oss/conduit
oss/conduit
1
0
Fork 0
mirror of https://gitlab.com/famedly/conduit.git synced 2025-06-27 16:35:59 +00:00
Code Wiki Activity

feat(admin-room): Delete the created user message after 60s

Browse source 
Reported-by: Matthias Ahouansou <matthias@ahouansou.cz>
Helped-by: Matthias Ahouansou <matthias@ahouansou.cz>
Related-to: https://gitlab.com/famedly/conduit/-/issues/432
Signed-off-by: Awiteb <a@4rs.nl>
This commit is contained in:
Awiteb 2024-04-14 18:59:13 +03:00
parent 6355116063
commit a5e785fa6c
No known key found for this signature in database
GPG key ID: 3F6B55640AA6682F
1 changed files with 82 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

87
src/service/admin/mod.rs
View file

@ -320,6 +320,57 @@ impl Service {
Ok(()) Ok(())
} }
/// Send the message content and return it's result
///
/// Note: This is different from send_message, as it sends the message
/// and returns the sending result, unlike [`send_message`], which will send
/// the message via [`handler`] and ignore the sending result.
///
/// Note: Will return Ok(None) if there is no admin room
///
/// [`send_message`]: Self::send_message()
/// [`handler`]: Self::handler()
pub async fn send_message_with_result(
&self,
message_content: &RoomMessageEventContent,
) -> Result<Option<Arc<EventId>>> {
let conduit_user =
UserId::parse_with_server_name("conduit", services().globals.server_name())
.expect("@conduit:server_name is valid");
if let Some(room_id) = services().admin.get_admin_room()? {
let mutex_state = Arc::clone(
services()
.globals
.roomid_mutex_state
.write()
.await
.entry(room_id.clone())
.or_default(),
);
let state_lock = mutex_state.lock().await;
services()
.rooms
.timeline
.build_and_append_pdu(
PduBuilder {
event_type: TimelineEventType::RoomMessage,
content: to_raw_value(message_content)
.expect("event is valid, we just created it"),
unsigned: None,
state_key: None,
redacts: None,
},
&conduit_user,
&room_id,
&state_lock,
)
.await
.map(Some)
} else {
Ok(None)
}
}
/// Parse and process a message from the admin room /// Parse and process a message from the admin room
/// ///
/// May return `Option::None` if there is no process case for the message /// May return `Option::None` if there is no process case for the message
@ -708,6 +759,7 @@ impl Service {
.set_displayname(&user_id, Some(displayname))?; .set_displayname(&user_id, Some(displayname))?;
// Initial account data // Initial account data
// we dont add a device since we're not the user, just the creator
services().account_data.update( services().account_data.update(
None, None,
&user_id, &user_id,
@ -734,12 +786,37 @@ impl Service {
.await?; .await?;
} }
// we dont add a device since we're not the user, just the creator // Send the created user message to the user, we
// need it's event id to delete it after 60s
let Some(sended_message_event_id) = services()
.admin
.send_message_with_result(&RoomMessageEventContent::text_plain(format!(
"Created user with user_id: {user_id} and password: {password} (This message will be deleted after 60s)"
)))
.await?
else {
return Ok(None);
};
// Inhibit login does not work for guests // Delete the message after 60s because it's contain a plain password
Some(RoomMessageEventContent::text_plain(format!( // and the admin room are not encrypted
"Created user with user_id: {user_id} and password: {password}" tokio::spawn(async move {
))) tokio::time::sleep(tokio::time::Duration::from_secs(60)).await;
if let Err(err) = services()
.admin
.delete_user_message(
sended_message_event_id.as_ref(),
Some("Message contained a plaintext password"),
)
.await
{
tracing::warn!(
"Couldn't delete message containing a plaintext password {err}"
)
}
});
None
} }
AdminCommand::DisableRoom { room_id } => { AdminCommand::DisableRoom { room_id } => {
services().rooms.metadata.disable_room(&room_id, true)?; services().rooms.metadata.disable_room(&room_id, true)?;