diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index adb9a776e0..ca280707c5 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -374,24 +374,24 @@ class Auth(object):
return True
def _verify_third_party_invite(self, event, auth_events):
- for key in ThirdPartyInvites.JOIN_KEYS:
- if key not in event.content:
- return False
- token = event.content["token"]
+ if not ThirdPartyInvites.join_has_third_party_invite(event.content):
+ return False
+ join_third_party_invite = event.content["third_party_invite"]
+ token = join_third_party_invite["token"]
invite_event = auth_events.get(
(EventTypes.ThirdPartyInvite, token,)
)
if not invite_event:
return False
try:
- public_key = event.content["public_key"]
- key_validity_url = event.content["key_validity_url"]
+ public_key = join_third_party_invite["public_key"]
+ key_validity_url = join_third_party_invite["key_validity_url"]
if invite_event.content["public_key"] != public_key:
return False
if invite_event.content["key_validity_url"] != key_validity_url:
return False
verify_key = nacl.signing.VerifyKey(decode_base64(public_key))
- encoded_signature = event.content["signature"]
+ encoded_signature = join_third_party_invite["signature"]
signature = decode_base64(encoded_signature)
verify_key.verify(token, signature)
return True
@@ -677,8 +677,11 @@ class Auth(object):
if e_type == Membership.JOIN:
if member_event and not is_public:
auth_ids.append(member_event.event_id)
- if ThirdPartyInvites.has_join_keys(event.content):
- key = (EventTypes.ThirdPartyInvite, event.content["token"])
+ if ThirdPartyInvites.join_has_third_party_invite(event.content):
+ key = (
+ EventTypes.ThirdPartyInvite,
+ event.content["third_party_invite"]["token"]
+ )
invite = current_state.get(key)
if invite:
auth_ids.append(invite.event_id)
diff --git a/synapse/federation/federation_client.py b/synapse/federation/federation_client.py
index 06b0c7adcf..6be83d82e7 100644
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -363,8 +363,8 @@ class FederationClient(FederationBase):
continue
args = {}
- if ThirdPartyInvites.has_join_keys(content):
- ThirdPartyInvites.copy_join_keys(content, args)
+ if ThirdPartyInvites.join_has_third_party_invite(content):
+ ThirdPartyInvites.copy_join_keys(content["third_party_invite"], args)
try:
ret = yield self.transport_layer.make_join(
destination, room_id, user_id, args
diff --git a/synapse/handlers/_base.py b/synapse/handlers/_base.py
index faf99f5bd3..4165c56bed 100644
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -127,7 +127,7 @@ class BaseHandler(object):
if (
event.type == EventTypes.Member and
event.content["membership"] == Membership.JOIN and
- ThirdPartyInvites.has_join_keys(event.content)
+ ThirdPartyInvites.join_has_third_party_invite(event.content)
):
yield ThirdPartyInvites.check_key_valid(
self.hs.get_simple_http_client(),
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index 8197d8b2d0..8606c0d285 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -705,7 +705,8 @@ class FederationHandler(BaseHandler):
"""
event_content = {"membership": Membership.JOIN}
if ThirdPartyInvites.has_join_keys(query):
- ThirdPartyInvites.copy_join_keys(query, event_content)
+ event_content["third_party_invite"] = {}
+ ThirdPartyInvites.copy_join_keys(query, event_content["third_party_invite"])
builder = self.event_builder_factory.new({
"type": EventTypes.Member,
@@ -721,7 +722,7 @@ class FederationHandler(BaseHandler):
self.auth.check(event, auth_events=context.current_state)
- if ThirdPartyInvites.has_join_keys(event.content):
+ if ThirdPartyInvites.join_has_third_party_invite(event.content):
ThirdPartyInvites.check_key_valid(self.hs.get_simple_http_client(), event)
defer.returnValue(event)
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index b856b424a7..e07472b4b9 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -483,10 +483,13 @@ class RoomMemberHandler(BaseHandler):
should_do_dance = not self.hs.is_mine(inviter)
room_hosts = [inviter.domain]
- elif "sender" in event.content:
- inviter = UserID.from_string(event.content["sender"])
- should_do_dance = not self.hs.is_mine(inviter)
- room_hosts = [inviter.domain]
+ elif "third_party_invite" in event.content:
+ if "sender" in event.content["third_party_invite"]:
+ inviter = UserID.from_string(
+ event.content["third_party_invite"]["sender"]
+ )
+ should_do_dance = not self.hs.is_mine(inviter)
+ room_hosts = [inviter.domain]
else:
# return the same error as join_room_alias does
raise SynapseError(404, "No known servers")
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index ff84affea3..1cb6ba4f1f 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -456,7 +456,8 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
}
if membership_action == "join" and ThirdPartyInvites.has_join_keys(content):
- ThirdPartyInvites.copy_join_keys(content, event_content)
+ event_content["third_party_invite"] = {}
+ ThirdPartyInvites.copy_join_keys(content, event_content["third_party_invite"])
yield msg_handler.create_and_send_event(
{
diff --git a/synapse/util/thirdpartyinvites.py b/synapse/util/thirdpartyinvites.py
index c30279de67..ad0f4e88e9 100644
--- a/synapse/util/thirdpartyinvites.py
+++ b/synapse/util/thirdpartyinvites.py
@@ -43,6 +43,12 @@ class ThirdPartyInvites(object):
return True
@classmethod
+ def join_has_third_party_invite(cls, content):
+ if "third_party_invite" not in content:
+ return False
+ return cls.has_join_keys(content["third_party_invite"])
+
+ @classmethod
def copy_join_keys(cls, src, dst):
for key in cls.JOIN_KEYS:
if key in src:
@@ -53,8 +59,8 @@ class ThirdPartyInvites(object):
def check_key_valid(cls, http_client, event):
try:
response = yield http_client.get_json(
- event.content["key_validity_url"],
- {"public_key": event.content["public_key"]}
+ event.content["third_party_invite"]["key_validity_url"],
+ {"public_key": event.content["third_party_invite"]["public_key"]}
)
if not response["valid"]:
raise AuthError(403, "Third party certificate was invalid")
|
