summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--synapse/api/auth.py53
-rw-r--r--synapse/api/events/__init__.py2
-rw-r--r--synapse/handlers/_base.py54
-rw-r--r--synapse/handlers/federation.py1
-rw-r--r--synapse/storage/__init__.py1
5 files changed, 55 insertions, 56 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index e1302553d7..d4f284bd60 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -24,6 +24,7 @@ from synapse.api.events.room import (
     RoomJoinRulesEvent, RoomCreateEvent,
 )
 from synapse.util.logutils import log_function
+from syutil.base64util import encode_base64
 
 import logging
 
@@ -61,8 +62,6 @@ class Auth(object):
                     # FIXME
                     return True
 
-                self._can_send_event(event)
-
                 if event.type == RoomMemberEvent.TYPE:
                     allowed = self.is_membership_change_allowed(event)
                     if allowed:
@@ -71,6 +70,8 @@ class Auth(object):
                         logger.debug("Denying! %s", event)
                     return allowed
 
+                self._can_send_event(event)
+
                 if event.type == RoomPowerLevelsEvent.TYPE:
                     self._check_power_levels(event)
 
@@ -311,6 +312,54 @@ class Auth(object):
     def is_server_admin(self, user):
         return self.store.is_server_admin(user)
 
+    @defer.inlineCallbacks
+    def add_auth_events(self, event):
+        if event.type == RoomCreateEvent.TYPE:
+            event.auth_events = []
+            return
+
+        auth_events = []
+
+        key = (RoomPowerLevelsEvent.TYPE, "", )
+        power_level_event = event.old_state_events.get(key)
+
+        if power_level_event:
+            auth_events.append(power_level_event.event_id)
+
+        key = (RoomJoinRulesEvent.TYPE, "", )
+        join_rule_event = event.old_state_events.get(key)
+
+        key = (RoomMemberEvent.TYPE, event.user_id, )
+        member_event = event.old_state_events.get(key)
+
+        if join_rule_event:
+            join_rule = join_rule_event.content.get("join_rule")
+            is_public = join_rule == JoinRules.PUBLIC if join_rule else False
+
+            if event.type == RoomMemberEvent.TYPE:
+                if event.content["membership"] == Membership.JOIN:
+                    if is_public:
+                        auth_events.append(join_rule_event.event_id)
+                elif member_event:
+                    auth_events.append(member_event.event_id)
+
+        if member_event:
+            if member_event.content["membership"] == Membership.JOIN:
+                auth_events.append(member_event.event_id)
+
+        hashes = yield self.store.get_event_reference_hashes(
+            auth_events
+        )
+        hashes = [
+            {
+                k: encode_base64(v) for k, v in h.items()
+                if k == "sha256"
+            }
+            for h in hashes
+        ]
+        event.auth_events = zip(auth_events, hashes)
+
+
     @log_function
     def _can_send_event(self, event):
         key = (RoomPowerLevelsEvent.TYPE, "", )
diff --git a/synapse/api/events/__init__.py b/synapse/api/events/__init__.py
index 513a48f568..e5980c4be3 100644
--- a/synapse/api/events/__init__.py
+++ b/synapse/api/events/__init__.py
@@ -61,7 +61,6 @@ class SynapseEvent(JsonEncodedObject):
         "replaces_state",
         "redacted_because",
         "origin_server_ts",
-        "auth_events",
     ]
 
     internal_keys = [
@@ -75,6 +74,7 @@ class SynapseEvent(JsonEncodedObject):
         "hashes",
         "signatures",
         "prev_state",
+        "auth_events",
     ]
 
     required_keys = [
diff --git a/synapse/handlers/_base.py b/synapse/handlers/_base.py
index 2613fa7fce..f630280031 100644
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -18,11 +18,6 @@ from twisted.internet import defer
 from synapse.api.errors import LimitExceededError
 from synapse.util.async import run_on_reactor
 from synapse.crypto.event_signing import add_hashes_and_signatures
-from synapse.api.events.room import (
-    RoomCreateEvent, RoomMemberEvent, RoomPowerLevelsEvent, RoomJoinRulesEvent,
-)
-from synapse.api.constants import Membership, JoinRules
-from syutil.base64util import encode_base64
 
 import logging
 
@@ -60,53 +55,6 @@ class BaseHandler(object):
             )
 
     @defer.inlineCallbacks
-    def _add_auth(self, event):
-        if event.type == RoomCreateEvent.TYPE:
-            event.auth_events = []
-            return
-
-        auth_events = []
-
-        key = (RoomPowerLevelsEvent.TYPE, "", )
-        power_level_event = event.old_state_events.get(key)
-
-        if power_level_event:
-            auth_events.append(power_level_event.event_id)
-
-        key = (RoomJoinRulesEvent.TYPE, "", )
-        join_rule_event = event.old_state_events.get(key)
-
-        key = (RoomMemberEvent.TYPE, event.user_id, )
-        member_event = event.old_state_events.get(key)
-
-        if join_rule_event:
-            join_rule = join_rule_event.content.get("join_rule")
-            is_public = join_rule == JoinRules.PUBLIC if join_rule else False
-
-            if event.type == RoomMemberEvent.TYPE:
-                if event.content["membership"] == Membership.JOIN:
-                    if is_public:
-                        auth_events.append(join_rule_event.event_id)
-                elif member_event:
-                    auth_events.append(member_event.event_id)
-
-        if member_event:
-            if member_event.content["membership"] == Membership.JOIN:
-                auth_events.append(member_event.event_id)
-
-        hashes = yield self.store.get_event_reference_hashes(
-            auth_events
-        )
-        hashes = [
-            {
-                k: encode_base64(v) for k, v in h.items()
-                if k == "sha256"
-            }
-            for h in hashes
-        ]
-        event.auth_events = zip(auth_events, hashes)
-
-    @defer.inlineCallbacks
     def _on_new_room_event(self, event, snapshot, extra_destinations=[],
                            extra_users=[], suppress_auth=False):
         yield run_on_reactor()
@@ -115,7 +63,7 @@ class BaseHandler(object):
 
         yield self.state_handler.annotate_state_groups(event)
 
-        yield self._add_auth(event)
+        yield self.auth.add_auth_events(event)
 
         logger.debug("Signing event...")
 
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index f0448a05d8..09593303a4 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -317,6 +317,7 @@ class FederationHandler(BaseHandler):
         snapshot.fill_out_prev_events(event)
 
         yield self.state_handler.annotate_state_groups(event)
+        yield self.auth.add_auth_events(event)
         self.auth.check(event, raises=True)
 
         pdu = self.pdu_codec.pdu_from_event(event)
diff --git a/synapse/storage/__init__.py b/synapse/storage/__init__.py
index 48ad4d864f..96adf20c89 100644
--- a/synapse/storage/__init__.py
+++ b/synapse/storage/__init__.py
@@ -310,6 +310,7 @@ class DataStore(RoomMemberStore, RoomStore,
                     "room_id": event.room_id,
                     "auth_id": auth_id,
                 },
+                or_ignore=True,
             )
 
         (ref_alg, ref_hash_bytes) = compute_event_reference_hash(event)