summary refs log tree commit diff
path: root/synapse/state/v2.py
diff options
context:
space:
mode:
authorSean Quah <8349537+squahtx@users.noreply.github.com>2022-09-16 12:45:04 +0100
committerGitHub <noreply@github.com>2022-09-16 12:45:04 +0100
commitb73cbb82157d9666e8d667733afebc0d09ed858c (patch)
treeb89b816b51f15fa7ea21e312dff3d27eca3db787 /synapse/state/v2.py
parentDocument common fix of Poetry problems by removing egg-info (#13785) (diff)
downloadsynapse-b73cbb82157d9666e8d667733afebc0d09ed858c.tar.xz
Avoid putting rejected events in room state (#13723)
Signed-off-by: Sean Quah <seanq@matrix.org>
Diffstat (limited to 'synapse/state/v2.py')
-rw-r--r--synapse/state/v2.py15
1 files changed, 15 insertions, 0 deletions
diff --git a/synapse/state/v2.py b/synapse/state/v2.py
index af03851c71..1b9d7d8457 100644
--- a/synapse/state/v2.py
+++ b/synapse/state/v2.py
@@ -577,6 +577,21 @@ async def _iterative_auth_checks(
                 if ev.rejected_reason is None:
                     auth_events[key] = event_map[ev_id]
 
+        if event.rejected_reason is not None:
+            # Do not admit previously rejected events into state.
+            # TODO: This isn't spec compliant. Events that were previously rejected due
+            #       to failing auth checks at their state, but pass auth checks during
+            #       state resolution should be accepted. Synapse does not handle the
+            #       change of rejection status well, so we preserve the previous
+            #       rejection status for now.
+            #
+            #       Note that events rejected for non-state reasons, such as having the
+            #       wrong auth events, should remain rejected.
+            #
+            #       https://spec.matrix.org/v1.2/rooms/v9/#rejected-events
+            #       https://github.com/matrix-org/synapse/issues/13797
+            continue
+
         try:
             event_auth.check_state_dependent_auth_rules(
                 event,