summary refs log tree commit diff
path: root/synapse/api/auth.py
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2021-10-18 19:29:37 +0200
committerGitHub <noreply@github.com>2021-10-18 18:29:37 +0100
commitcc33d9eee205ab57ce562ac410c8912c14343134 (patch)
tree0db7c742e979a57c276d26416a9f1e9f8982292b /synapse/api/auth.py
parentCheck *all* auth events for room id and rejection (#11009) (diff)
downloadsynapse-cc33d9eee205ab57ce562ac410c8912c14343134.tar.xz
Check auth on received events' auth_events (#11001)
Currently, when we receive an event whose auth_events differ from those we expect, we state-resolve between the two state sets, and check that the event passes auth based on the resolved state.

This means that it's possible for us to accept events which don't pass auth at their declared auth_events (or where the auth events themselves were rejected), leading to problems down the line like #10083.

This change means we will:

 * ignore any events where we cannot find the auth events
 * reject any events whose auth events were rejected
 * reject any events which do not pass auth at their declared auth_events.

Together with a whole raft of previous work, this is a partial fix to #9595.

Fixes #6643.

Based on #11009.
Diffstat (limited to 'synapse/api/auth.py')
0 files changed, 0 insertions, 0 deletions