From ab4a7852d6e022c38eca586ea57dcfbb3b36a837 Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Tue, 14 Oct 2025 13:01:21 +0300
Subject: [PATCH] bridgev2/provisionutil: don't allow self in create group
 participants

---
 bridgev2/provisionutil/creategroup.go | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/bridgev2/provisionutil/creategroup.go b/bridgev2/provisionutil/creategroup.go
index 7a21f682..f389ab42 100644
--- a/bridgev2/provisionutil/creategroup.go
+++ b/bridgev2/provisionutil/creategroup.go
@@ -37,12 +37,13 @@ func CreateGroup(ctx context.Context, login *bridgev2.UserLogin, params *bridgev
 	if len(params.Participants) < typeSpec.Participants.MinLength {
 		return nil, bridgev2.RespError(mautrix.MInvalidParam.WithMessage("Must have at least %d members", typeSpec.Participants.MinLength))
 	}
-	userIDValidatingNetwork, ok := login.Bridge.Network.(bridgev2.IdentifierValidatingNetwork)
-	if ok {
-		for _, participant := range params.Participants {
-			if !userIDValidatingNetwork.ValidateUserID(participant) {
-				return nil, bridgev2.RespError(mautrix.MInvalidParam.WithMessage("User ID %q is not valid on this network", participant))
-			}
+	userIDValidatingNetwork, uidValOK := login.Bridge.Network.(bridgev2.IdentifierValidatingNetwork)
+	for _, participant := range params.Participants {
+		if uidValOK && !userIDValidatingNetwork.ValidateUserID(participant) {
+			return nil, bridgev2.RespError(mautrix.MInvalidParam.WithMessage("User ID %q is not valid on this network", participant))
+		}
+		if api.IsThisUser(ctx, participant) {
+			return nil, bridgev2.RespError(mautrix.MInvalidParam.WithMessage("You can't include yourself in the participants list", participant))
 		}
 	}
 	if (params.Name == nil || params.Name.Name == "") && typeSpec.Name.Required {