diff options
author | Andrew Morgan <1342360+anoadragon453@users.noreply.github.com> | 2021-06-21 11:57:09 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-21 11:57:09 +0100 |
commit | 182147195b707ce10af165ccd72a5bb2f3ecab38 (patch) | |
tree | f9ce8b5dda4e8fbe92d2dafcb77fa882454d2d61 /synapse/handlers/federation.py | |
parent | Ensure that errors during startup are written to the logs and the console. (#... (diff) | |
download | synapse-182147195b707ce10af165ccd72a5bb2f3ecab38.tar.xz |
Check third party rules before persisting knocks over federation (#10212)
An accidental mis-ordering of operations during #6739 technically allowed an incoming knock event over federation in before checking it against any configured Third Party Access Rules modules. This PR corrects that by performing the TPAR check *before* persisting the event.
Diffstat (limited to 'synapse/handlers/federation.py')
-rw-r--r-- | synapse/handlers/federation.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index 0bfb25802a..1b566dbf2d 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -2086,8 +2086,6 @@ class FederationHandler(BaseHandler): context = await self.state_handler.compute_event_context(event) - await self._auth_and_persist_event(origin, event, context) - event_allowed = await self.third_party_event_rules.check_event_allowed( event, context ) @@ -2097,6 +2095,8 @@ class FederationHandler(BaseHandler): 403, "This event is not allowed in this context", Codes.FORBIDDEN ) + await self._auth_and_persist_event(origin, event, context) + return context async def get_state_for_pdu(self, room_id: str, event_id: str) -> List[EventBase]: |