summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--scripts-dev/check_auth.py2
-rw-r--r--synapse/handlers/federation.py33
2 files changed, 21 insertions, 14 deletions
diff --git a/scripts-dev/check_auth.py b/scripts-dev/check_auth.py

index 4fa8792a5f..b362aad722 100644
--- a/scripts-dev/check_auth.py
+++ b/scripts-dev/check_auth.py
@@ -38,7 +38,7 @@ def check_auth(auth, auth_chain, events):
             print "Failed:", e.event_id, e.type, e.state_key
             print "Auth_events:", auth_events
             print ex
-            print json.dumps(e.get_dict(), sort_keys=True, indent=4)
+            # print json.dumps(e.get_dict(), sort_keys=True, indent=4)
             # raise
         print "Success:", e.event_id, e.type, e.state_key
 
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py

index 30b9982e25..0f11fa390f 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -649,8 +649,6 @@ class FederationHandler(BaseHandler):
                 # FIXME
                 pass
 
-            self._check_auth_tree(auth_chain, event)
-
             event_stream_id, max_stream_id = yield self._persist_auth_tree(
                 auth_chain, state, event
             )
@@ -1001,7 +999,16 @@ class FederationHandler(BaseHandler):
             is_new_state=(not outliers and not backfilled),
         )
 
-    def _check_auth_tree(self, auth_events, event):
+    @defer.inlineCallbacks
+    def _persist_auth_tree(self, auth_events, state, event):
+        events_to_context = {}
+        for e in auth_events:
+            ctx = yield self.state_handler.compute_event_context(
+                e, outlier=True,
+            )
+            events_to_context[e.event_id] = ctx
+            e.internal_metadata.outlier = True
+
         event_map = {
             e.event_id: e
             for e in auth_events
@@ -1021,17 +1028,17 @@ class FederationHandler(BaseHandler):
             if create_event:
                 a[(EventTypes.Create, "")] = create_event
 
-            self.auth.check(e, auth_events=a)
+            try:
+                self.auth.check(e, auth_events=a)
+            except AuthError:
+                logger.warn(
+                    "Rejecting %s because %s",
+                    event.event_id, e.msg
+                )
 
-    @defer.inlineCallbacks
-    def _persist_auth_tree(self, auth_events, state, event):
-        events_to_context = {}
-        for e in auth_events:
-            ctx = yield self.state_handler.compute_event_context(
-                e, outlier=True,
-            )
-            events_to_context[e.event_id] = ctx
-            e.internal_metadata.outlier = True
+                if e == event:
+                    raise
+                events_to_context[e.event_id].rejected = RejectedReason.AUTH_ERROR
 
         yield self.store.persist_events(
             [
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-03-12 17:04:27 +0000