Fix /createRoom and /invite containing displayname/avatarURL of inviter (#3326)
Fixes #3324
This commit is contained in:
Till
GitHub
parent
be0c27e688
commit
e9deb5244e
7 changed files with 100 additions and 50 deletions
|
|
@ -2278,3 +2278,68 @@ func TestGetMembership(t *testing.T) {
|
|||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestCreateRoomInvite(t *testing.T) {
|
||||
alice := test.NewUser(t)
|
||||
bob := test.NewUser(t)
|
||||
|
||||
test.WithAllDatabases(t, func(t *testing.T, dbType test.DBType) {
|
||||
|
||||
cfg, processCtx, close := testrig.CreateConfig(t, dbType)
|
||||
routers := httputil.NewRouters()
|
||||
cm := sqlutil.NewConnectionManager(processCtx, cfg.Global.DatabaseOptions)
|
||||
caches := caching.NewRistrettoCache(128*1024*1024, time.Hour, caching.DisableMetrics)
|
||||
defer close()
|
||||
natsInstance := jetstream.NATSInstance{}
|
||||
jsctx, _ := natsInstance.Prepare(processCtx, &cfg.Global.JetStream)
|
||||
defer jetstream.DeleteAllStreams(jsctx, &cfg.Global.JetStream)
|
||||
|
||||
// Use an actual roomserver for this
|
||||
rsAPI := roomserver.NewInternalAPI(processCtx, cfg, cm, &natsInstance, caches, caching.DisableMetrics)
|
||||
rsAPI.SetFederationAPI(nil, nil)
|
||||
userAPI := userapi.NewInternalAPI(processCtx, cfg, cm, &natsInstance, rsAPI, nil, caching.DisableMetrics, testIsBlacklistedOrBackingOff)
|
||||
|
||||
// We mostly need the rsAPI for this test, so nil for other APIs/caches etc.
|
||||
AddPublicRoutes(processCtx, routers, cfg, &natsInstance, nil, rsAPI, nil, nil, nil, userAPI, nil, nil, caching.DisableMetrics)
|
||||
|
||||
accessTokens := map[*test.User]userDevice{
|
||||
alice: {},
|
||||
}
|
||||
createAccessTokens(t, accessTokens, userAPI, processCtx.Context(), routers)
|
||||
|
||||
reqBody := map[string]any{
|
||||
"invite": []string{bob.ID},
|
||||
}
|
||||
body, err := json.Marshal(reqBody)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
w := httptest.NewRecorder()
|
||||
req := httptest.NewRequest(http.MethodPost, "/_matrix/client/v3/createRoom", strings.NewReader(string(body)))
|
||||
req.Header.Set("Authorization", "Bearer "+accessTokens[alice].accessToken)
|
||||
|
||||
routers.Client.ServeHTTP(w, req)
|
||||
|
||||
if w.Code != http.StatusOK {
|
||||
t.Fatalf("expected room creation to be successful, got HTTP %d instead: %s", w.Code, w.Body.String())
|
||||
}
|
||||
|
||||
roomID := gjson.GetBytes(w.Body.Bytes(), "room_id").Str
|
||||
validRoomID, _ := spec.NewRoomID(roomID)
|
||||
// Now ask the roomserver about the membership event of Bob
|
||||
ev, err := rsAPI.CurrentStateEvent(context.Background(), *validRoomID, spec.MRoomMember, bob.ID)
|
||||
if err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
if ev == nil {
|
||||
t.Fatal("Membership event for Bob does not exist")
|
||||
}
|
||||
|
||||
// Validate that there is NO displayname in content
|
||||
if gjson.GetBytes(ev.Content(), "displayname").Exists() {
|
||||
t.Fatal("Found displayname in invite")
|
||||
}
|
||||
})
|
||||
}
|
||||
|
|
|
|||
|
|
@ -324,19 +324,18 @@ func SendInvite(
|
|||
}
|
||||
|
||||
// We already received the return value, so no need to check for an error here.
|
||||
response, _ := sendInvite(req.Context(), profileAPI, device, roomID, body.UserID, body.Reason, cfg, rsAPI, asAPI, evTime)
|
||||
response, _ := sendInvite(req.Context(), device, roomID, body.UserID, body.Reason, cfg, rsAPI, evTime)
|
||||
return response
|
||||
}
|
||||
|
||||
// sendInvite sends an invitation to a user. Returns a JSONResponse and an error
|
||||
func sendInvite(
|
||||
ctx context.Context,
|
||||
profileAPI userapi.ClientUserAPI,
|
||||
device *userapi.Device,
|
||||
roomID, userID, reason string,
|
||||
cfg *config.ClientAPI,
|
||||
rsAPI roomserverAPI.ClientRoomserverAPI,
|
||||
asAPI appserviceAPI.AppServiceInternalAPI, evTime time.Time,
|
||||
evTime time.Time,
|
||||
) (util.JSONResponse, error) {
|
||||
validRoomID, err := spec.NewRoomID(roomID)
|
||||
if err != nil {
|
||||
|
|
@ -359,13 +358,7 @@ func sendInvite(
|
|||
JSON: spec.InvalidParam("UserID is invalid"),
|
||||
}, err
|
||||
}
|
||||
profile, err := loadProfile(ctx, userID, cfg, profileAPI, asAPI)
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
Code: http.StatusInternalServerError,
|
||||
JSON: spec.InternalServerError{},
|
||||
}, err
|
||||
}
|
||||
|
||||
identity, err := cfg.Matrix.SigningIdentityFor(device.UserDomain())
|
||||
if err != nil {
|
||||
return util.JSONResponse{
|
||||
|
|
@ -375,16 +368,14 @@ func sendInvite(
|
|||
}
|
||||
err = rsAPI.PerformInvite(ctx, &api.PerformInviteRequest{
|
||||
InviteInput: roomserverAPI.InviteInput{
|
||||
RoomID: *validRoomID,
|
||||
Inviter: *inviter,
|
||||
Invitee: *invitee,
|
||||
DisplayName: profile.DisplayName,
|
||||
AvatarURL: profile.AvatarURL,
|
||||
Reason: reason,
|
||||
IsDirect: false,
|
||||
KeyID: identity.KeyID,
|
||||
PrivateKey: identity.PrivateKey,
|
||||
EventTime: evTime,
|
||||
RoomID: *validRoomID,
|
||||
Inviter: *inviter,
|
||||
Invitee: *invitee,
|
||||
Reason: reason,
|
||||
IsDirect: false,
|
||||
KeyID: identity.KeyID,
|
||||
PrivateKey: identity.PrivateKey,
|
||||
EventTime: evTime,
|
||||
},
|
||||
InviteRoomState: nil, // ask the roomserver to draw up invite room state for us
|
||||
SendAsServer: string(device.UserDomain()),
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ func SendServerNotice(
|
|||
}
|
||||
if !membershipRes.IsInRoom {
|
||||
// re-invite the user
|
||||
res, err := sendInvite(ctx, userAPI, senderDevice, roomID, r.UserID, "Server notice room", cfgClient, rsAPI, asAPI, time.Now())
|
||||
res, err := sendInvite(ctx, senderDevice, roomID, r.UserID, "Server notice room", cfgClient, rsAPI, time.Now())
|
||||
if err != nil {
|
||||
return res
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue