summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--synapse/api/auth.py21
-rw-r--r--synapse/federation/federation_client.py4
-rw-r--r--synapse/handlers/_base.py2
-rw-r--r--synapse/handlers/federation.py5
-rw-r--r--synapse/handlers/room.py11
-rw-r--r--synapse/rest/client/v1/room.py3
-rw-r--r--synapse/util/thirdpartyinvites.py10
7 files changed, 35 insertions, 21 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index adb9a776e0..ca280707c5 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -374,24 +374,24 @@ class Auth(object):
         return True
 
     def _verify_third_party_invite(self, event, auth_events):
-        for key in ThirdPartyInvites.JOIN_KEYS:
-            if key not in event.content:
-                return False
-        token = event.content["token"]
+        if not ThirdPartyInvites.join_has_third_party_invite(event.content):
+            return False
+        join_third_party_invite = event.content["third_party_invite"]
+        token = join_third_party_invite["token"]
         invite_event = auth_events.get(
             (EventTypes.ThirdPartyInvite, token,)
         )
         if not invite_event:
             return False
         try:
-            public_key = event.content["public_key"]
-            key_validity_url = event.content["key_validity_url"]
+            public_key = join_third_party_invite["public_key"]
+            key_validity_url = join_third_party_invite["key_validity_url"]
             if invite_event.content["public_key"] != public_key:
                 return False
             if invite_event.content["key_validity_url"] != key_validity_url:
                 return False
             verify_key = nacl.signing.VerifyKey(decode_base64(public_key))
-            encoded_signature = event.content["signature"]
+            encoded_signature = join_third_party_invite["signature"]
             signature = decode_base64(encoded_signature)
             verify_key.verify(token, signature)
             return True
@@ -677,8 +677,11 @@ class Auth(object):
             if e_type == Membership.JOIN:
                 if member_event and not is_public:
                     auth_ids.append(member_event.event_id)
-                if ThirdPartyInvites.has_join_keys(event.content):
-                    key = (EventTypes.ThirdPartyInvite, event.content["token"])
+                if ThirdPartyInvites.join_has_third_party_invite(event.content):
+                    key = (
+                        EventTypes.ThirdPartyInvite,
+                        event.content["third_party_invite"]["token"]
+                    )
                     invite = current_state.get(key)
                     if invite:
                         auth_ids.append(invite.event_id)
diff --git a/synapse/federation/federation_client.py b/synapse/federation/federation_client.py
index 06b0c7adcf..6be83d82e7 100644
--- a/synapse/federation/federation_client.py
+++ b/synapse/federation/federation_client.py
@@ -363,8 +363,8 @@ class FederationClient(FederationBase):
                 continue
 
             args = {}
-            if ThirdPartyInvites.has_join_keys(content):
-                ThirdPartyInvites.copy_join_keys(content, args)
+            if ThirdPartyInvites.join_has_third_party_invite(content):
+                ThirdPartyInvites.copy_join_keys(content["third_party_invite"], args)
             try:
                 ret = yield self.transport_layer.make_join(
                     destination, room_id, user_id, args
diff --git a/synapse/handlers/_base.py b/synapse/handlers/_base.py
index faf99f5bd3..4165c56bed 100644
--- a/synapse/handlers/_base.py
+++ b/synapse/handlers/_base.py
@@ -127,7 +127,7 @@ class BaseHandler(object):
         if (
             event.type == EventTypes.Member and
             event.content["membership"] == Membership.JOIN and
-            ThirdPartyInvites.has_join_keys(event.content)
+            ThirdPartyInvites.join_has_third_party_invite(event.content)
         ):
             yield ThirdPartyInvites.check_key_valid(
                 self.hs.get_simple_http_client(),
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
index 8197d8b2d0..8606c0d285 100644
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@@ -705,7 +705,8 @@ class FederationHandler(BaseHandler):
         """
         event_content = {"membership": Membership.JOIN}
         if ThirdPartyInvites.has_join_keys(query):
-            ThirdPartyInvites.copy_join_keys(query, event_content)
+            event_content["third_party_invite"] = {}
+            ThirdPartyInvites.copy_join_keys(query, event_content["third_party_invite"])
 
         builder = self.event_builder_factory.new({
             "type": EventTypes.Member,
@@ -721,7 +722,7 @@ class FederationHandler(BaseHandler):
 
         self.auth.check(event, auth_events=context.current_state)
 
-        if ThirdPartyInvites.has_join_keys(event.content):
+        if ThirdPartyInvites.join_has_third_party_invite(event.content):
             ThirdPartyInvites.check_key_valid(self.hs.get_simple_http_client(), event)
 
         defer.returnValue(event)
diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py
index b856b424a7..e07472b4b9 100644
--- a/synapse/handlers/room.py
+++ b/synapse/handlers/room.py
@@ -483,10 +483,13 @@ class RoomMemberHandler(BaseHandler):
 
                 should_do_dance = not self.hs.is_mine(inviter)
                 room_hosts = [inviter.domain]
-            elif "sender" in event.content:
-                inviter = UserID.from_string(event.content["sender"])
-                should_do_dance = not self.hs.is_mine(inviter)
-                room_hosts = [inviter.domain]
+            elif "third_party_invite" in event.content:
+                if "sender" in event.content["third_party_invite"]:
+                    inviter = UserID.from_string(
+                        event.content["third_party_invite"]["sender"]
+                    )
+                    should_do_dance = not self.hs.is_mine(inviter)
+                    room_hosts = [inviter.domain]
             else:
                 # return the same error as join_room_alias does
                 raise SynapseError(404, "No known servers")
diff --git a/synapse/rest/client/v1/room.py b/synapse/rest/client/v1/room.py
index ff84affea3..1cb6ba4f1f 100644
--- a/synapse/rest/client/v1/room.py
+++ b/synapse/rest/client/v1/room.py
@@ -456,7 +456,8 @@ class RoomMembershipRestServlet(ClientV1RestServlet):
         }
 
         if membership_action == "join" and ThirdPartyInvites.has_join_keys(content):
-            ThirdPartyInvites.copy_join_keys(content, event_content)
+            event_content["third_party_invite"] = {}
+            ThirdPartyInvites.copy_join_keys(content, event_content["third_party_invite"])
 
         yield msg_handler.create_and_send_event(
             {
diff --git a/synapse/util/thirdpartyinvites.py b/synapse/util/thirdpartyinvites.py
index c30279de67..ad0f4e88e9 100644
--- a/synapse/util/thirdpartyinvites.py
+++ b/synapse/util/thirdpartyinvites.py
@@ -43,6 +43,12 @@ class ThirdPartyInvites(object):
         return True
 
     @classmethod
+    def join_has_third_party_invite(cls, content):
+        if "third_party_invite" not in content:
+            return False
+        return cls.has_join_keys(content["third_party_invite"])
+
+    @classmethod
     def copy_join_keys(cls, src, dst):
         for key in cls.JOIN_KEYS:
             if key in src:
@@ -53,8 +59,8 @@ class ThirdPartyInvites(object):
     def check_key_valid(cls, http_client, event):
         try:
             response = yield http_client.get_json(
-                event.content["key_validity_url"],
-                {"public_key": event.content["public_key"]}
+                event.content["third_party_invite"]["key_validity_url"],
+                {"public_key": event.content["third_party_invite"]["public_key"]}
             )
             if not response["valid"]:
                 raise AuthError(403, "Third party certificate was invalid")