From 05fa66c9c87c1ad32ab3d1554f53475ed1f40707 Mon Sep 17 00:00:00 2001 From: S7evinK <2353100+S7evinK@users.noreply.github.com> Date: Mon, 7 Mar 2022 18:14:08 +0100 Subject: [PATCH] Fix appservice username check (#2223) * Fix appservice username check * Flakey test moved to blocklist * Move tests to blacklist --- clientapi/routing/directory.go | 10 ++++++++-- sytest-blacklist | 3 +++ sytest-whitelist | 4 ++-- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/clientapi/routing/directory.go b/clientapi/routing/directory.go index e408c264f..ac355b5d4 100644 --- a/clientapi/routing/directory.go +++ b/clientapi/routing/directory.go @@ -139,11 +139,17 @@ func SetLocalAlias( // TODO: This code should eventually be refactored with: // 1. The new method for checking for things matching an AS's namespace // 2. Using an overall Regex object for all AS's just like we did for usernames - + reqUserID, _, err := gomatrixserverlib.SplitID('@', device.UserID) + if err != nil { + return util.JSONResponse{ + Code: http.StatusBadRequest, + JSON: jsonerror.BadJSON("User ID must be in the form '@localpart:domain'"), + } + } for _, appservice := range cfg.Derived.ApplicationServices { // Don't prevent AS from creating aliases in its own namespace // Note that Dendrite uses SenderLocalpart as UserID for AS users - if device.UserID != appservice.SenderLocalpart { + if reqUserID != appservice.SenderLocalpart { if aliasNamespaces, ok := appservice.NamespaceMap["aliases"]; ok { for _, namespace := range aliasNamespaces { if namespace.Exclusive && namespace.RegexpObject.MatchString(alias) { diff --git a/sytest-blacklist b/sytest-blacklist index 0cdfebcc0..cee2406e5 100644 --- a/sytest-blacklist +++ b/sytest-blacklist @@ -24,6 +24,7 @@ Local device key changes get to remote servers with correct prev_id # Flakey Local device key changes appear in /keys/changes +/context/ with lazy_load_members filter works # we don't support groups Remove group category @@ -32,6 +33,8 @@ Remove group role # Flakey AS-ghosted users can use rooms themselves /context/ with lazy_load_members filter works +AS-ghosted users can use rooms via AS +Events in rooms with AS-hosted room aliases are sent to AS server # Flakey, need additional investigation Messages that notify from another user increment notification_count diff --git a/sytest-whitelist b/sytest-whitelist index 377425c9b..6c4745b32 100644 --- a/sytest-whitelist +++ b/sytest-whitelist @@ -648,7 +648,6 @@ Device list doesn't change if remote server is down /context/ on joined room works /context/ on non world readable room does not work /context/ returns correct number of events - GET /rooms/:room_id/messages lazy loads members correctly Can query remote device keys using POST after notification Device deletion propagates over federation @@ -659,8 +658,9 @@ registration accepts non-ascii passwords registration with inhibit_login inhibits login The operation must be consistent through an interactive authentication session Multiple calls to /sync should not cause 500 errors - Canonical alias can be set Canonical alias can include alt_aliases Can delete canonical alias Multiple calls to /sync should not cause 500 errors +AS can make room aliases +Accesing an AS-hosted room alias asks the AS server