From a06d0921c9a8551a7f488ad8ae972f1b982a49c1 Mon Sep 17 00:00:00 2001 From: Kegsay Date: Wed, 24 Jun 2020 18:19:14 +0100 Subject: [PATCH] Make same membership transitions 403, add sytests (#1161) * Make same membership transitions 403, add sytests * Update blacklist --- roomserver/api/perform.go | 5 +++++ sytest-blacklist | 3 +++ sytest-whitelist | 2 ++ 3 files changed, 10 insertions(+) diff --git a/roomserver/api/perform.go b/roomserver/api/perform.go index 0b8e6df25..12ba15167 100644 --- a/roomserver/api/perform.go +++ b/roomserver/api/perform.go @@ -38,6 +38,11 @@ func (p *PerformError) JSONResponse() util.JSONResponse { Code: http.StatusForbidden, JSON: jsonerror.Forbidden(p.Msg), } + case PerformErrorNoOperation: + return util.JSONResponse{ + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden(p.Msg), + } default: return util.ErrorResponse(p) } diff --git a/sytest-blacklist b/sytest-blacklist index 9f140ed1c..65e6c1b16 100644 --- a/sytest-blacklist +++ b/sytest-blacklist @@ -45,6 +45,9 @@ Can recv device messages over federation Device messages over federation wake up /sync Wildcard device messages over federation wake up /sync +# See https://github.com/matrix-org/sytest/pull/901 +Remote invited user can see room metadata + # We don't implement soft-failed events yet, but because the /send response is vague, # this test thinks it's all fine... Inbound federation accepts a second soft-failed event diff --git a/sytest-whitelist b/sytest-whitelist index 0036d60ea..18bb7ca43 100644 --- a/sytest-whitelist +++ b/sytest-whitelist @@ -357,6 +357,8 @@ Getting state checks the events requested belong to the room Getting state IDs checks the events requested belong to the room Can invite users to invite-only rooms Uninvited users cannot join the room +Users cannot invite themselves to a room +Users cannot invite a user that is already in the room Invited user can reject invite Invited user can reject invite for empty room Invited user can reject local invite after originator leaves