diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index f93e45a744..5e2b89c324 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -27,7 +27,6 @@ from synapse.api.constants import EventTypes, Membership, JoinRules
from synapse.api.errors import AuthError, Codes, SynapseError, EventSizeError
from synapse.types import UserID, get_domain_from_id
from synapse.util.logcontext import preserve_context_over_fn
-from synapse.util.logutils import log_function
from synapse.util.metrics import Measure
logger = logging.getLogger(__name__)
@@ -43,30 +42,9 @@ AuthEventTypes = (
GUEST_DEVICE_ID = "guest_device"
-class Auth(object):
- """
- FIXME: This class contains a mix of functions for authenticating users
- of our client-server API and authenticating events added to room graphs.
- """
- def __init__(self, hs):
- self.hs = hs
- self.clock = hs.get_clock()
- self.store = hs.get_datastore()
- self.state = hs.get_state_handler()
- self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
-
- @defer.inlineCallbacks
- def check_from_context(self, event, context, do_sig_check=True):
- auth_events_ids = yield self.compute_auth_events(
- event, context.prev_state_ids, for_verification=True,
- )
- auth_events = yield self.store.get_events(auth_events_ids)
- auth_events = {
- (e.type, e.state_key): e for e in auth_events.values()
- }
- self.check(event, auth_events=auth_events, do_sig_check=do_sig_check)
-
- def check(self, event, auth_events, do_sig_check=True):
+class Auther(object):
+ @staticmethod
+ def check(event, auth_events, do_sig_check=True):
""" Checks if this event is correctly authed.
Args:
@@ -77,133 +55,133 @@ class Auth(object):
Returns:
True if the auth checks pass.
"""
- with Measure(self.clock, "auth.check"):
- self.check_size_limits(event)
+ Auther.check_size_limits(event)
- if not hasattr(event, "room_id"):
- raise AuthError(500, "Event has no room_id: %s" % event)
+ if not hasattr(event, "room_id"):
+ raise AuthError(500, "Event has no room_id: %s" % event)
- if do_sig_check:
- sender_domain = get_domain_from_id(event.sender)
- event_id_domain = get_domain_from_id(event.event_id)
+ if do_sig_check:
+ sender_domain = get_domain_from_id(event.sender)
+ event_id_domain = get_domain_from_id(event.event_id)
- is_invite_via_3pid = (
- event.type == EventTypes.Member
- and event.membership == Membership.INVITE
- and "third_party_invite" in event.content
- )
+ is_invite_via_3pid = (
+ event.type == EventTypes.Member
+ and event.membership == Membership.INVITE
+ and "third_party_invite" in event.content
+ )
- # Check the sender's domain has signed the event
- if not event.signatures.get(sender_domain):
- # We allow invites via 3pid to have a sender from a different
- # HS, as the sender must match the sender of the original
- # 3pid invite. This is checked further down with the
- # other dedicated membership checks.
- if not is_invite_via_3pid:
- raise AuthError(403, "Event not signed by sender's server")
-
- # Check the event_id's domain has signed the event
- if not event.signatures.get(event_id_domain):
- raise AuthError(403, "Event not signed by sending server")
-
- if auth_events is None:
- # Oh, we don't know what the state of the room was, so we
- # are trusting that this is allowed (at least for now)
- logger.warn("Trusting event: %s", event.event_id)
- return True
+ # Check the sender's domain has signed the event
+ if not event.signatures.get(sender_domain):
+ # We allow invites via 3pid to have a sender from a different
+ # HS, as the sender must match the sender of the original
+ # 3pid invite. This is checked further down with the
+ # other dedicated membership checks.
+ if not is_invite_via_3pid:
+ raise AuthError(403, "Event not signed by sender's server")
+
+ # Check the event_id's domain has signed the event
+ if not event.signatures.get(event_id_domain):
+ raise AuthError(403, "Event not signed by sending server")
+
+ if auth_events is None:
+ # Oh, we don't know what the state of the room was, so we
+ # are trusting that this is allowed (at least for now)
+ logger.warn("Trusting event: %s", event.event_id)
+ return True
- if event.type == EventTypes.Create:
- room_id_domain = get_domain_from_id(event.room_id)
- if room_id_domain != sender_domain:
- raise AuthError(
- 403,
- "Creation event's room_id domain does not match sender's"
- )
- # FIXME
- return True
+ if event.type == EventTypes.Create:
+ room_id_domain = get_domain_from_id(event.room_id)
+ if room_id_domain != sender_domain:
+ raise AuthError(
+ 403,
+ "Creation event's room_id domain does not match sender's"
+ )
+ # FIXME
+ return True
- creation_event = auth_events.get((EventTypes.Create, ""), None)
+ creation_event = auth_events.get((EventTypes.Create, ""), None)
- if not creation_event:
- raise SynapseError(
+ if not creation_event:
+ raise SynapseError(
+ 403,
+ "Room %r does not exist" % (event.room_id,)
+ )
+
+ creating_domain = get_domain_from_id(event.room_id)
+ originating_domain = get_domain_from_id(event.sender)
+ if creating_domain != originating_domain:
+ if not Auther.can_federate(event, auth_events):
+ raise AuthError(
403,
- "Room %r does not exist" % (event.room_id,)
+ "This room has been marked as unfederatable."
)
- creating_domain = get_domain_from_id(event.room_id)
- originating_domain = get_domain_from_id(event.sender)
- if creating_domain != originating_domain:
- if not self.can_federate(event, auth_events):
- raise AuthError(
- 403,
- "This room has been marked as unfederatable."
- )
+ # FIXME: Temp hack
+ if event.type == EventTypes.Aliases:
+ if not event.is_state():
+ raise AuthError(
+ 403,
+ "Alias event must be a state event",
+ )
+ if not event.state_key:
+ raise AuthError(
+ 403,
+ "Alias event must have non-empty state_key"
+ )
+ sender_domain = get_domain_from_id(event.sender)
+ if event.state_key != sender_domain:
+ raise AuthError(
+ 403,
+ "Alias event's state_key does not match sender's domain"
+ )
+ return True
- # FIXME: Temp hack
- if event.type == EventTypes.Aliases:
- if not event.is_state():
- raise AuthError(
- 403,
- "Alias event must be a state event",
- )
- if not event.state_key:
- raise AuthError(
- 403,
- "Alias event must have non-empty state_key"
- )
- sender_domain = get_domain_from_id(event.sender)
- if event.state_key != sender_domain:
- raise AuthError(
- 403,
- "Alias event's state_key does not match sender's domain"
- )
- return True
+ logger.debug(
+ "Auth events: %s",
+ [a.event_id for a in auth_events.values()]
+ )
- logger.debug(
- "Auth events: %s",
- [a.event_id for a in auth_events.values()]
+ if event.type == EventTypes.Member:
+ allowed = Auther.is_membership_change_allowed(
+ event, auth_events
)
+ if allowed:
+ logger.debug("Allowing! %s", event)
+ else:
+ logger.debug("Denying! %s", event)
+ return allowed
- if event.type == EventTypes.Member:
- allowed = self.is_membership_change_allowed(
- event, auth_events
- )
- if allowed:
- logger.debug("Allowing! %s", event)
- else:
- logger.debug("Denying! %s", event)
- return allowed
-
- self.check_event_sender_in_room(event, auth_events)
+ Auther.check_event_sender_in_room(event, auth_events)
- # Special case to allow m.room.third_party_invite events wherever
- # a user is allowed to issue invites. Fixes
- # https://github.com/vector-im/vector-web/issues/1208 hopefully
- if event.type == EventTypes.ThirdPartyInvite:
- user_level = self._get_user_power_level(event.user_id, auth_events)
- invite_level = self._get_named_level(auth_events, "invite", 0)
+ # Special case to allow m.room.third_party_invite events wherever
+ # a user is allowed to issue invites. Fixes
+ # https://github.com/vector-im/vector-web/issues/1208 hopefully
+ if event.type == EventTypes.ThirdPartyInvite:
+ user_level = Auther._get_user_power_level(event.user_id, auth_events)
+ invite_level = Auther._get_named_level(auth_events, "invite", 0)
- if user_level < invite_level:
- raise AuthError(
- 403, (
- "You cannot issue a third party invite for %s." %
- (event.content.display_name,)
- )
+ if user_level < invite_level:
+ raise AuthError(
+ 403, (
+ "You cannot issue a third party invite for %s." %
+ (event.content.display_name,)
)
- else:
- return True
+ )
+ else:
+ return True
- self._can_send_event(event, auth_events)
+ Auther._can_send_event(event, auth_events)
- if event.type == EventTypes.PowerLevels:
- self._check_power_levels(event, auth_events)
+ if event.type == EventTypes.PowerLevels:
+ Auther._check_power_levels(event, auth_events)
- if event.type == EventTypes.Redaction:
- self.check_redaction(event, auth_events)
+ if event.type == EventTypes.Redaction:
+ Auther.check_redaction(event, auth_events)
- logger.debug("Allowing! %s", event)
+ logger.debug("Allowing! %s", event)
- def check_size_limits(self, event):
+ @staticmethod
+ def check_size_limits(event):
def too_big(field):
raise EventSizeError("%s too large" % (field,))
@@ -220,109 +198,14 @@ class Auth(object):
if len(encode_canonical_json(event.get_pdu_json())) > 65536:
too_big("event")
- @defer.inlineCallbacks
- def check_joined_room(self, room_id, user_id, current_state=None):
- """Check if the user is currently joined in the room
- Args:
- room_id(str): The room to check.
- user_id(str): The user to check.
- current_state(dict): Optional map of the current state of the room.
- If provided then that map is used to check whether they are a
- member of the room. Otherwise the current membership is
- loaded from the database.
- Raises:
- AuthError if the user is not in the room.
- Returns:
- A deferred membership event for the user if the user is in
- the room.
- """
- if current_state:
- member = current_state.get(
- (EventTypes.Member, user_id),
- None
- )
- else:
- member = yield self.state.get_current_state(
- room_id=room_id,
- event_type=EventTypes.Member,
- state_key=user_id
- )
-
- self._check_joined_room(member, user_id, room_id)
- defer.returnValue(member)
-
- @defer.inlineCallbacks
- def check_user_was_in_room(self, room_id, user_id):
- """Check if the user was in the room at some point.
- Args:
- room_id(str): The room to check.
- user_id(str): The user to check.
- Raises:
- AuthError if the user was never in the room.
- Returns:
- A deferred membership event for the user if the user was in the
- room. This will be the join event if they are currently joined to
- the room. This will be the leave event if they have left the room.
- """
- member = yield self.state.get_current_state(
- room_id=room_id,
- event_type=EventTypes.Member,
- state_key=user_id
- )
- membership = member.membership if member else None
-
- if membership not in (Membership.JOIN, Membership.LEAVE):
- raise AuthError(403, "User %s not in room %s" % (
- user_id, room_id
- ))
-
- if membership == Membership.LEAVE:
- forgot = yield self.store.did_forget(user_id, room_id)
- if forgot:
- raise AuthError(403, "User %s not in room %s" % (
- user_id, room_id
- ))
-
- defer.returnValue(member)
-
- @defer.inlineCallbacks
- def check_host_in_room(self, room_id, host):
- with Measure(self.clock, "check_host_in_room"):
- latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
-
- logger.info("calling resolve_state_groups from check_host_in_room")
- entry = yield self.state.resolve_state_groups(
- room_id, latest_event_ids
- )
-
- ret = yield self.store.is_host_joined(
- room_id, host, entry.state_group, entry.state
- )
- defer.returnValue(ret)
-
- def check_event_sender_in_room(self, event, auth_events):
- key = (EventTypes.Member, event.user_id, )
- member_event = auth_events.get(key)
-
- return self._check_joined_room(
- member_event,
- event.user_id,
- event.room_id
- )
-
- def _check_joined_room(self, member, user_id, room_id):
- if not member or member.membership != Membership.JOIN:
- raise AuthError(403, "User %s not in room %s (%s)" % (
- user_id, room_id, repr(member)
- ))
-
- def can_federate(self, event, auth_events):
+ @staticmethod
+ def can_federate(event, auth_events):
creation_event = auth_events.get((EventTypes.Create, ""))
return creation_event.content.get("m.federate", True) is True
- @log_function
- def is_membership_change_allowed(self, event, auth_events):
+ @staticmethod
+ def is_membership_change_allowed(event, auth_events):
membership = event.content["membership"]
# Check if this is the room creator joining:
@@ -339,7 +222,7 @@ class Auth(object):
creating_domain = get_domain_from_id(event.room_id)
target_domain = get_domain_from_id(target_user_id)
if creating_domain != target_domain:
- if not self.can_federate(event, auth_events):
+ if not Auther.can_federate(event, auth_events):
raise AuthError(
403,
"This room has been marked as unfederatable."
@@ -368,13 +251,13 @@ class Auth(object):
else:
join_rule = JoinRules.INVITE
- user_level = self._get_user_power_level(event.user_id, auth_events)
- target_level = self._get_user_power_level(
+ user_level = Auther._get_user_power_level(event.user_id, auth_events)
+ target_level = Auther._get_user_power_level(
target_user_id, auth_events
)
# FIXME (erikj): What should we do here as the default?
- ban_level = self._get_named_level(auth_events, "ban", 50)
+ ban_level = Auther._get_named_level(auth_events, "ban", 50)
logger.debug(
"is_membership_change_allowed: %s",
@@ -391,7 +274,7 @@ class Auth(object):
)
if Membership.INVITE == membership and "third_party_invite" in event.content:
- if not self._verify_third_party_invite(event, auth_events):
+ if not Auther._verify_third_party_invite(event, auth_events):
raise AuthError(403, "You are not invited to this room.")
if target_banned:
raise AuthError(
@@ -424,7 +307,7 @@ class Auth(object):
raise AuthError(403, "%s is already in the room." %
target_user_id)
else:
- invite_level = self._get_named_level(auth_events, "invite", 0)
+ invite_level = Auther._get_named_level(auth_events, "invite", 0)
if user_level < invite_level:
raise AuthError(
@@ -454,7 +337,7 @@ class Auth(object):
403, "You cannot unban user &s." % (target_user_id,)
)
elif target_user_id != event.user_id:
- kick_level = self._get_named_level(auth_events, "kick", 50)
+ kick_level = Auther._get_named_level(auth_events, "kick", 50)
if user_level < kick_level or user_level <= target_level:
raise AuthError(
@@ -468,7 +351,234 @@ class Auth(object):
return True
- def _verify_third_party_invite(self, event, auth_events):
+ @staticmethod
+ def check_event_sender_in_room(event, auth_events):
+ key = (EventTypes.Member, event.user_id, )
+ member_event = auth_events.get(key)
+
+ return Auther._check_joined_room(
+ member_event,
+ event.user_id,
+ event.room_id
+ )
+
+ @staticmethod
+ def _check_joined_room(member, user_id, room_id):
+ if not member or member.membership != Membership.JOIN:
+ raise AuthError(403, "User %s not in room %s (%s)" % (
+ user_id, room_id, repr(member)
+ ))
+
+ @staticmethod
+ def _get_send_level(etype, state_key, auth_events):
+ key = (EventTypes.PowerLevels, "", )
+ send_level_event = auth_events.get(key)
+ send_level = None
+ if send_level_event:
+ send_level = send_level_event.content.get("events", {}).get(
+ etype
+ )
+ if send_level is None:
+ if state_key is not None:
+ send_level = send_level_event.content.get(
+ "state_default", 50
+ )
+ else:
+ send_level = send_level_event.content.get(
+ "events_default", 0
+ )
+
+ if send_level:
+ send_level = int(send_level)
+ else:
+ send_level = 0
+
+ return send_level
+
+ @staticmethod
+ def _can_send_event(event, auth_events):
+ send_level = Auther._get_send_level(
+ event.type, event.get("state_key", None), auth_events
+ )
+ user_level = Auther._get_user_power_level(event.user_id, auth_events)
+
+ if user_level < send_level:
+ raise AuthError(
+ 403,
+ "You don't have permission to post that to the room. " +
+ "user_level (%d) < send_level (%d)" % (user_level, send_level)
+ )
+
+ # Check state_key
+ if hasattr(event, "state_key"):
+ if event.state_key.startswith("@"):
+ if event.state_key != event.user_id:
+ raise AuthError(
+ 403,
+ "You are not allowed to set others state"
+ )
+
+ return True
+
+ @staticmethod
+ def check_redaction(event, auth_events):
+ """Check whether the event sender is allowed to redact the target event.
+
+ Returns:
+ True if the the sender is allowed to redact the target event if the
+ target event was created by them.
+ False if the sender is allowed to redact the target event with no
+ further checks.
+
+ Raises:
+ AuthError if the event sender is definitely not allowed to redact
+ the target event.
+ """
+ user_level = Auther._get_user_power_level(event.user_id, auth_events)
+
+ redact_level = Auther._get_named_level(auth_events, "redact", 50)
+
+ if user_level >= redact_level:
+ return False
+
+ redacter_domain = get_domain_from_id(event.event_id)
+ redactee_domain = get_domain_from_id(event.redacts)
+ if redacter_domain == redactee_domain:
+ return True
+
+ raise AuthError(
+ 403,
+ "You don't have permission to redact events"
+ )
+
+ @staticmethod
+ def _check_power_levels(event, auth_events):
+ user_list = event.content.get("users", {})
+ # Validate users
+ for k, v in user_list.items():
+ try:
+ UserID.from_string(k)
+ except:
+ raise SynapseError(400, "Not a valid user_id: %s" % (k,))
+
+ try:
+ int(v)
+ except:
+ raise SynapseError(400, "Not a valid power level: %s" % (v,))
+
+ key = (event.type, event.state_key, )
+ current_state = auth_events.get(key)
+
+ if not current_state:
+ return
+
+ user_level = Auther._get_user_power_level(event.user_id, auth_events)
+
+ # Check other levels:
+ levels_to_check = [
+ ("users_default", None),
+ ("events_default", None),
+ ("state_default", None),
+ ("ban", None),
+ ("redact", None),
+ ("kick", None),
+ ("invite", None),
+ ]
+
+ old_list = current_state.content.get("users")
+ for user in set(old_list.keys() + user_list.keys()):
+ levels_to_check.append(
+ (user, "users")
+ )
+
+ old_list = current_state.content.get("events")
+ new_list = event.content.get("events")
+ for ev_id in set(old_list.keys() + new_list.keys()):
+ levels_to_check.append(
+ (ev_id, "events")
+ )
+
+ old_state = current_state.content
+ new_state = event.content
+
+ for level_to_check, dir in levels_to_check:
+ old_loc = old_state
+ new_loc = new_state
+ if dir:
+ old_loc = old_loc.get(dir, {})
+ new_loc = new_loc.get(dir, {})
+
+ if level_to_check in old_loc:
+ old_level = int(old_loc[level_to_check])
+ else:
+ old_level = None
+
+ if level_to_check in new_loc:
+ new_level = int(new_loc[level_to_check])
+ else:
+ new_level = None
+
+ if new_level is not None and old_level is not None:
+ if new_level == old_level:
+ continue
+
+ if dir == "users" and level_to_check != event.user_id:
+ if old_level == user_level:
+ raise AuthError(
+ 403,
+ "You don't have permission to remove ops level equal "
+ "to your own"
+ )
+
+ if old_level > user_level or new_level > user_level:
+ raise AuthError(
+ 403,
+ "You don't have permission to add ops level greater "
+ "than your own"
+ )
+
+ @staticmethod
+ def _get_power_level_event(auth_events):
+ key = (EventTypes.PowerLevels, "", )
+ return auth_events.get(key)
+
+ @staticmethod
+ def _get_user_power_level(user_id, auth_events):
+ power_level_event = Auther._get_power_level_event(auth_events)
+
+ if power_level_event:
+ level = power_level_event.content.get("users", {}).get(user_id)
+ if not level:
+ level = power_level_event.content.get("users_default", 0)
+
+ if level is None:
+ return 0
+ else:
+ return int(level)
+ else:
+ key = (EventTypes.Create, "", )
+ create_event = auth_events.get(key)
+ if (create_event is not None and
+ create_event.content["creator"] == user_id):
+ return 100
+ else:
+ return 0
+
+ @staticmethod
+ def _get_named_level(auth_events, name, default):
+ power_level_event = Auther._get_power_level_event(auth_events)
+
+ if not power_level_event:
+ return default
+
+ level = power_level_event.content.get(name, None)
+ if level is not None:
+ return int(level)
+ else:
+ return default
+
+ @staticmethod
+ def _verify_third_party_invite(event, auth_events):
"""
Validates that the invite event is authorized by a previous third-party invite.
@@ -512,7 +622,7 @@ class Auth(object):
if signed["token"] != token:
return False
- for public_key_object in self.get_public_keys(invite_event):
+ for public_key_object in Auther.get_public_keys(invite_event):
public_key = public_key_object["public_key"]
try:
for server, signature_block in signed["signatures"].items():
@@ -534,7 +644,8 @@ class Auth(object):
continue
return False
- def get_public_keys(self, invite_event):
+ @staticmethod
+ def get_public_keys(invite_event):
public_keys = []
if "public_key" in invite_event.content:
o = {
@@ -546,42 +657,154 @@ class Auth(object):
public_keys.extend(invite_event.content.get("public_keys", []))
return public_keys
- def _get_power_level_event(self, auth_events):
- key = (EventTypes.PowerLevels, "", )
- return auth_events.get(key)
- def _get_user_power_level(self, user_id, auth_events):
- power_level_event = self._get_power_level_event(auth_events)
+class Auth(object):
+ """
+ FIXME: This class contains a mix of functions for authenticating users
+ of our client-server API and authenticating events added to room graphs.
+ """
+ def __init__(self, hs):
+ self.hs = hs
+ self.clock = hs.get_clock()
+ self.store = hs.get_datastore()
+ self.state = hs.get_state_handler()
+ self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
- if power_level_event:
- level = power_level_event.content.get("users", {}).get(user_id)
- if not level:
- level = power_level_event.content.get("users_default", 0)
+ @defer.inlineCallbacks
+ def check_from_context(self, event, context, do_sig_check=True):
+ auth_events_ids = yield self.compute_auth_events(
+ event, context.prev_state_ids, for_verification=True,
+ )
+ auth_events = yield self.store.get_events(auth_events_ids)
+ auth_events = {
+ (e.type, e.state_key): e for e in auth_events.values()
+ }
+ self.check(event, auth_events=auth_events, do_sig_check=do_sig_check)
- if level is None:
- return 0
- else:
- return int(level)
- else:
- key = (EventTypes.Create, "", )
- create_event = auth_events.get(key)
- if (create_event is not None and
- create_event.content["creator"] == user_id):
- return 100
- else:
- return 0
+ def check(self, event, auth_events, do_sig_check=True):
+ """ Checks if this event is correctly authed.
- def _get_named_level(self, auth_events, name, default):
- power_level_event = self._get_power_level_event(auth_events)
+ Args:
+ event: the event being checked.
+ auth_events (dict: event-key -> event): the existing room state.
- if not power_level_event:
- return default
- level = power_level_event.content.get(name, None)
- if level is not None:
- return int(level)
+ Returns:
+ True if the auth checks pass.
+ """
+ with Measure(self.clock, "auth.check"):
+ Auther.check(event, auth_events, do_sig_check=do_sig_check)
+
+ def check_size_limits(self, event):
+ def too_big(field):
+ raise EventSizeError("%s too large" % (field,))
+
+ if len(event.user_id) > 255:
+ too_big("user_id")
+ if len(event.room_id) > 255:
+ too_big("room_id")
+ if event.is_state() and len(event.state_key) > 255:
+ too_big("state_key")
+ if len(event.type) > 255:
+ too_big("type")
+ if len(event.event_id) > 255:
+ too_big("event_id")
+ if len(encode_canonical_json(event.get_pdu_json())) > 65536:
+ too_big("event")
+
+ @defer.inlineCallbacks
+ def check_joined_room(self, room_id, user_id, current_state=None):
+ """Check if the user is currently joined in the room
+ Args:
+ room_id(str): The room to check.
+ user_id(str): The user to check.
+ current_state(dict): Optional map of the current state of the room.
+ If provided then that map is used to check whether they are a
+ member of the room. Otherwise the current membership is
+ loaded from the database.
+ Raises:
+ AuthError if the user is not in the room.
+ Returns:
+ A deferred membership event for the user if the user is in
+ the room.
+ """
+ if current_state:
+ member = current_state.get(
+ (EventTypes.Member, user_id),
+ None
+ )
else:
- return default
+ member = yield self.state.get_current_state(
+ room_id=room_id,
+ event_type=EventTypes.Member,
+ state_key=user_id
+ )
+
+ self._check_joined_room(member, user_id, room_id)
+ defer.returnValue(member)
+
+ @defer.inlineCallbacks
+ def check_user_was_in_room(self, room_id, user_id):
+ """Check if the user was in the room at some point.
+ Args:
+ room_id(str): The room to check.
+ user_id(str): The user to check.
+ Raises:
+ AuthError if the user was never in the room.
+ Returns:
+ A deferred membership event for the user if the user was in the
+ room. This will be the join event if they are currently joined to
+ the room. This will be the leave event if they have left the room.
+ """
+ member = yield self.state.get_current_state(
+ room_id=room_id,
+ event_type=EventTypes.Member,
+ state_key=user_id
+ )
+ membership = member.membership if member else None
+
+ if membership not in (Membership.JOIN, Membership.LEAVE):
+ raise AuthError(403, "User %s not in room %s" % (
+ user_id, room_id
+ ))
+
+ if membership == Membership.LEAVE:
+ forgot = yield self.store.did_forget(user_id, room_id)
+ if forgot:
+ raise AuthError(403, "User %s not in room %s" % (
+ user_id, room_id
+ ))
+
+ defer.returnValue(member)
+
+ @defer.inlineCallbacks
+ def check_host_in_room(self, room_id, host):
+ with Measure(self.clock, "check_host_in_room"):
+ latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
+
+ logger.info("calling resolve_state_groups from check_host_in_room")
+ entry = yield self.state.resolve_state_groups(
+ room_id, latest_event_ids
+ )
+
+ ret = yield self.store.is_host_joined(
+ room_id, host, entry.state_group, entry.state
+ )
+ defer.returnValue(ret)
+
+ def _check_joined_room(self, member, user_id, room_id):
+ if not member or member.membership != Membership.JOIN:
+ raise AuthError(403, "User %s not in room %s (%s)" % (
+ user_id, room_id, repr(member)
+ ))
+
+ def can_federate(self, event, auth_events):
+ creation_event = auth_events.get((EventTypes.Create, ""))
+
+ return creation_event.content.get("m.federate", True) is True
+
+ def get_public_keys(self, invite_event):
+ return Auther.get_public_keys(invite_event)
@defer.inlineCallbacks
def get_user_by_req(self, request, allow_guest=False, rights="access"):
@@ -975,54 +1198,7 @@ class Auth(object):
defer.returnValue(auth_ids)
def _get_send_level(self, etype, state_key, auth_events):
- key = (EventTypes.PowerLevels, "", )
- send_level_event = auth_events.get(key)
- send_level = None
- if send_level_event:
- send_level = send_level_event.content.get("events", {}).get(
- etype
- )
- if send_level is None:
- if state_key is not None:
- send_level = send_level_event.content.get(
- "state_default", 50
- )
- else:
- send_level = send_level_event.content.get(
- "events_default", 0
- )
-
- if send_level:
- send_level = int(send_level)
- else:
- send_level = 0
-
- return send_level
-
- @log_function
- def _can_send_event(self, event, auth_events):
- send_level = self._get_send_level(
- event.type, event.get("state_key", None), auth_events
- )
- user_level = self._get_user_power_level(event.user_id, auth_events)
-
- if user_level < send_level:
- raise AuthError(
- 403,
- "You don't have permission to post that to the room. " +
- "user_level (%d) < send_level (%d)" % (user_level, send_level)
- )
-
- # Check state_key
- if hasattr(event, "state_key"):
- if event.state_key.startswith("@"):
- if event.state_key != event.user_id:
- raise AuthError(
- 403,
- "You are not allowed to set others state"
- )
-
- return True
+ return Auther._get_send_level(etype, state_key, auth_events)
def check_redaction(self, event, auth_events):
"""Check whether the event sender is allowed to redact the target event.
@@ -1037,107 +1213,7 @@ class Auth(object):
AuthError if the event sender is definitely not allowed to redact
the target event.
"""
- user_level = self._get_user_power_level(event.user_id, auth_events)
-
- redact_level = self._get_named_level(auth_events, "redact", 50)
-
- if user_level >= redact_level:
- return False
-
- redacter_domain = get_domain_from_id(event.event_id)
- redactee_domain = get_domain_from_id(event.redacts)
- if redacter_domain == redactee_domain:
- return True
-
- raise AuthError(
- 403,
- "You don't have permission to redact events"
- )
-
- def _check_power_levels(self, event, auth_events):
- user_list = event.content.get("users", {})
- # Validate users
- for k, v in user_list.items():
- try:
- UserID.from_string(k)
- except:
- raise SynapseError(400, "Not a valid user_id: %s" % (k,))
-
- try:
- int(v)
- except:
- raise SynapseError(400, "Not a valid power level: %s" % (v,))
-
- key = (event.type, event.state_key, )
- current_state = auth_events.get(key)
-
- if not current_state:
- return
-
- user_level = self._get_user_power_level(event.user_id, auth_events)
-
- # Check other levels:
- levels_to_check = [
- ("users_default", None),
- ("events_default", None),
- ("state_default", None),
- ("ban", None),
- ("redact", None),
- ("kick", None),
- ("invite", None),
- ]
-
- old_list = current_state.content.get("users")
- for user in set(old_list.keys() + user_list.keys()):
- levels_to_check.append(
- (user, "users")
- )
-
- old_list = current_state.content.get("events")
- new_list = event.content.get("events")
- for ev_id in set(old_list.keys() + new_list.keys()):
- levels_to_check.append(
- (ev_id, "events")
- )
-
- old_state = current_state.content
- new_state = event.content
-
- for level_to_check, dir in levels_to_check:
- old_loc = old_state
- new_loc = new_state
- if dir:
- old_loc = old_loc.get(dir, {})
- new_loc = new_loc.get(dir, {})
-
- if level_to_check in old_loc:
- old_level = int(old_loc[level_to_check])
- else:
- old_level = None
-
- if level_to_check in new_loc:
- new_level = int(new_loc[level_to_check])
- else:
- new_level = None
-
- if new_level is not None and old_level is not None:
- if new_level == old_level:
- continue
-
- if dir == "users" and level_to_check != event.user_id:
- if old_level == user_level:
- raise AuthError(
- 403,
- "You don't have permission to remove ops level equal "
- "to your own"
- )
-
- if old_level > user_level or new_level > user_level:
- raise AuthError(
- 403,
- "You don't have permission to add ops level greater "
- "than your own"
- )
+ return Auther.check_redaction(event, auth_events)
@defer.inlineCallbacks
def check_can_change_room_list(self, room_id, user):
@@ -1167,10 +1243,10 @@ class Auth(object):
if power_level_event:
auth_events[(EventTypes.PowerLevels, "")] = power_level_event
- send_level = self._get_send_level(
+ send_level = Auther._get_send_level(
EventTypes.Aliases, "", auth_events
)
- user_level = self._get_user_power_level(user_id, auth_events)
+ user_level = Auther._get_user_power_level(user_id, auth_events)
if user_level < send_level:
raise AuthError(
|
