||
return Err(Error::BadRequest(
|
return Err(Error::BadRequest(
|
||||||
ErrorKind::InvalidParam,
|
ErrorKind::Forbidden,
|
||||||
"Event is not authorized.",
|
"Event is not authorized.",
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue