summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--synapse/event_auth.py15
-rw-r--r--synapse/handlers/event_auth.py2
-rw-r--r--synapse/handlers/federation_event.py16
-rw-r--r--synapse/state/v1.py4
-rw-r--r--synapse/state/v2.py1
-rw-r--r--tests/test_event_auth.py43
6 files changed, 16 insertions, 65 deletions
diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index 77f90558d8..e23503c1e0 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -113,7 +113,6 @@ def validate_event_for_room_version(event: "EventBase") -> None:
 
 
 def check_auth_rules_for_event(
-    room_version_obj: RoomVersion,
     event: "EventBase",
     auth_events: Iterable["EventBase"],
 ) -> None:
@@ -132,7 +131,6 @@ def check_auth_rules_for_event(
        a bunch of other tests.
 
     Args:
-        room_version_obj: the version of the room
         event: the event being checked.
         auth_events: the room state to check the events against.
 
@@ -201,7 +199,10 @@ def check_auth_rules_for_event(
             raise AuthError(403, "This room has been marked as unfederatable.")
 
     # 4. If type is m.room.aliases
-    if event.type == EventTypes.Aliases and room_version_obj.special_case_aliases_auth:
+    if (
+        event.type == EventTypes.Aliases
+        and event.room_version.special_case_aliases_auth
+    ):
         # 4a. If event has no state_key, reject
         if not event.is_state():
             raise AuthError(403, "Alias event must be a state event")
@@ -221,7 +222,7 @@ def check_auth_rules_for_event(
 
     # 5. If type is m.room.membership
     if event.type == EventTypes.Member:
-        _is_membership_change_allowed(room_version_obj, event, auth_dict)
+        _is_membership_change_allowed(event.room_version, event, auth_dict)
         logger.debug("Allowing! %s", event)
         return
 
@@ -243,17 +244,17 @@ def check_auth_rules_for_event(
     _can_send_event(event, auth_dict)
 
     if event.type == EventTypes.PowerLevels:
-        _check_power_levels(room_version_obj, event, auth_dict)
+        _check_power_levels(event.room_version, event, auth_dict)
 
     if event.type == EventTypes.Redaction:
-        check_redaction(room_version_obj, event, auth_dict)
+        check_redaction(event.room_version, event, auth_dict)
 
     if (
         event.type == EventTypes.MSC2716_INSERTION
         or event.type == EventTypes.MSC2716_BATCH
         or event.type == EventTypes.MSC2716_MARKER
     ):
-        check_historical(room_version_obj, event, auth_dict)
+        check_historical(event.room_version, event, auth_dict)
 
     logger.debug("Allowing! %s", event)
 
diff --git a/synapse/handlers/event_auth.py b/synapse/handlers/event_auth.py
index 6bed464351..7bbb833f30 100644
--- a/synapse/handlers/event_auth.py
+++ b/synapse/handlers/event_auth.py
@@ -55,7 +55,7 @@ class EventAuthHandler:
         """Check an event passes the auth rules at its own auth events"""
         auth_event_ids = event.auth_event_ids()
         auth_events_by_id = await self._store.get_events(auth_event_ids)
-        check_auth_rules_for_event(room_version_obj, event, auth_events_by_id.values())
+        check_auth_rules_for_event(event, auth_events_by_id.values())
 
     def compute_auth_events(
         self,
diff --git a/synapse/handlers/federation_event.py b/synapse/handlers/federation_event.py
index 420ad8b969..9488fef297 100644
--- a/synapse/handlers/federation_event.py
+++ b/synapse/handlers/federation_event.py
@@ -1428,9 +1428,6 @@ class FederationEventHandler:
             allow_rejected=True,
         )
 
-        room_version = await self._store.get_room_version_id(room_id)
-        room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
-
         def prep(event: EventBase) -> Optional[Tuple[EventBase, EventContext]]:
             with nested_logging_context(suffix=event.event_id):
                 auth = []
@@ -1454,7 +1451,7 @@ class FederationEventHandler:
                 context = EventContext.for_outlier(self._storage_controllers)
                 try:
                     validate_event_for_room_version(event)
-                    check_auth_rules_for_event(room_version_obj, event, auth)
+                    check_auth_rules_for_event(event, auth)
                 except AuthError as e:
                     logger.warning("Rejecting %r because %s", event, e)
                     context.rejected = RejectedReason.AUTH_ERROR
@@ -1497,9 +1494,6 @@ class FederationEventHandler:
         assert not event.internal_metadata.outlier
 
         # first of all, check that the event itself is valid.
-        room_version = await self._store.get_room_version_id(event.room_id)
-        room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
-
         try:
             validate_event_for_room_version(event)
         except AuthError as e:
@@ -1519,7 +1513,7 @@ class FederationEventHandler:
 
         # ... and check that the event passes auth at those auth events.
         try:
-            check_auth_rules_for_event(room_version_obj, event, claimed_auth_events)
+            check_auth_rules_for_event(event, claimed_auth_events)
         except AuthError as e:
             logger.warning(
                 "While checking auth of %r against auth_events: %s", event, e
@@ -1567,9 +1561,7 @@ class FederationEventHandler:
             auth_events_for_auth = calculated_auth_event_map
 
         try:
-            check_auth_rules_for_event(
-                room_version_obj, event, auth_events_for_auth.values()
-            )
+            check_auth_rules_for_event(event, auth_events_for_auth.values())
         except AuthError as e:
             logger.warning("Failed auth resolution for %r because %s", event, e)
             context.rejected = RejectedReason.AUTH_ERROR
@@ -1669,7 +1661,7 @@ class FederationEventHandler:
         )
 
         try:
-            check_auth_rules_for_event(room_version_obj, event, current_auth_events)
+            check_auth_rules_for_event(event, current_auth_events)
         except AuthError as e:
             logger.warning(
                 "Soft-failing %r (from %s) because %s",
diff --git a/synapse/state/v1.py b/synapse/state/v1.py
index 499a328201..8bbb4ce41c 100644
--- a/synapse/state/v1.py
+++ b/synapse/state/v1.py
@@ -30,7 +30,7 @@ from typing import (
 from synapse import event_auth
 from synapse.api.constants import EventTypes
 from synapse.api.errors import AuthError
-from synapse.api.room_versions import RoomVersion, RoomVersions
+from synapse.api.room_versions import RoomVersion
 from synapse.events import EventBase
 from synapse.types import MutableStateMap, StateMap
 
@@ -331,7 +331,6 @@ def _resolve_auth_events(
         try:
             # The signatures have already been checked at this point
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V1,
                 event,
                 auth_events.values(),
             )
@@ -349,7 +348,6 @@ def _resolve_normal_events(
         try:
             # The signatures have already been checked at this point
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V1,
                 event,
                 auth_events.values(),
             )
diff --git a/synapse/state/v2.py b/synapse/state/v2.py
index c618df2fde..041ccac59e 100644
--- a/synapse/state/v2.py
+++ b/synapse/state/v2.py
@@ -547,7 +547,6 @@ async def _iterative_auth_checks(
 
         try:
             event_auth.check_auth_rules_for_event(
-                room_version,
                 event,
                 auth_events.values(),
             )
diff --git a/tests/test_event_auth.py b/tests/test_event_auth.py
index 1e11fb5dac..229ecd84a6 100644
--- a/tests/test_event_auth.py
+++ b/tests/test_event_auth.py
@@ -38,7 +38,6 @@ class EventAuthTestCase(unittest.TestCase):
 
         # creator should be able to send state
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V9,
             _random_state_event(RoomVersions.V9, creator),
             auth_events,
         )
@@ -55,7 +54,6 @@ class EventAuthTestCase(unittest.TestCase):
         self.assertRaises(
             AuthError,
             event_auth.check_auth_rules_for_event,
-            RoomVersions.V9,
             _random_state_event(RoomVersions.V9, creator),
             auth_events,
         )
@@ -66,7 +64,6 @@ class EventAuthTestCase(unittest.TestCase):
         self.assertRaises(
             AuthError,
             event_auth.check_auth_rules_for_event,
-            RoomVersions.V9,
             _random_state_event(RoomVersions.V9, creator),
             auth_events,
         )
@@ -86,7 +83,6 @@ class EventAuthTestCase(unittest.TestCase):
 
         # creator should be able to send state
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V1,
             _random_state_event(RoomVersions.V1, creator),
             auth_events,
         )
@@ -95,7 +91,6 @@ class EventAuthTestCase(unittest.TestCase):
         self.assertRaises(
             AuthError,
             event_auth.check_auth_rules_for_event,
-            RoomVersions.V1,
             _random_state_event(RoomVersions.V1, joiner),
             auth_events,
         )
@@ -125,14 +120,12 @@ class EventAuthTestCase(unittest.TestCase):
         self.assertRaises(
             AuthError,
             event_auth.check_auth_rules_for_event,
-            RoomVersions.V1,
             _random_state_event(RoomVersions.V1, pleb),
             auth_events,
         ),
 
         # king should be able to send state
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V1,
             _random_state_event(RoomVersions.V1, king),
             auth_events,
         )
@@ -148,7 +141,6 @@ class EventAuthTestCase(unittest.TestCase):
 
         # creator should be able to send aliases
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V1,
             _alias_event(RoomVersions.V1, creator),
             auth_events,
         )
@@ -156,7 +148,6 @@ class EventAuthTestCase(unittest.TestCase):
         # Reject an event with no state key.
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V1,
                 _alias_event(RoomVersions.V1, creator, state_key=""),
                 auth_events,
             )
@@ -164,14 +155,12 @@ class EventAuthTestCase(unittest.TestCase):
         # If the domain of the sender does not match the state key, reject.
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V1,
                 _alias_event(RoomVersions.V1, creator, state_key="test.com"),
                 auth_events,
             )
 
         # Note that the member does *not* need to be in the room.
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V1,
             _alias_event(RoomVersions.V1, other),
             auth_events,
         )
@@ -187,19 +176,16 @@ class EventAuthTestCase(unittest.TestCase):
 
         # creator should be able to send aliases
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _alias_event(RoomVersions.V6, creator),
             auth_events,
         )
 
         # No particular checks are done on the state key.
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _alias_event(RoomVersions.V6, creator, state_key=""),
             auth_events,
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _alias_event(RoomVersions.V6, creator, state_key="test.com"),
             auth_events,
         )
@@ -207,7 +193,6 @@ class EventAuthTestCase(unittest.TestCase):
         # Per standard auth rules, the member must be in the room.
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _alias_event(RoomVersions.V6, other),
                 auth_events,
             )
@@ -235,14 +220,12 @@ class EventAuthTestCase(unittest.TestCase):
 
         # on room V1, pleb should be able to modify the notifications power level.
         if allow_modification:
-            event_auth.check_auth_rules_for_event(room_version, pl_event, auth_events)
+            event_auth.check_auth_rules_for_event(pl_event, auth_events)
 
         else:
             # But an MSC2209 room rejects this change.
             with self.assertRaises(AuthError):
-                event_auth.check_auth_rules_for_event(
-                    room_version, pl_event, auth_events
-                )
+                event_auth.check_auth_rules_for_event(pl_event, auth_events)
 
     def test_join_rules_public(self):
         """
@@ -261,7 +244,6 @@ class EventAuthTestCase(unittest.TestCase):
 
         # Check join.
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _join_event(RoomVersions.V6, pleb),
             auth_events.values(),
         )
@@ -269,7 +251,6 @@ class EventAuthTestCase(unittest.TestCase):
         # A user cannot be force-joined to a room.
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _member_event(RoomVersions.V6, pleb, "join", sender=creator),
                 auth_events.values(),
             )
@@ -280,7 +261,6 @@ class EventAuthTestCase(unittest.TestCase):
         )
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _join_event(RoomVersions.V6, pleb),
                 auth_events.values(),
             )
@@ -290,7 +270,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V6, pleb, "leave"
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _join_event(RoomVersions.V6, pleb),
             auth_events.values(),
         )
@@ -300,7 +279,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V6, pleb, "join"
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _join_event(RoomVersions.V6, pleb),
             auth_events.values(),
         )
@@ -310,7 +288,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V6, pleb, "invite", sender=creator
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _join_event(RoomVersions.V6, pleb),
             auth_events.values(),
         )
@@ -333,7 +310,6 @@ class EventAuthTestCase(unittest.TestCase):
         # A join without an invite is rejected.
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _join_event(RoomVersions.V6, pleb),
                 auth_events.values(),
             )
@@ -341,7 +317,6 @@ class EventAuthTestCase(unittest.TestCase):
         # A user cannot be force-joined to a room.
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _member_event(RoomVersions.V6, pleb, "join", sender=creator),
                 auth_events.values(),
             )
@@ -352,7 +327,6 @@ class EventAuthTestCase(unittest.TestCase):
         )
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _join_event(RoomVersions.V6, pleb),
                 auth_events.values(),
             )
@@ -363,7 +337,6 @@ class EventAuthTestCase(unittest.TestCase):
         )
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _join_event(RoomVersions.V6, pleb),
                 auth_events.values(),
             )
@@ -373,7 +346,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V6, pleb, "join"
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _join_event(RoomVersions.V6, pleb),
             auth_events.values(),
         )
@@ -383,7 +355,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V6, pleb, "invite", sender=creator
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V6,
             _join_event(RoomVersions.V6, pleb),
             auth_events.values(),
         )
@@ -406,7 +377,6 @@ class EventAuthTestCase(unittest.TestCase):
 
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V6,
                 _join_event(RoomVersions.V6, pleb),
                 auth_events.values(),
             )
@@ -444,7 +414,6 @@ class EventAuthTestCase(unittest.TestCase):
             },
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V8,
             authorised_join_event,
             auth_events.values(),
         )
@@ -461,7 +430,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V8, "@inviter:foo.test"
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V8,
             _join_event(
                 RoomVersions.V8,
                 pleb,
@@ -475,7 +443,6 @@ class EventAuthTestCase(unittest.TestCase):
         # A join which is missing an authorised server is rejected.
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V8,
                 _join_event(RoomVersions.V8, pleb),
                 auth_events.values(),
             )
@@ -489,7 +456,6 @@ class EventAuthTestCase(unittest.TestCase):
         )
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V8,
                 _join_event(
                     RoomVersions.V8,
                     pleb,
@@ -504,7 +470,6 @@ class EventAuthTestCase(unittest.TestCase):
         # *would* be valid, but is sent be a different user.)
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V8,
                 _member_event(
                     RoomVersions.V8,
                     pleb,
@@ -523,7 +488,6 @@ class EventAuthTestCase(unittest.TestCase):
         )
         with self.assertRaises(AuthError):
             event_auth.check_auth_rules_for_event(
-                RoomVersions.V8,
                 authorised_join_event,
                 auth_events.values(),
             )
@@ -533,7 +497,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V8, pleb, "leave"
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V8,
             authorised_join_event,
             auth_events.values(),
         )
@@ -544,7 +507,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V8, pleb, "join"
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V8,
             _join_event(RoomVersions.V8, pleb),
             auth_events.values(),
         )
@@ -555,7 +517,6 @@ class EventAuthTestCase(unittest.TestCase):
             RoomVersions.V8, pleb, "invite", sender=creator
         )
         event_auth.check_auth_rules_for_event(
-            RoomVersions.V8,
             _join_event(RoomVersions.V8, pleb),
             auth_events.values(),
         )