summary refs log tree commit diff
diff options
context:
space:
mode:
authorPatrick Cloke <clokep@users.noreply.github.com>2021-07-16 10:36:38 -0400
committerGitHub <noreply@github.com>2021-07-16 10:36:38 -0400
commitd427f64724569d606add3c1e6f3008bdd82c092d (patch)
tree9303df2b4b45ed64c62e9ff2320a56142352a4e6
parentUse inline type hints in `http/federation/`, `storage/` and `util/` (#10381) (diff)
downloadsynapse-d427f64724569d606add3c1e6f3008bdd82c092d.tar.xz
Do not include signatures/hashes in make_{join,leave,knock} responses. (#10404)
These signatures would end up invalid since the joining/leaving/knocking
server would modify the response before calling send_{join,leave,knock}.
-rw-r--r--changelog.d/10404.bugfix1
-rw-r--r--synapse/events/__init__.py14
-rw-r--r--synapse/federation/federation_server.py9
3 files changed, 18 insertions, 6 deletions
diff --git a/changelog.d/10404.bugfix b/changelog.d/10404.bugfix
new file mode 100644
index 0000000000..2e095b6402
--- /dev/null
+++ b/changelog.d/10404.bugfix
@@ -0,0 +1 @@
+Responses from `/make_{join,leave,knock}` no longer include signatures, which will turn out to be invalid after events are returned to `/send_{join,leave,knock}`.
diff --git a/synapse/events/__init__.py b/synapse/events/__init__.py
index 65dc7a4ed0..0298af4c02 100644
--- a/synapse/events/__init__.py
+++ b/synapse/events/__init__.py
@@ -291,6 +291,20 @@ class EventBase(metaclass=abc.ABCMeta):
 
         return pdu_json
 
+    def get_templated_pdu_json(self) -> JsonDict:
+        """
+        Return a JSON object suitable for a templated event, as used in the
+        make_{join,leave,knock} workflow.
+        """
+        # By using _dict directly we don't pull in signatures/unsigned.
+        template_json = dict(self._dict)
+        # The hashes (similar to the signature) need to be recalculated by the
+        # joining/leaving/knocking server after (potentially) modifying the
+        # event.
+        template_json.pop("hashes")
+
+        return template_json
+
     def __set__(self, instance, value):
         raise AttributeError("Unrecognized attribute %s" % (instance,))
 
diff --git a/synapse/federation/federation_server.py b/synapse/federation/federation_server.py
index d91f0ff32f..29619aeeb8 100644
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@@ -562,8 +562,7 @@ class FederationServer(FederationBase):
             raise IncompatibleRoomVersionError(room_version=room_version)
 
         pdu = await self.handler.on_make_join_request(origin, room_id, user_id)
-        time_now = self._clock.time_msec()
-        return {"event": pdu.get_pdu_json(time_now), "room_version": room_version}
+        return {"event": pdu.get_templated_pdu_json(), "room_version": room_version}
 
     async def on_invite_request(
         self, origin: str, content: JsonDict, room_version_id: str
@@ -611,8 +610,7 @@ class FederationServer(FederationBase):
 
         room_version = await self.store.get_room_version_id(room_id)
 
-        time_now = self._clock.time_msec()
-        return {"event": pdu.get_pdu_json(time_now), "room_version": room_version}
+        return {"event": pdu.get_templated_pdu_json(), "room_version": room_version}
 
     async def on_send_leave_request(
         self, origin: str, content: JsonDict, room_id: str
@@ -659,9 +657,8 @@ class FederationServer(FederationBase):
             )
 
         pdu = await self.handler.on_make_knock_request(origin, room_id, user_id)
-        time_now = self._clock.time_msec()
         return {
-            "event": pdu.get_pdu_json(time_now),
+            "event": pdu.get_templated_pdu_json(),
             "room_version": room_version.identifier,
         }