diff --git a/packages/overlays/matrix-synapse/patches/0010-Fix-admin-redaction-endpoint-not-redacting-encrypted.patch b/packages/overlays/matrix-synapse/patches/0010-Fix-admin-redaction-endpoint-not-redacting-encrypted.patch
new file mode 100644
index 0000000..203103d
--- /dev/null
+++ b/packages/overlays/matrix-synapse/patches/0010-Fix-admin-redaction-endpoint-not-redacting-encrypted.patch
@@ -0,0 +1,110 @@
+From 74e2f028bbcaeb2a572d03e66334f3c671bffae2 Mon Sep 17 00:00:00 2001
+From: Shay <hillerys@element.io>
+Date: Mon, 19 May 2025 01:48:46 -0700
+Subject: [PATCH 10/34] Fix admin redaction endpoint not redacting encrypted
+ messages (#18434)
+
+---
+ changelog.d/18434.bugfix | 1 +
+ synapse/handlers/admin.py | 2 +-
+ tests/rest/admin/test_user.py | 55 ++++++++++++++++++++++++++++++++++-
+ 3 files changed, 56 insertions(+), 2 deletions(-)
+ create mode 100644 changelog.d/18434.bugfix
+
+diff --git a/changelog.d/18434.bugfix b/changelog.d/18434.bugfix
+new file mode 100644
+index 0000000000..dd094c83e8
+--- /dev/null
++++ b/changelog.d/18434.bugfix
+@@ -0,0 +1 @@
++Fix admin redaction endpoint not redacting encrypted messages.
+\ No newline at end of file
+diff --git a/synapse/handlers/admin.py b/synapse/handlers/admin.py
+index f3e7790d43..971a74244f 100644
+--- a/synapse/handlers/admin.py
++++ b/synapse/handlers/admin.py
+@@ -445,7 +445,7 @@ class AdminHandler:
+ user_id,
+ room,
+ limit,
+- ["m.room.member", "m.room.message"],
++ ["m.room.member", "m.room.message", "m.room.encrypted"],
+ )
+ if not event_ids:
+ # nothing to redact in this room
+diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py
+index a35a250975..874c29c935 100644
+--- a/tests/rest/admin/test_user.py
++++ b/tests/rest/admin/test_user.py
+@@ -36,7 +36,13 @@ from twisted.test.proto_helpers import MemoryReactor
+ from twisted.web.resource import Resource
+
+ import synapse.rest.admin
+-from synapse.api.constants import ApprovalNoticeMedium, EventTypes, LoginType, UserTypes
++from synapse.api.constants import (
++ ApprovalNoticeMedium,
++ EventContentFields,
++ EventTypes,
++ LoginType,
++ UserTypes,
++)
+ from synapse.api.errors import Codes, HttpResponseException, ResourceLimitError
+ from synapse.api.room_versions import RoomVersions
+ from synapse.media.filepath import MediaFilePaths
+@@ -5467,6 +5473,53 @@ class UserRedactionTestCase(unittest.HomeserverTestCase):
+ # we originally sent 5 messages so 5 should be redacted
+ self.assertEqual(len(original_message_ids), 0)
+
++ def test_redact_redacts_encrypted_messages(self) -> None:
++ """
++ Test that user's encrypted messages are redacted
++ """
++ encrypted_room = self.helper.create_room_as(
++ self.admin, tok=self.admin_tok, room_version="7"
++ )
++ self.helper.send_state(
++ encrypted_room,
++ EventTypes.RoomEncryption,
++ {EventContentFields.ENCRYPTION_ALGORITHM: "m.megolm.v1.aes-sha2"},
++ tok=self.admin_tok,
++ )
++ # join room send some messages
++ originals = []
++ join = self.helper.join(encrypted_room, self.bad_user, tok=self.bad_user_tok)
++ originals.append(join["event_id"])
++ for _ in range(15):
++ res = self.helper.send_event(
++ encrypted_room, "m.room.encrypted", {}, tok=self.bad_user_tok
++ )
++ originals.append(res["event_id"])
++
++ # redact user's events
++ channel = self.make_request(
++ "POST",
++ f"/_synapse/admin/v1/user/{self.bad_user}/redact",
++ content={"rooms": []},
++ access_token=self.admin_tok,
++ )
++ self.assertEqual(channel.code, 200)
++
++ matched = []
++ filter = json.dumps({"types": [EventTypes.Redaction]})
++ channel = self.make_request(
++ "GET",
++ f"rooms/{encrypted_room}/messages?filter={filter}&limit=50",
++ access_token=self.admin_tok,
++ )
++ self.assertEqual(channel.code, 200)
++
++ for event in channel.json_body["chunk"]:
++ for event_id in originals:
++ if event["type"] == "m.room.redaction" and event["redacts"] == event_id:
++ matched.append(event_id)
++ self.assertEqual(len(matched), len(originals))
++
+
+ class UserRedactionBackgroundTaskTestCase(BaseMultiWorkerStreamTestCase):
+ servlets = [
+--
+2.49.0
+
|
