Make same membership transitions 403, add sytests (#1161)

* Make same membership transitions 403, add sytests * Update blacklist
2020-06-24 18:19:14 +01:00 · 2020-06-24 18:19:14 +01:00 · a06d0921c9
parent 002fe05a20
commit a06d0921c9
3 changed files with 10 additions and 0 deletions
--- a/roomserver/api/perform.go
+++ b/roomserver/api/perform.go
@ -38,6 +38,11 @@ func (p *PerformError) JSONResponse() util.JSONResponse {
 			Code: http.StatusForbidden,
 			JSON: jsonerror.Forbidden(p.Msg),
 		}
+	case PerformErrorNoOperation:
+		return util.JSONResponse{
+			Code: http.StatusForbidden,
+			JSON: jsonerror.Forbidden(p.Msg),
+		}
 	default:
 		return util.ErrorResponse(p)
 	}
--- a/3
+++ b/3
@ -45,6 +45,9 @@ Can recv device messages over federation
 Device messages over federation wake up /sync
 Wildcard device messages over federation wake up /sync

+# See https://github.com/matrix-org/sytest/pull/901
+Remote invited user can see room metadata
+
 # We don't implement soft-failed events yet, but because the /send response is vague,
 # this test thinks it's all fine...
 Inbound federation accepts a second soft-failed event
--- a/2
+++ b/2
@ -357,6 +357,8 @@ Getting state checks the events requested belong to the room
 Getting state IDs checks the events requested belong to the room
 Can invite users to invite-only rooms
 Uninvited users cannot join the room
+Users cannot invite themselves to a room
+Users cannot invite a user that is already in the room
 Invited user can reject invite
 Invited user can reject invite for empty room
 Invited user can reject local invite after originator leaves