Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent users without permissions from inviting the bot #561

Merged
merged 8 commits into from
Nov 3, 2022
Merged

Prevent users without permissions from inviting the bot #561

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
5220fa2
Add filter
Half-Shot Nov 2, 2022
c1d6476
tweak
Half-Shot Nov 2, 2022
bfbb1b1
changelog
Half-Shot Nov 2, 2022
35c703f
Kick the right user
Half-Shot Nov 3, 2022
0be3bec
Update src/Bridge.ts
Half-Shot Nov 3, 2022
b07824a
Update src/Bridge.ts
Half-Shot Nov 3, 2022
54e03fb
Update changelog.d/561.bugfix
Half-Shot Nov 3, 2022
1b66515
Cleanup underlyingClient
Half-Shot Nov 3, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/561.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
The bot no longer accepts invites from users who do not have permission to use it.
18 changes: 12 additions & 6 deletions src/Bridge.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ export class Bridge {
while(joinedRooms === undefined) {
try {
log.info("Connecting to homeserver and fetching joined rooms..");
joinedRooms = await this.as.botIntent.underlyingClient.getJoinedRooms();
joinedRooms = await this.as.botClient.getJoinedRooms();
log.debug(`Bridge bot is joined to ${joinedRooms.length} rooms`);
} catch (ex) {
// This is our first interaction with the homeserver, so wait if it's not ready yet.
Expand Down Expand Up @@ -683,11 +683,11 @@ export class Bridge {

// TODO: Refactor this to be a connection
try {
let accountData = await this.as.botIntent.underlyingClient.getSafeRoomAccountData<AdminAccountData>(
let accountData = await this.as.botClient.getSafeRoomAccountData<AdminAccountData>(
BRIDGE_ROOM_TYPE, roomId,
);
if (!accountData) {
accountData = await this.as.botIntent.underlyingClient.getSafeRoomAccountData<AdminAccountData>(
accountData = await this.as.botClient.getSafeRoomAccountData<AdminAccountData>(
LEGACY_BRIDGE_ROOM_TYPE, roomId,
);
if (!accountData) {
Expand All @@ -701,12 +701,12 @@ export class Bridge {

let notifContent;
try {
notifContent = await this.as.botIntent.underlyingClient.getRoomStateEvent(
notifContent = await this.as.botClient.getRoomStateEvent(
roomId, NotifFilter.StateType, "",
);
} catch (ex) {
try {
notifContent = await this.as.botIntent.underlyingClient.getRoomStateEvent(
notifContent = await this.as.botClient.getRoomStateEvent(
roomId, NotifFilter.LegacyStateType, "",
);
}
Expand Down Expand Up @@ -779,8 +779,14 @@ export class Bridge {
log.info(`Got invite roomId=${roomId} from=${event.sender} to=${event.state_key}`);
// Room joins can fail over federation
if (event.state_key !== this.as.botUserId) {
return this.as.botIntent.underlyingClient.kickUser(this.as.botUserId, roomId, "Bridge does not support DMing ghosts");
return this.as.botClient.kickUser(event.state_key, roomId, "Bridge does not support DMing ghosts");
}

// Don't accept invites from people who can't do anything
if (!this.config.checkPermissionAny(event.sender, BridgePermissionLevel.login)) {
return this.as.botClient.kickUser(this.as.botUserId, roomId, "You do not have permission to invite this bot.");
}

await retry(() => this.as.botIntent.joinRoom(roomId), 5);
if (event.content.is_direct) {
const room = await this.setUpAdminRoom(roomId, {admin_user: event.sender}, NotifFilter.getDefaultContent());
Expand Down