From 405167fc3f3ddd6f7329bdd59da7692fe3d1f4f2 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Tue, 23 Jul 2024 22:46:20 -0400
Subject: [PATCH] add harmless check for presence PUT matching sender user

this is already done but we just don't error and always
use the sender user. match synapse behaviour where we check
and error.

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/api/client/presence.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/api/client/presence.rs b/src/api/client/presence.rs
index 066de1cc..775f82ec 100644
--- a/src/api/client/presence.rs
+++ b/src/api/client/presence.rs
@@ -16,6 +16,14 @@ pub(crate) async fn set_presence_route(body: Ruma<set_presence::v3::Request>) ->
 	}
 
 	let sender_user = body.sender_user.as_ref().expect("user is authenticated");
+
+	if sender_user != &body.user_id && body.appservice_info.is_none() {
+		return Err(Error::BadRequest(
+			ErrorKind::InvalidParam,
+			"Not allowed to set presence of other users",
+		));
+	}
+
 	services()
 		.presence
 		.set_presence(sender_user, &body.presence, None, None, body.status_msg.clone())?;