diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2021-10-05 12:50:07 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-10-05 12:50:07 +0100 |
commit | cb88ed912b3e984e0a409e4e5fd3c22817a4840d (patch) | |
tree | f2bce9c9d2e858ee9e343a023d34d7f7780362cd | |
parent | Run CI with Python 3.10 and Postgres 14 (#10992) (diff) | |
download | synapse-cb88ed912b3e984e0a409e4e5fd3c22817a4840d.tar.xz |
`_check_event_auth`: move event validation earlier (#10988)
There's little point in doing a fancy state reconciliation dance if the event itself is invalid. Likewise, there's no point checking it again in `_check_for_soft_fail`.
-rw-r--r-- | changelog.d/10988.misc | 1 | ||||
-rw-r--r-- | synapse/handlers/federation_event.py | 13 |
2 files changed, 10 insertions, 4 deletions
diff --git a/changelog.d/10988.misc b/changelog.d/10988.misc new file mode 100644 index 0000000000..9a765435db --- /dev/null +++ b/changelog.d/10988.misc @@ -0,0 +1 @@ +Clean up some of the federation event authentication code for clarity. diff --git a/synapse/handlers/federation_event.py b/synapse/handlers/federation_event.py index e587b5b3b3..5938654338 100644 --- a/synapse/handlers/federation_event.py +++ b/synapse/handlers/federation_event.py @@ -1250,9 +1250,18 @@ class FederationEventHandler: # This method should only be used for non-outliers assert not event.internal_metadata.outlier + # first of all, check that the event itself is valid. room_version = await self._store.get_room_version_id(event.room_id) room_version_obj = KNOWN_ROOM_VERSIONS[room_version] + try: + validate_event_for_room_version(room_version_obj, event) + except AuthError as e: + logger.warning("While validating received event %r: %s", event, e) + # TODO: use a different rejected reason here? + context.rejected = RejectedReason.AUTH_ERROR + return context + # calculate what the auth events *should* be, to use as a basis for auth. prev_state_ids = await context.get_prev_state_ids() auth_events_ids = self._event_auth_handler.compute_auth_events( @@ -1286,7 +1295,6 @@ class FederationEventHandler: auth_events_for_auth = calculated_auth_event_map try: - validate_event_for_room_version(room_version_obj, event) check_auth_rules_for_event(room_version_obj, event, auth_events_for_auth) except AuthError as e: logger.warning("Failed auth resolution for %r because %s", event, e) @@ -1399,9 +1407,6 @@ class FederationEventHandler: } try: - # TODO: skip the call to validate_event_for_room_version? we should already - # have validated the event. - validate_event_for_room_version(room_version_obj, event) check_auth_rules_for_event(room_version_obj, event, current_auth_events) except AuthError as e: logger.warning( |