From 608aa83ed253ec11567e863ec9053a26a27acc20 Mon Sep 17 00:00:00 2001 From: strawberry Date: Sat, 2 Mar 2024 21:54:16 -0500 Subject: [PATCH] check if invited user is an admin before rejecting instead i think this makes more sense tbh than what synapse does Signed-off-by: strawberry --- conduwuit-example.toml | 2 +- src/api/client_server/membership.rs | 4 +++- src/api/server_server.rs | 20 +++++++++++--------- src/config/mod.rs | 2 +- 4 files changed, 16 insertions(+), 12 deletions(-) diff --git a/conduwuit-example.toml b/conduwuit-example.toml index 1a80bf71..7d1cec88 100644 --- a/conduwuit-example.toml +++ b/conduwuit-example.toml @@ -153,7 +153,7 @@ registration_token = "change this token for something specific to your server" # allow_room_creation = true # controls whether non-admin local users are forbidden from sending room invites (local and remote), -# AND rejects all incoming remote/federation room invites for all users (including admins). +# and if non-admin users can receive remote room invites. admins are always allowed to send and receive all room invites. # defaults to false # block_non_admin_invites = falsse diff --git a/src/api/client_server/membership.rs b/src/api/client_server/membership.rs index ba3fdae7..4e8ebaa5 100644 --- a/src/api/client_server/membership.rs +++ b/src/api/client_server/membership.rs @@ -201,7 +201,9 @@ pub async fn invite_user_route( )); } - if services().rooms.metadata.is_banned(&body.room_id)? && !services().users.is_admin(sender_user)? { + if services().rooms.metadata.is_banned(&body.room_id)? + && !services().users.is_admin(sender_user)? + { info!( "Local user {} who is not an admin attempted to send an invite for banned room {}.", &sender_user, &body.room_id diff --git a/src/api/server_server.rs b/src/api/server_server.rs index 69c62562..e05bffb5 100644 --- a/src/api/server_server.rs +++ b/src/api/server_server.rs @@ -1845,14 +1845,6 @@ pub async fn create_invite_route( .as_ref() .expect("server is authenticated"); - if services().globals.block_non_admin_invites() { - info!("Received remote invite from server {} for room {}, but \"block_non_admin_invites\" is enabled, rejecting.", &sender_servername, &body.room_id); - return Err(Error::BadRequest( - ErrorKind::Forbidden, - "This server does not allow room invites.", - )); - } - services() .rooms .event_handler @@ -1922,7 +1914,9 @@ pub async fn create_invite_route( ) .map_err(|_| Error::BadRequest(ErrorKind::InvalidParam, "state_key is not a user id."))?; - if services().rooms.metadata.is_banned(&body.room_id)? && !services().users.is_admin(&invited_user)? { + if services().rooms.metadata.is_banned(&body.room_id)? + && !services().users.is_admin(&invited_user)? + { info!( "Received remote invite from server {} for room {} and for user {invited_user}, but room is banned by us.", &sender_servername, &body.room_id @@ -1933,6 +1927,14 @@ pub async fn create_invite_route( )); } + if services().globals.block_non_admin_invites() && !services().users.is_admin(&invited_user)? { + info!("Received remote invite from server {} for room {} and for user {invited_user} who is not an admin, but \"block_non_admin_invites\" is enabled, rejecting.", &sender_servername, &body.room_id); + return Err(Error::BadRequest( + ErrorKind::Forbidden, + "This server does not allow room invites.", + )); + } + let mut invite_state = body.invite_room_state.clone(); let mut event: JsonObject = serde_json::from_str(body.event.get()) diff --git a/src/config/mod.rs b/src/config/mod.rs index 60149c7c..c2b89e01 100644 --- a/src/config/mod.rs +++ b/src/config/mod.rs @@ -281,7 +281,7 @@ impl fmt::Display for Config { &self.allow_local_presence.to_string(), ), ( - "Block non-admin room invites (local and remote) and block all incoming remote invites", + "Block non-admin room invites (local and remote, admins can still send and receive invites)", &self.block_non_admin_invites.to_string(), ), (