diff --git a/synapse/handlers/_base.py b/synapse/handlers/_base.py
index 509f7b550c..2613fa7fce 100644
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -14,11 +14,15 @@
# limitations under the License.
from twisted.internet import defer
-from synapse.api.errors import LimitExceededError
+from synapse.api.errors import LimitExceededError
from synapse.util.async import run_on_reactor
-
from synapse.crypto.event_signing import add_hashes_and_signatures
+from synapse.api.events.room import (
+ RoomCreateEvent, RoomMemberEvent, RoomPowerLevelsEvent, RoomJoinRulesEvent,
+)
+from synapse.api.constants import Membership, JoinRules
+from syutil.base64util import encode_base64
import logging
@@ -56,6 +60,53 @@ class BaseHandler(object):
)
@defer.inlineCallbacks
+ def _add_auth(self, event):
+ if event.type == RoomCreateEvent.TYPE:
+ event.auth_events = []
+ return
+
+ auth_events = []
+
+ key = (RoomPowerLevelsEvent.TYPE, "", )
+ power_level_event = event.old_state_events.get(key)
+
+ if power_level_event:
+ auth_events.append(power_level_event.event_id)
+
+ key = (RoomJoinRulesEvent.TYPE, "", )
+ join_rule_event = event.old_state_events.get(key)
+
+ key = (RoomMemberEvent.TYPE, event.user_id, )
+ member_event = event.old_state_events.get(key)
+
+ if join_rule_event:
+ join_rule = join_rule_event.content.get("join_rule")
+ is_public = join_rule == JoinRules.PUBLIC if join_rule else False
+
+ if event.type == RoomMemberEvent.TYPE:
+ if event.content["membership"] == Membership.JOIN:
+ if is_public:
+ auth_events.append(join_rule_event.event_id)
+ elif member_event:
+ auth_events.append(member_event.event_id)
+
+ if member_event:
+ if member_event.content["membership"] == Membership.JOIN:
+ auth_events.append(member_event.event_id)
+
+ hashes = yield self.store.get_event_reference_hashes(
+ auth_events
+ )
+ hashes = [
+ {
+ k: encode_base64(v) for k, v in h.items()
+ if k == "sha256"
+ }
+ for h in hashes
+ ]
+ event.auth_events = zip(auth_events, hashes)
+
+ @defer.inlineCallbacks
def _on_new_room_event(self, event, snapshot, extra_destinations=[],
extra_users=[], suppress_auth=False):
yield run_on_reactor()
@@ -64,6 +115,8 @@ class BaseHandler(object):
yield self.state_handler.annotate_state_groups(event)
+ yield self._add_auth(event)
+
logger.debug("Signing event...")
add_hashes_and_signatures(
@@ -76,6 +129,8 @@ class BaseHandler(object):
logger.debug("Authing...")
self.auth.check(event, raises=True)
logger.debug("Authed")
+ else:
+ logger.debug("Suppressed auth.")
yield self.store.persist_event(event)
|
