-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Room Shutdown API has no validation/error handling #5575
Comments
shutdown_room is undocumented, but afaict it only removes local users from the room. It doesn't remove the room in its entirety from the server. That said, you should be removed from the room, and the server should reject new events for the room (because all local users have left). Can you share logs that show the shutdown_room running and the new messages arriving? |
As this issue is appearing again, with a new version of the same alt-right room sending spam invites and harassment, here are my steps:
curl 'https://pixie.town/_matrix/client/r0/admin/shutdown_room/\!HkIVpVBRHoIryLnGUn:chat.thisisjoes.site' \
-H "Authorization: Bearer $ADMIN_TOKEN" -XPOST \
-d'{"new_room_user_id": "@f0x:pixie.town", "message": "testing shutdown_room", "room_name": "Replacement Room after supposed shutdown"}' After that I do get joined to the replacement room, but my account will also still be in the supposedly shutdown room, receiving new events and continued harassment. After leaving they can also still send invites log entries:
|
It seems the issue is with my escaping of the room id, after which Synapse will happily "block" a nonexisting room and still return a
|
The Delete Room admin API allows server admins to remove rooms from server and block these rooms. `DELETE /_synapse/admin/v1/rooms/<room_id>` It is a combination and improvement of "[Shutdown room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/shutdown_room.md)" and "[Purge room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/purge_room.md)" API. Fixes: #6425 It also fixes a bug in [synapse/storage/data_stores/main/room.py](synapse/storage/data_stores/main/room.py) in ` get_room_with_stats`. It should return `None` if the room is unknown. But it returns an `IndexError`. https://github.com/matrix-org/synapse/blob/901b1fa561e3cc661d78aa96d59802cf2078cb0d/synapse/storage/data_stores/main/room.py#L99-L105 Related to: - #5575 - Awesome-Technologies/synapse-admin#17 Signed-off-by: Dirk Klimpel dirk@klimpel.org
Fixed by #8830 |
Description
after calling
_matrix/client/r0/admin/shutdown_room
on a room, I get invited to the replacement room, but I still continue to receive new events in the old room.Steps to reproduce
_matrix/client/r0/admin/shutdown_room
endpoint on itI don't see any errors in the log, and from my understanding this endpoint should totally remove this room from my server, for the future as well.
Version information
If not matrix.org:
Version: Synapse 1.0.0
Install method: pip in virtualenv
The text was updated successfully, but these errors were encountered: