From c83837e684347563c068c5ca4849090695bc97d0 Mon Sep 17 00:00:00 2001 From: Neil Alexander Date: Tue, 24 May 2022 09:11:23 +0100 Subject: [PATCH] Strip `join_authorised_by_users_server` when updating membership events using `/rooms/{roomID}/state` (#2482) --- clientapi/routing/sendevent.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/clientapi/routing/sendevent.go b/clientapi/routing/sendevent.go index 5f84739d..b8a7fe98 100644 --- a/clientapi/routing/sendevent.go +++ b/clientapi/routing/sendevent.go @@ -104,6 +104,13 @@ func SendEvent( return *resErr } + // If we're sending a membership update, make sure to strip the authorised + // via key if it is present, otherwise other servers won't be able to auth + // the event if the room is set to the "restricted" join rule. + if eventType == gomatrixserverlib.MRoomMember { + delete(r, "join_authorised_by_users_server") + } + evTime, err := httputil.ParseTSParam(req) if err != nil { return util.JSONResponse{