From 9c28be8fde32c7d8377dc37836557c1701a846cc Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 20 Aug 2022 20:24:09 +0200 Subject: [PATCH 1/2] =?UTF-8?q?=E2=9C=A8=20accept=20joins=20only=20from=20?= =?UTF-8?q?allowed=20users?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doc/manual/config.md | 1 + simplematrixbotlib/callbacks.py | 10 ++++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/manual/config.md b/doc/manual/config.md index f6ff609..61dfca5 100644 --- a/doc/manual/config.md +++ b/doc/manual/config.md @@ -20,6 +20,7 @@ See also: [Additional Methods](#additional-methods) #### `join_on_invite` Boolean: whether the bot accepts all invites automatically. +When `allowlist` or `blocklist` are set, the bot will reject invites from any user that is not allowed. #### `encryption_enabled` Boolean: whether to enable encryption. diff --git a/simplematrixbotlib/callbacks.py b/simplematrixbotlib/callbacks.py index 57bb49f..6ffd36b 100644 --- a/simplematrixbotlib/callbacks.py +++ b/simplematrixbotlib/callbacks.py @@ -2,6 +2,7 @@ import nio.events.to_device from nio import InviteMemberEvent from nio import MegolmEvent, KeyVerificationStart, KeyVerificationCancel, KeyVerificationKey, KeyVerificationMac, ToDeviceError, KeyVerificationEvent +from simplematrixbotlib.match import Match class Callbacks: @@ -59,8 +60,13 @@ async def invite_callback(self, room, event, tries=1): return try: - await self.async_client.join(room.room_id) - print(f"Joined {room.room_id}") + match = Match(room, event, self.bot) + if match.is_from_allowed_user(): + await self.async_client.join(room.room_id) + print(f"Joined {room.room_id}") + else: + await self.async_client.room_leave(room.room_id) + print(f"Rejected invite from user {event.sender} (user not allowed)") except Exception as e: print(f"Error joining {room.room_id}: {e}") tries += 1 From f992565fbea21fae38c856b324ca9a577f331749 Mon Sep 17 00:00:00 2001 From: HarHarLinks Date: Sat, 20 Aug 2022 21:06:38 +0200 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=94=92=20don't=20leave=20if=20already?= =?UTF-8?q?=20joined?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit prevents an exploit where an unauthorized user invites an already joined bot to make it leave --- simplematrixbotlib/callbacks.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/simplematrixbotlib/callbacks.py b/simplematrixbotlib/callbacks.py index 6ffd36b..7d107d0 100644 --- a/simplematrixbotlib/callbacks.py +++ b/simplematrixbotlib/callbacks.py @@ -1,7 +1,6 @@ import nio.events.room_events import nio.events.to_device -from nio import InviteMemberEvent -from nio import MegolmEvent, KeyVerificationStart, KeyVerificationCancel, KeyVerificationKey, KeyVerificationMac, ToDeviceError, KeyVerificationEvent +from nio import InviteMemberEvent, MegolmEvent, KeyVerificationStart, KeyVerificationCancel, KeyVerificationKey, KeyVerificationMac, ToDeviceError, KeyVerificationEvent from simplematrixbotlib.match import Match @@ -65,7 +64,10 @@ async def invite_callback(self, room, event, tries=1): await self.async_client.join(room.room_id) print(f"Joined {room.room_id}") else: - await self.async_client.room_leave(room.room_id) + joined_rooms = await self.async_client.joined_rooms() + if room.room_id not in joined_rooms.rooms: + # prevents leaving if already in the room opposed to rejecting invites + await self.async_client.room_leave(room.room_id) print(f"Rejected invite from user {event.sender} (user not allowed)") except Exception as e: print(f"Error joining {room.room_id}: {e}")