Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Do not propagate profile changes of shadow-banned users into rooms #8157

Merged
merged 9 commits into from
Aug 26, 2020
Merged

Do not propagate profile changes of shadow-banned users into rooms #8157

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f34650b
Move tests to separate file.
clokep Aug 24, 2020
81f432e
Do not allow profile changes to propagate to rooms.
clokep Aug 24, 2020
237f5c8
Add a newsfragment.
clokep Aug 24, 2020
580c0f8
Fix copy and paste errors
clokep Aug 25, 2020
0274414
Ensure the display name in the room was not updated.
clokep Aug 25, 2020
37af103
Also handle directly changing the state for a room.
clokep Aug 25, 2020
a2cfbff
Merge remote-tracking branch 'origin/develop' into clokep/shadow-bann…
clokep Aug 25, 2020
a4a8c2c
Clarify comment.
clokep Aug 26, 2020
c21729d
Merge remote-tracking branch 'origin/develop' into clokep/shadow-bann…
clokep Aug 26, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion synapse/handlers/room_member.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -380,7 +380,7 @@ async def _update_membership(
# later on.
content = dict(content)

if not self.allow_per_room_profiles:
if not self.allow_per_room_profiles or requester.shadow_banned:
# Strip profile data, knowing that new profile data will be added to the
# event's content in event_creation_handler.create_event() using the target's
# global profile.
Expand Down
65 changes: 63 additions & 2 deletions tests/rest/client/test_shadow_banned.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,15 +187,24 @@ class ProfileTestCase(_ShadowBannedBase):
synapse.rest.admin.register_servlets_for_client_rest_resource,
login.register_servlets,
profile.register_servlets,
room.register_servlets,
]

def test_displayname(self):
"""Profile changes should succeed, but don't end up in a room."""
original_display_name = "banned"
new_display_name = "new name"

# Join a room.
room_id = self.helper.create_room_as(
self.banned_user_id, tok=self.banned_access_token
)

# The update should succeed.
request, channel = self.make_request(
"PUT",
"/_matrix/client/r0/profile/%s/displayname" % (self.banned_user_id,),
{"displayname": "new display name"},
{"displayname": new_display_name},
access_token=self.banned_access_token,
)
self.render(request)
Expand All @@ -208,4 +217,56 @@ def test_displayname(self):
)
self.render(request)
self.assertEqual(channel.code, 200, channel.result)
self.assertEqual(channel.json_body["displayname"], "new display name")
self.assertEqual(channel.json_body["displayname"], new_display_name)

# But the display name in the room should not be.
message_handler = self.hs.get_message_handler()
event = self.get_success(
message_handler.get_room_data(
self.banned_user_id,
room_id,
"m.room.member",
self.banned_user_id,
False,
)
)
self.assertEqual(
event.content, {"membership": "join", "displayname": original_display_name}
)

def test_room_displayname(self):
"""Changes to state events for a room should be processed, but not end up in the room."""
original_display_name = "banned"
new_display_name = "new name"

# Join a room.
room_id = self.helper.create_room_as(
self.banned_user_id, tok=self.banned_access_token
)

# The update should succeed.
request, channel = self.make_request(
"PUT",
"/_matrix/client/r0/rooms/%s/state/m.room.member/%s"
% (room_id, self.banned_user_id),
{"membership": "join", "displayname": new_display_name},
access_token=self.banned_access_token,
)
self.render(request)
self.assertEquals(200, channel.code, channel.result)
self.assertIn("event_id", channel.json_body)

# The display name in the room should not be.
clokep marked this conversation as resolved.
Show resolved Hide resolved
message_handler = self.hs.get_message_handler()
event = self.get_success(
message_handler.get_room_data(
self.banned_user_id,
room_id,
"m.room.member",
self.banned_user_id,
False,
)
)
self.assertEqual(
event.content, {"membership": "join", "displayname": original_display_name}
)
2 changes: 1 addition & 1 deletion tests/rest/client/v1/test_rooms.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
from synapse.handlers.pagination import PurgeStatus
from synapse.rest.client.v1 import directory, login, profile, room
from synapse.rest.client.v2_alpha import account
from synapse.types import JsonDict, RoomAlias
from synapse.types import JsonDict, RoomAlias, UserID
from synapse.util.stringutils import random_string

from tests import unittest
Expand Down