Return 404 or member list when getting joined_members after leaving (#13374)

andrewdoh · clokep · anoadragon453 · web-flow · commit 78a3111c41bf · 2022-08-03T14:26:31.000+02:00
Signed-off-by: Andrew Doh &lt;andrewddo@gmail.com&gt;
Co-authored-by: Patrick Cloke &lt;clokep@users.noreply.github.com&gt;
Co-authored-by: Andrew Morgan &lt;andrewm@element.io&gt;
Co-authored-by: Brendan Abolivier &lt;babolivier@matrix.org&gt;
diff --git a/changelog.d/13374.bugfix b/changelog.d/13374.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in Synapse 0.24.0 that would respond with the wrong error status code to `/joined_members` requests when the requester is not a current member of the room. Contributed by @andrewdoh.
diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py
@@ -324,8 +324,10 @@ async def get_joined_members(self, requester: Requester, room_id: str) -> dict:
                 room_id, user_id, allow_departed_users=True
             )
             if membership != Membership.JOIN:
-                raise NotImplementedError(
-                    "Getting joined members after leaving is not implemented"
+                raise SynapseError(
+                    code=403,
+                    errcode=Codes.FORBIDDEN,
+                    msg="Getting joined members while not being a current member of the room is forbidden.",
                 )
 
         users_with_profile = await self.store.get_users_in_room_with_profiles(room_id)
diff --git a/tests/rest/admin/test_room.py b/tests/rest/admin/test_room.py
@@ -1772,6 +1772,21 @@ def _set_canonical_alias(
             tok=admin_user_tok,
         )
 
+    def test_get_joined_members_after_leave_room(self) -> None:
+        """Test that requesting room members after leaving the room raises a 403 error."""
+
+        # create the room
+        user = self.register_user("foo", "pass")
+        user_tok = self.login("foo", "pass")
+        room_id = self.helper.create_room_as(user, tok=user_tok)
+        self.helper.leave(room_id, user, tok=user_tok)
+
+        # delete the rooms and get joined roomed membership
+        url = f"/_matrix/client/r0/rooms/{room_id}/joined_members"
+        channel = self.make_request("GET", url.encode("ascii"), access_token=user_tok)
+        self.assertEqual(HTTPStatus.FORBIDDEN, channel.code, msg=channel.json_body)
+        self.assertEqual(Codes.FORBIDDEN, channel.json_body["errcode"])
+
 
 class JoinAliasRoomTestCase(unittest.HomeserverTestCase):
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Fix a bug introduced in Synapse 0.24.0 that would respond with the wrong error status code to `/joined_members` requests when the requester is not a current member of the room. Contributed by @andrewdoh.
Original file line number	Diff line number	Diff line change
`@@ -324,8 +324,10 @@ async def get_joined_members(self, requester: Requester, room_id: str) -> dict:`
`324`	`324`	`room_id, user_id, allow_departed_users=True`
`325`	`325`	`)`
`326`	`326`	`if membership != Membership.JOIN:`
`327`		`- raise NotImplementedError(`
`328`		`- "Getting joined members after leaving is not implemented"`
	`327`	`+ raise SynapseError(`
	`328`	`+ code=403,`
	`329`	`+ errcode=Codes.FORBIDDEN,`
	`330`	`+ msg="Getting joined members while not being a current member of the room is forbidden.",`
`329`	`331`	`)`
`330`	`332`
`331`	`333`	`users_with_profile = await self.store.get_users_in_room_with_profiles(room_id)`