summary refs log tree commit diff
path: root/synapse/event_auth.py
diff options
context:
space:
mode:
authorErik Johnston <erik@matrix.org>2019-01-28 21:09:45 +0000
committerErik Johnston <erik@matrix.org>2019-01-29 11:56:20 +0000
commit7709d2bd167e27493b134e938410c307f8c10396 (patch)
tree50f41d8957288a492a066de6d1fb8b7ff0092c77 /synapse/event_auth.py
parentAdd RoomVersions.V3 constant, without enabling it (diff)
downloadsynapse-7709d2bd167e27493b134e938410c307f8c10396.tar.xz
Implement rechecking of redactions
Diffstat (limited to 'synapse/event_auth.py')
-rw-r--r--synapse/event_auth.py24
1 files changed, 18 insertions, 6 deletions
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index 9adedbbb02..a95d142f0c 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -20,7 +20,13 @@ from signedjson.key import decode_verify_key_bytes
 from signedjson.sign import SignatureVerifyException, verify_signed_json
 from unpaddedbase64 import decode_base64
 
-from synapse.api.constants import KNOWN_ROOM_VERSIONS, EventTypes, JoinRules, Membership
+from synapse.api.constants import (
+    KNOWN_ROOM_VERSIONS,
+    EventTypes,
+    JoinRules,
+    Membership,
+    RoomVersions,
+)
 from synapse.api.errors import AuthError, EventSizeError, SynapseError
 from synapse.types import UserID, get_domain_from_id
 
@@ -168,7 +174,7 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
         _check_power_levels(event, auth_events)
 
     if event.type == EventTypes.Redaction:
-        check_redaction(event, auth_events)
+        check_redaction(room_version, event, auth_events)
 
     logger.debug("Allowing! %s", event)
 
@@ -422,7 +428,7 @@ def _can_send_event(event, auth_events):
     return True
 
 
-def check_redaction(event, auth_events):
+def check_redaction(room_version, event, auth_events):
     """Check whether the event sender is allowed to redact the target event.
 
     Returns:
@@ -442,10 +448,16 @@ def check_redaction(event, auth_events):
     if user_level >= redact_level:
         return False
 
-    redacter_domain = get_domain_from_id(event.event_id)
-    redactee_domain = get_domain_from_id(event.redacts)
-    if redacter_domain == redactee_domain:
+    if room_version in (RoomVersions.V1, RoomVersions.V2, RoomVersions.VDH_TEST):
+        redacter_domain = get_domain_from_id(event.event_id)
+        redactee_domain = get_domain_from_id(event.redacts)
+        if redacter_domain == redactee_domain:
+            return True
+    elif room_version == RoomVersions.V3:
+        event.internal_metadata.recheck_redaction = True
         return True
+    else:
+        raise RuntimeError("Unrecognized room version %r" % (room_version,))
 
     raise AuthError(
         403,