diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index 203490fc36..cd52e3f867 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -85,17 +85,14 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
room_id_domain = get_domain_from_id(event.room_id)
if room_id_domain != sender_domain:
raise AuthError(
- 403,
- "Creation event's room_id domain does not match sender's"
+ 403, "Creation event's room_id domain does not match sender's"
)
room_version = event.content.get("room_version", "1")
if room_version not in KNOWN_ROOM_VERSIONS:
raise AuthError(
- 403,
- "room appears to have unsupported version %s" % (
- room_version,
- ))
+ 403, "room appears to have unsupported version %s" % (room_version,)
+ )
# FIXME
logger.debug("Allowing! %s", event)
return
@@ -103,46 +100,30 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
creation_event = auth_events.get((EventTypes.Create, ""), None)
if not creation_event:
- raise AuthError(
- 403,
- "No create event in auth events",
- )
+ raise AuthError(403, "No create event in auth events")
creating_domain = get_domain_from_id(event.room_id)
originating_domain = get_domain_from_id(event.sender)
if creating_domain != originating_domain:
if not _can_federate(event, auth_events):
- raise AuthError(
- 403,
- "This room has been marked as unfederatable."
- )
+ raise AuthError(403, "This room has been marked as unfederatable.")
# FIXME: Temp hack
if event.type == EventTypes.Aliases:
if not event.is_state():
- raise AuthError(
- 403,
- "Alias event must be a state event",
- )
+ raise AuthError(403, "Alias event must be a state event")
if not event.state_key:
- raise AuthError(
- 403,
- "Alias event must have non-empty state_key"
- )
+ raise AuthError(403, "Alias event must have non-empty state_key")
sender_domain = get_domain_from_id(event.sender)
if event.state_key != sender_domain:
raise AuthError(
- 403,
- "Alias event's state_key does not match sender's domain"
+ 403, "Alias event's state_key does not match sender's domain"
)
logger.debug("Allowing! %s", event)
return
if logger.isEnabledFor(logging.DEBUG):
- logger.debug(
- "Auth events: %s",
- [a.event_id for a in auth_events.values()]
- )
+ logger.debug("Auth events: %s", [a.event_id for a in auth_events.values()])
if event.type == EventTypes.Member:
_is_membership_change_allowed(event, auth_events)
@@ -159,9 +140,7 @@ def check(room_version, event, auth_events, do_sig_check=True, do_size_check=Tru
invite_level = _get_named_level(auth_events, "invite", 0)
if user_level < invite_level:
- raise AuthError(
- 403, "You don't have permission to invite users",
- )
+ raise AuthError(403, "You don't have permission to invite users")
else:
logger.debug("Allowing! %s", event)
return
@@ -207,7 +186,7 @@ def _is_membership_change_allowed(event, auth_events):
# Check if this is the room creator joining:
if len(event.prev_event_ids()) == 1 and Membership.JOIN == membership:
# Get room creation event:
- key = (EventTypes.Create, "", )
+ key = (EventTypes.Create, "")
create = auth_events.get(key)
if create and event.prev_event_ids()[0] == create.event_id:
if create.content["creator"] == event.state_key:
@@ -219,38 +198,31 @@ def _is_membership_change_allowed(event, auth_events):
target_domain = get_domain_from_id(target_user_id)
if creating_domain != target_domain:
if not _can_federate(event, auth_events):
- raise AuthError(
- 403,
- "This room has been marked as unfederatable."
- )
+ raise AuthError(403, "This room has been marked as unfederatable.")
# get info about the caller
- key = (EventTypes.Member, event.user_id, )
+ key = (EventTypes.Member, event.user_id)
caller = auth_events.get(key)
caller_in_room = caller and caller.membership == Membership.JOIN
caller_invited = caller and caller.membership == Membership.INVITE
# get info about the target
- key = (EventTypes.Member, target_user_id, )
+ key = (EventTypes.Member, target_user_id)
target = auth_events.get(key)
target_in_room = target and target.membership == Membership.JOIN
target_banned = target and target.membership == Membership.BAN
- key = (EventTypes.JoinRules, "", )
+ key = (EventTypes.JoinRules, "")
join_rule_event = auth_events.get(key)
if join_rule_event:
- join_rule = join_rule_event.content.get(
- "join_rule", JoinRules.INVITE
- )
+ join_rule = join_rule_event.content.get("join_rule", JoinRules.INVITE)
else:
join_rule = JoinRules.INVITE
user_level = get_user_power_level(event.user_id, auth_events)
- target_level = get_user_power_level(
- target_user_id, auth_events
- )
+ target_level = get_user_power_level(target_user_id, auth_events)
# FIXME (erikj): What should we do here as the default?
ban_level = _get_named_level(auth_events, "ban", 50)
@@ -266,29 +238,26 @@ def _is_membership_change_allowed(event, auth_events):
"join_rule": join_rule,
"target_user_id": target_user_id,
"event.user_id": event.user_id,
- }
+ },
)
if Membership.INVITE == membership and "third_party_invite" in event.content:
if not _verify_third_party_invite(event, auth_events):
raise AuthError(403, "You are not invited to this room.")
if target_banned:
- raise AuthError(
- 403, "%s is banned from the room" % (target_user_id,)
- )
+ raise AuthError(403, "%s is banned from the room" % (target_user_id,))
return
if Membership.JOIN != membership:
- if (caller_invited
- and Membership.LEAVE == membership
- and target_user_id == event.user_id):
+ if (
+ caller_invited
+ and Membership.LEAVE == membership
+ and target_user_id == event.user_id
+ ):
return
if not caller_in_room: # caller isn't joined
- raise AuthError(
- 403,
- "%s not in room %s." % (event.user_id, event.room_id,)
- )
+ raise AuthError(403, "%s not in room %s." % (event.user_id, event.room_id))
if Membership.INVITE == membership:
# TODO (erikj): We should probably handle this more intelligently
@@ -296,19 +265,14 @@ def _is_membership_change_allowed(event, auth_events):
# Invites are valid iff caller is in the room and target isn't.
if target_banned:
- raise AuthError(
- 403, "%s is banned from the room" % (target_user_id,)
- )
+ raise AuthError(403, "%s is banned from the room" % (target_user_id,))
elif target_in_room: # the target is already in the room.
- raise AuthError(403, "%s is already in the room." %
- target_user_id)
+ raise AuthError(403, "%s is already in the room." % target_user_id)
else:
invite_level = _get_named_level(auth_events, "invite", 0)
if user_level < invite_level:
- raise AuthError(
- 403, "You don't have permission to invite users",
- )
+ raise AuthError(403, "You don't have permission to invite users")
elif Membership.JOIN == membership:
# Joins are valid iff caller == target and they were:
# invited: They are accepting the invitation
@@ -329,16 +293,12 @@ def _is_membership_change_allowed(event, auth_events):
elif Membership.LEAVE == membership:
# TODO (erikj): Implement kicks.
if target_banned and user_level < ban_level:
- raise AuthError(
- 403, "You cannot unban user %s." % (target_user_id,)
- )
+ raise AuthError(403, "You cannot unban user %s." % (target_user_id,))
elif target_user_id != event.user_id:
kick_level = _get_named_level(auth_events, "kick", 50)
if user_level < kick_level or user_level <= target_level:
- raise AuthError(
- 403, "You cannot kick user %s." % target_user_id
- )
+ raise AuthError(403, "You cannot kick user %s." % target_user_id)
elif Membership.BAN == membership:
if user_level < ban_level or user_level <= target_level:
raise AuthError(403, "You don't have permission to ban")
@@ -347,21 +307,17 @@ def _is_membership_change_allowed(event, auth_events):
def _check_event_sender_in_room(event, auth_events):
- key = (EventTypes.Member, event.user_id, )
+ key = (EventTypes.Member, event.user_id)
member_event = auth_events.get(key)
- return _check_joined_room(
- member_event,
- event.user_id,
- event.room_id
- )
+ return _check_joined_room(member_event, event.user_id, event.room_id)
def _check_joined_room(member, user_id, room_id):
if not member or member.membership != Membership.JOIN:
- raise AuthError(403, "User %s not in room %s (%s)" % (
- user_id, room_id, repr(member)
- ))
+ raise AuthError(
+ 403, "User %s not in room %s (%s)" % (user_id, room_id, repr(member))
+ )
def get_send_level(etype, state_key, power_levels_event):
@@ -402,26 +358,21 @@ def get_send_level(etype, state_key, power_levels_event):
def _can_send_event(event, auth_events):
power_levels_event = _get_power_level_event(auth_events)
- send_level = get_send_level(
- event.type, event.get("state_key"), power_levels_event,
- )
+ send_level = get_send_level(event.type, event.get("state_key"), power_levels_event)
user_level = get_user_power_level(event.user_id, auth_events)
if user_level < send_level:
raise AuthError(
403,
- "You don't have permission to post that to the room. " +
- "user_level (%d) < send_level (%d)" % (user_level, send_level)
+ "You don't have permission to post that to the room. "
+ + "user_level (%d) < send_level (%d)" % (user_level, send_level),
)
# Check state_key
if hasattr(event, "state_key"):
if event.state_key.startswith("@"):
if event.state_key != event.user_id:
- raise AuthError(
- 403,
- "You are not allowed to set others state"
- )
+ raise AuthError(403, "You are not allowed to set others state")
return True
@@ -459,10 +410,7 @@ def check_redaction(room_version, event, auth_events):
event.internal_metadata.recheck_redaction = True
return True
- raise AuthError(
- 403,
- "You don't have permission to redact events"
- )
+ raise AuthError(403, "You don't have permission to redact events")
def _check_power_levels(event, auth_events):
@@ -479,7 +427,7 @@ def _check_power_levels(event, auth_events):
except Exception:
raise SynapseError(400, "Not a valid power level: %s" % (v,))
- key = (event.type, event.state_key, )
+ key = (event.type, event.state_key)
current_state = auth_events.get(key)
if not current_state:
@@ -500,16 +448,12 @@ def _check_power_levels(event, auth_events):
old_list = current_state.content.get("users", {})
for user in set(list(old_list) + list(user_list)):
- levels_to_check.append(
- (user, "users")
- )
+ levels_to_check.append((user, "users"))
old_list = current_state.content.get("events", {})
new_list = event.content.get("events", {})
for ev_id in set(list(old_list) + list(new_list)):
- levels_to_check.append(
- (ev_id, "events")
- )
+ levels_to_check.append((ev_id, "events"))
old_state = current_state.content
new_state = event.content
@@ -540,7 +484,7 @@ def _check_power_levels(event, auth_events):
raise AuthError(
403,
"You don't have permission to remove ops level equal "
- "to your own"
+ "to your own",
)
# Check if the old and new levels are greater than the user level
@@ -550,8 +494,7 @@ def _check_power_levels(event, auth_events):
if old_level_too_big or new_level_too_big:
raise AuthError(
403,
- "You don't have permission to add ops level greater "
- "than your own"
+ "You don't have permission to add ops level greater " "than your own",
)
@@ -587,10 +530,9 @@ def get_user_power_level(user_id, auth_events):
# some things which call this don't pass the create event: hack around
# that.
- key = (EventTypes.Create, "", )
+ key = (EventTypes.Create, "")
create_event = auth_events.get(key)
- if (create_event is not None and
- create_event.content["creator"] == user_id):
+ if create_event is not None and create_event.content["creator"] == user_id:
return 100
else:
return 0
@@ -636,9 +578,7 @@ def _verify_third_party_invite(event, auth_events):
token = signed["token"]
- invite_event = auth_events.get(
- (EventTypes.ThirdPartyInvite, token,)
- )
+ invite_event = auth_events.get((EventTypes.ThirdPartyInvite, token))
if not invite_event:
return False
@@ -661,8 +601,7 @@ def _verify_third_party_invite(event, auth_events):
if not key_name.startswith("ed25519:"):
continue
verify_key = decode_verify_key_bytes(
- key_name,
- decode_base64(public_key)
+ key_name, decode_base64(public_key)
)
verify_signed_json(signed, server, verify_key)
@@ -671,7 +610,7 @@ def _verify_third_party_invite(event, auth_events):
# The caller is responsible for checking that the signing
# server has not revoked that public key.
return True
- except (KeyError, SignatureVerifyException,):
+ except (KeyError, SignatureVerifyException):
continue
return False
@@ -679,9 +618,7 @@ def _verify_third_party_invite(event, auth_events):
def get_public_keys(invite_event):
public_keys = []
if "public_key" in invite_event.content:
- o = {
- "public_key": invite_event.content["public_key"],
- }
+ o = {"public_key": invite_event.content["public_key"]}
if "key_validity_url" in invite_event.content:
o["key_validity_url"] = invite_event.content["key_validity_url"]
public_keys.append(o)
@@ -702,22 +639,22 @@ def auth_types_for_event(event):
auth_types = []
- auth_types.append((EventTypes.PowerLevels, "", ))
- auth_types.append((EventTypes.Member, event.sender, ))
- auth_types.append((EventTypes.Create, "", ))
+ auth_types.append((EventTypes.PowerLevels, ""))
+ auth_types.append((EventTypes.Member, event.sender))
+ auth_types.append((EventTypes.Create, ""))
if event.type == EventTypes.Member:
membership = event.content["membership"]
if membership in [Membership.JOIN, Membership.INVITE]:
- auth_types.append((EventTypes.JoinRules, "", ))
+ auth_types.append((EventTypes.JoinRules, ""))
- auth_types.append((EventTypes.Member, event.state_key, ))
+ auth_types.append((EventTypes.Member, event.state_key))
if membership == Membership.INVITE:
if "third_party_invite" in event.content:
key = (
EventTypes.ThirdPartyInvite,
- event.content["third_party_invite"]["signed"]["token"]
+ event.content["third_party_invite"]["signed"]["token"],
)
auth_types.append(key)
|
