You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The way room moderator reporting currently seems to work is that the same user is used to relay reports to the management room as is used by Mjolnir to protect rooms. A reporter invites the mjolnir user to a DM in order to send the report, which mjolnir will only accept if the reporter is in the management room or the space specified in config.acceptInvitesFromSpace.
For report-to-moderator to work properly, you'd expect that anyone could invite the relay bot, but this can't be allowed when the same user is being used as the protection and relay roles, not only because accepting any invite is an abuse vector, but also because it conflicts with config.protectAllJoinedRooms. Anyone would be able to use your Mjolnir to protect their rooms just by inviting it.
The text was updated successfully, but these errors were encountered:
The way room moderator reporting currently seems to work is that the same user is used to relay reports to the management room as is used by Mjolnir to protect rooms. A reporter invites the mjolnir user to a DM in order to send the report, which mjolnir will only accept if the reporter is in the management room or the space specified in
config.acceptInvitesFromSpace
.For report-to-moderator to work properly, you'd expect that anyone could invite the relay bot, but this can't be allowed when the same user is being used as the protection and relay roles, not only because accepting any invite is an abuse vector, but also because it conflicts with
config.protectAllJoinedRooms
. Anyone would be able to use your Mjolnir to protect their rooms just by inviting it.The text was updated successfully, but these errors were encountered: