1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
|
From 74e2f028bbcaeb2a572d03e66334f3c671bffae2 Mon Sep 17 00:00:00 2001
From: Shay <hillerys@element.io>
Date: Mon, 19 May 2025 01:48:46 -0700
Subject: [PATCH 10/34] Fix admin redaction endpoint not redacting encrypted
messages (#18434)
---
changelog.d/18434.bugfix | 1 +
synapse/handlers/admin.py | 2 +-
tests/rest/admin/test_user.py | 55 ++++++++++++++++++++++++++++++++++-
3 files changed, 56 insertions(+), 2 deletions(-)
create mode 100644 changelog.d/18434.bugfix
diff --git a/changelog.d/18434.bugfix b/changelog.d/18434.bugfix
new file mode 100644
index 0000000000..dd094c83e8
--- /dev/null
+++ b/changelog.d/18434.bugfix
@@ -0,0 +1 @@
+Fix admin redaction endpoint not redacting encrypted messages.
\ No newline at end of file
diff --git a/synapse/handlers/admin.py b/synapse/handlers/admin.py
index f3e7790d43..971a74244f 100644
--- a/synapse/handlers/admin.py
+++ b/synapse/handlers/admin.py
@@ -445,7 +445,7 @@ class AdminHandler:
user_id,
room,
limit,
- ["m.room.member", "m.room.message"],
+ ["m.room.member", "m.room.message", "m.room.encrypted"],
)
if not event_ids:
# nothing to redact in this room
diff --git a/tests/rest/admin/test_user.py b/tests/rest/admin/test_user.py
index a35a250975..874c29c935 100644
--- a/tests/rest/admin/test_user.py
+++ b/tests/rest/admin/test_user.py
@@ -36,7 +36,13 @@ from twisted.test.proto_helpers import MemoryReactor
from twisted.web.resource import Resource
import synapse.rest.admin
-from synapse.api.constants import ApprovalNoticeMedium, EventTypes, LoginType, UserTypes
+from synapse.api.constants import (
+ ApprovalNoticeMedium,
+ EventContentFields,
+ EventTypes,
+ LoginType,
+ UserTypes,
+)
from synapse.api.errors import Codes, HttpResponseException, ResourceLimitError
from synapse.api.room_versions import RoomVersions
from synapse.media.filepath import MediaFilePaths
@@ -5467,6 +5473,53 @@ class UserRedactionTestCase(unittest.HomeserverTestCase):
# we originally sent 5 messages so 5 should be redacted
self.assertEqual(len(original_message_ids), 0)
+ def test_redact_redacts_encrypted_messages(self) -> None:
+ """
+ Test that user's encrypted messages are redacted
+ """
+ encrypted_room = self.helper.create_room_as(
+ self.admin, tok=self.admin_tok, room_version="7"
+ )
+ self.helper.send_state(
+ encrypted_room,
+ EventTypes.RoomEncryption,
+ {EventContentFields.ENCRYPTION_ALGORITHM: "m.megolm.v1.aes-sha2"},
+ tok=self.admin_tok,
+ )
+ # join room send some messages
+ originals = []
+ join = self.helper.join(encrypted_room, self.bad_user, tok=self.bad_user_tok)
+ originals.append(join["event_id"])
+ for _ in range(15):
+ res = self.helper.send_event(
+ encrypted_room, "m.room.encrypted", {}, tok=self.bad_user_tok
+ )
+ originals.append(res["event_id"])
+
+ # redact user's events
+ channel = self.make_request(
+ "POST",
+ f"/_synapse/admin/v1/user/{self.bad_user}/redact",
+ content={"rooms": []},
+ access_token=self.admin_tok,
+ )
+ self.assertEqual(channel.code, 200)
+
+ matched = []
+ filter = json.dumps({"types": [EventTypes.Redaction]})
+ channel = self.make_request(
+ "GET",
+ f"rooms/{encrypted_room}/messages?filter={filter}&limit=50",
+ access_token=self.admin_tok,
+ )
+ self.assertEqual(channel.code, 200)
+
+ for event in channel.json_body["chunk"]:
+ for event_id in originals:
+ if event["type"] == "m.room.redaction" and event["redacts"] == event_id:
+ matched.append(event_id)
+ self.assertEqual(len(matched), len(originals))
+
class UserRedactionBackgroundTaskTestCase(BaseMultiWorkerStreamTestCase):
servlets = [
--
2.49.0
|
