summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--synapse/api/auth.py914
1 files changed, 495 insertions, 419 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index f93e45a744..5e2b89c324 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -27,7 +27,6 @@ from synapse.api.constants import EventTypes, Membership, JoinRules
 from synapse.api.errors import AuthError, Codes, SynapseError, EventSizeError
 from synapse.types import UserID, get_domain_from_id
 from synapse.util.logcontext import preserve_context_over_fn
-from synapse.util.logutils import log_function
 from synapse.util.metrics import Measure
 
 logger = logging.getLogger(__name__)
@@ -43,30 +42,9 @@ AuthEventTypes = (
 GUEST_DEVICE_ID = "guest_device"
 
 
-class Auth(object):
-    """
-    FIXME: This class contains a mix of functions for authenticating users
-    of our client-server API and authenticating events added to room graphs.
-    """
-    def __init__(self, hs):
-        self.hs = hs
-        self.clock = hs.get_clock()
-        self.store = hs.get_datastore()
-        self.state = hs.get_state_handler()
-        self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
-
-    @defer.inlineCallbacks
-    def check_from_context(self, event, context, do_sig_check=True):
-        auth_events_ids = yield self.compute_auth_events(
-            event, context.prev_state_ids, for_verification=True,
-        )
-        auth_events = yield self.store.get_events(auth_events_ids)
-        auth_events = {
-            (e.type, e.state_key): e for e in auth_events.values()
-        }
-        self.check(event, auth_events=auth_events, do_sig_check=do_sig_check)
-
-    def check(self, event, auth_events, do_sig_check=True):
+class Auther(object):
+    @staticmethod
+    def check(event, auth_events, do_sig_check=True):
         """ Checks if this event is correctly authed.
 
         Args:
@@ -77,133 +55,133 @@ class Auth(object):
         Returns:
             True if the auth checks pass.
         """
-        with Measure(self.clock, "auth.check"):
-            self.check_size_limits(event)
+        Auther.check_size_limits(event)
 
-            if not hasattr(event, "room_id"):
-                raise AuthError(500, "Event has no room_id: %s" % event)
+        if not hasattr(event, "room_id"):
+            raise AuthError(500, "Event has no room_id: %s" % event)
 
-            if do_sig_check:
-                sender_domain = get_domain_from_id(event.sender)
-                event_id_domain = get_domain_from_id(event.event_id)
+        if do_sig_check:
+            sender_domain = get_domain_from_id(event.sender)
+            event_id_domain = get_domain_from_id(event.event_id)
 
-                is_invite_via_3pid = (
-                    event.type == EventTypes.Member
-                    and event.membership == Membership.INVITE
-                    and "third_party_invite" in event.content
-                )
+            is_invite_via_3pid = (
+                event.type == EventTypes.Member
+                and event.membership == Membership.INVITE
+                and "third_party_invite" in event.content
+            )
 
-                # Check the sender's domain has signed the event
-                if not event.signatures.get(sender_domain):
-                    # We allow invites via 3pid to have a sender from a different
-                    # HS, as the sender must match the sender of the original
-                    # 3pid invite. This is checked further down with the
-                    # other dedicated membership checks.
-                    if not is_invite_via_3pid:
-                        raise AuthError(403, "Event not signed by sender's server")
-
-                # Check the event_id's domain has signed the event
-                if not event.signatures.get(event_id_domain):
-                    raise AuthError(403, "Event not signed by sending server")
-
-            if auth_events is None:
-                # Oh, we don't know what the state of the room was, so we
-                # are trusting that this is allowed (at least for now)
-                logger.warn("Trusting event: %s", event.event_id)
-                return True
+            # Check the sender's domain has signed the event
+            if not event.signatures.get(sender_domain):
+                # We allow invites via 3pid to have a sender from a different
+                # HS, as the sender must match the sender of the original
+                # 3pid invite. This is checked further down with the
+                # other dedicated membership checks.
+                if not is_invite_via_3pid:
+                    raise AuthError(403, "Event not signed by sender's server")
+
+            # Check the event_id's domain has signed the event
+            if not event.signatures.get(event_id_domain):
+                raise AuthError(403, "Event not signed by sending server")
+
+        if auth_events is None:
+            # Oh, we don't know what the state of the room was, so we
+            # are trusting that this is allowed (at least for now)
+            logger.warn("Trusting event: %s", event.event_id)
+            return True
 
-            if event.type == EventTypes.Create:
-                room_id_domain = get_domain_from_id(event.room_id)
-                if room_id_domain != sender_domain:
-                    raise AuthError(
-                        403,
-                        "Creation event's room_id domain does not match sender's"
-                    )
-                # FIXME
-                return True
+        if event.type == EventTypes.Create:
+            room_id_domain = get_domain_from_id(event.room_id)
+            if room_id_domain != sender_domain:
+                raise AuthError(
+                    403,
+                    "Creation event's room_id domain does not match sender's"
+                )
+            # FIXME
+            return True
 
-            creation_event = auth_events.get((EventTypes.Create, ""), None)
+        creation_event = auth_events.get((EventTypes.Create, ""), None)
 
-            if not creation_event:
-                raise SynapseError(
+        if not creation_event:
+            raise SynapseError(
+                403,
+                "Room %r does not exist" % (event.room_id,)
+            )
+
+        creating_domain = get_domain_from_id(event.room_id)
+        originating_domain = get_domain_from_id(event.sender)
+        if creating_domain != originating_domain:
+            if not Auther.can_federate(event, auth_events):
+                raise AuthError(
                     403,
-                    "Room %r does not exist" % (event.room_id,)
+                    "This room has been marked as unfederatable."
                 )
 
-            creating_domain = get_domain_from_id(event.room_id)
-            originating_domain = get_domain_from_id(event.sender)
-            if creating_domain != originating_domain:
-                if not self.can_federate(event, auth_events):
-                    raise AuthError(
-                        403,
-                        "This room has been marked as unfederatable."
-                    )
+        # FIXME: Temp hack
+        if event.type == EventTypes.Aliases:
+            if not event.is_state():
+                raise AuthError(
+                    403,
+                    "Alias event must be a state event",
+                )
+            if not event.state_key:
+                raise AuthError(
+                    403,
+                    "Alias event must have non-empty state_key"
+                )
+            sender_domain = get_domain_from_id(event.sender)
+            if event.state_key != sender_domain:
+                raise AuthError(
+                    403,
+                    "Alias event's state_key does not match sender's domain"
+                )
+            return True
 
-            # FIXME: Temp hack
-            if event.type == EventTypes.Aliases:
-                if not event.is_state():
-                    raise AuthError(
-                        403,
-                        "Alias event must be a state event",
-                    )
-                if not event.state_key:
-                    raise AuthError(
-                        403,
-                        "Alias event must have non-empty state_key"
-                    )
-                sender_domain = get_domain_from_id(event.sender)
-                if event.state_key != sender_domain:
-                    raise AuthError(
-                        403,
-                        "Alias event's state_key does not match sender's domain"
-                    )
-                return True
+        logger.debug(
+            "Auth events: %s",
+            [a.event_id for a in auth_events.values()]
+        )
 
-            logger.debug(
-                "Auth events: %s",
-                [a.event_id for a in auth_events.values()]
+        if event.type == EventTypes.Member:
+            allowed = Auther.is_membership_change_allowed(
+                event, auth_events
             )
+            if allowed:
+                logger.debug("Allowing! %s", event)
+            else:
+                logger.debug("Denying! %s", event)
+            return allowed
 
-            if event.type == EventTypes.Member:
-                allowed = self.is_membership_change_allowed(
-                    event, auth_events
-                )
-                if allowed:
-                    logger.debug("Allowing! %s", event)
-                else:
-                    logger.debug("Denying! %s", event)
-                return allowed
-
-            self.check_event_sender_in_room(event, auth_events)
+        Auther.check_event_sender_in_room(event, auth_events)
 
-            # Special case to allow m.room.third_party_invite events wherever
-            # a user is allowed to issue invites.  Fixes
-            # https://github.com/vector-im/vector-web/issues/1208 hopefully
-            if event.type == EventTypes.ThirdPartyInvite:
-                user_level = self._get_user_power_level(event.user_id, auth_events)
-                invite_level = self._get_named_level(auth_events, "invite", 0)
+        # Special case to allow m.room.third_party_invite events wherever
+        # a user is allowed to issue invites.  Fixes
+        # https://github.com/vector-im/vector-web/issues/1208 hopefully
+        if event.type == EventTypes.ThirdPartyInvite:
+            user_level = Auther._get_user_power_level(event.user_id, auth_events)
+            invite_level = Auther._get_named_level(auth_events, "invite", 0)
 
-                if user_level < invite_level:
-                    raise AuthError(
-                        403, (
-                            "You cannot issue a third party invite for %s." %
-                            (event.content.display_name,)
-                        )
+            if user_level < invite_level:
+                raise AuthError(
+                    403, (
+                        "You cannot issue a third party invite for %s." %
+                        (event.content.display_name,)
                     )
-                else:
-                    return True
+                )
+            else:
+                return True
 
-            self._can_send_event(event, auth_events)
+        Auther._can_send_event(event, auth_events)
 
-            if event.type == EventTypes.PowerLevels:
-                self._check_power_levels(event, auth_events)
+        if event.type == EventTypes.PowerLevels:
+            Auther._check_power_levels(event, auth_events)
 
-            if event.type == EventTypes.Redaction:
-                self.check_redaction(event, auth_events)
+        if event.type == EventTypes.Redaction:
+            Auther.check_redaction(event, auth_events)
 
-            logger.debug("Allowing! %s", event)
+        logger.debug("Allowing! %s", event)
 
-    def check_size_limits(self, event):
+    @staticmethod
+    def check_size_limits(event):
         def too_big(field):
             raise EventSizeError("%s too large" % (field,))
 
@@ -220,109 +198,14 @@ class Auth(object):
         if len(encode_canonical_json(event.get_pdu_json())) > 65536:
             too_big("event")
 
-    @defer.inlineCallbacks
-    def check_joined_room(self, room_id, user_id, current_state=None):
-        """Check if the user is currently joined in the room
-        Args:
-            room_id(str): The room to check.
-            user_id(str): The user to check.
-            current_state(dict): Optional map of the current state of the room.
-                If provided then that map is used to check whether they are a
-                member of the room. Otherwise the current membership is
-                loaded from the database.
-        Raises:
-            AuthError if the user is not in the room.
-        Returns:
-            A deferred membership event for the user if the user is in
-            the room.
-        """
-        if current_state:
-            member = current_state.get(
-                (EventTypes.Member, user_id),
-                None
-            )
-        else:
-            member = yield self.state.get_current_state(
-                room_id=room_id,
-                event_type=EventTypes.Member,
-                state_key=user_id
-            )
-
-        self._check_joined_room(member, user_id, room_id)
-        defer.returnValue(member)
-
-    @defer.inlineCallbacks
-    def check_user_was_in_room(self, room_id, user_id):
-        """Check if the user was in the room at some point.
-        Args:
-            room_id(str): The room to check.
-            user_id(str): The user to check.
-        Raises:
-            AuthError if the user was never in the room.
-        Returns:
-            A deferred membership event for the user if the user was in the
-            room. This will be the join event if they are currently joined to
-            the room. This will be the leave event if they have left the room.
-        """
-        member = yield self.state.get_current_state(
-            room_id=room_id,
-            event_type=EventTypes.Member,
-            state_key=user_id
-        )
-        membership = member.membership if member else None
-
-        if membership not in (Membership.JOIN, Membership.LEAVE):
-            raise AuthError(403, "User %s not in room %s" % (
-                user_id, room_id
-            ))
-
-        if membership == Membership.LEAVE:
-            forgot = yield self.store.did_forget(user_id, room_id)
-            if forgot:
-                raise AuthError(403, "User %s not in room %s" % (
-                    user_id, room_id
-                ))
-
-        defer.returnValue(member)
-
-    @defer.inlineCallbacks
-    def check_host_in_room(self, room_id, host):
-        with Measure(self.clock, "check_host_in_room"):
-            latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
-
-            logger.info("calling resolve_state_groups from check_host_in_room")
-            entry = yield self.state.resolve_state_groups(
-                room_id, latest_event_ids
-            )
-
-            ret = yield self.store.is_host_joined(
-                room_id, host, entry.state_group, entry.state
-            )
-            defer.returnValue(ret)
-
-    def check_event_sender_in_room(self, event, auth_events):
-        key = (EventTypes.Member, event.user_id, )
-        member_event = auth_events.get(key)
-
-        return self._check_joined_room(
-            member_event,
-            event.user_id,
-            event.room_id
-        )
-
-    def _check_joined_room(self, member, user_id, room_id):
-        if not member or member.membership != Membership.JOIN:
-            raise AuthError(403, "User %s not in room %s (%s)" % (
-                user_id, room_id, repr(member)
-            ))
-
-    def can_federate(self, event, auth_events):
+    @staticmethod
+    def can_federate(event, auth_events):
         creation_event = auth_events.get((EventTypes.Create, ""))
 
         return creation_event.content.get("m.federate", True) is True
 
-    @log_function
-    def is_membership_change_allowed(self, event, auth_events):
+    @staticmethod
+    def is_membership_change_allowed(event, auth_events):
         membership = event.content["membership"]
 
         # Check if this is the room creator joining:
@@ -339,7 +222,7 @@ class Auth(object):
         creating_domain = get_domain_from_id(event.room_id)
         target_domain = get_domain_from_id(target_user_id)
         if creating_domain != target_domain:
-            if not self.can_federate(event, auth_events):
+            if not Auther.can_federate(event, auth_events):
                 raise AuthError(
                     403,
                     "This room has been marked as unfederatable."
@@ -368,13 +251,13 @@ class Auth(object):
         else:
             join_rule = JoinRules.INVITE
 
-        user_level = self._get_user_power_level(event.user_id, auth_events)
-        target_level = self._get_user_power_level(
+        user_level = Auther._get_user_power_level(event.user_id, auth_events)
+        target_level = Auther._get_user_power_level(
             target_user_id, auth_events
         )
 
         # FIXME (erikj): What should we do here as the default?
-        ban_level = self._get_named_level(auth_events, "ban", 50)
+        ban_level = Auther._get_named_level(auth_events, "ban", 50)
 
         logger.debug(
             "is_membership_change_allowed: %s",
@@ -391,7 +274,7 @@ class Auth(object):
         )
 
         if Membership.INVITE == membership and "third_party_invite" in event.content:
-            if not self._verify_third_party_invite(event, auth_events):
+            if not Auther._verify_third_party_invite(event, auth_events):
                 raise AuthError(403, "You are not invited to this room.")
             if target_banned:
                 raise AuthError(
@@ -424,7 +307,7 @@ class Auth(object):
                 raise AuthError(403, "%s is already in the room." %
                                      target_user_id)
             else:
-                invite_level = self._get_named_level(auth_events, "invite", 0)
+                invite_level = Auther._get_named_level(auth_events, "invite", 0)
 
                 if user_level < invite_level:
                     raise AuthError(
@@ -454,7 +337,7 @@ class Auth(object):
                     403, "You cannot unban user &s." % (target_user_id,)
                 )
             elif target_user_id != event.user_id:
-                kick_level = self._get_named_level(auth_events, "kick", 50)
+                kick_level = Auther._get_named_level(auth_events, "kick", 50)
 
                 if user_level < kick_level or user_level <= target_level:
                     raise AuthError(
@@ -468,7 +351,234 @@ class Auth(object):
 
         return True
 
-    def _verify_third_party_invite(self, event, auth_events):
+    @staticmethod
+    def check_event_sender_in_room(event, auth_events):
+        key = (EventTypes.Member, event.user_id, )
+        member_event = auth_events.get(key)
+
+        return Auther._check_joined_room(
+            member_event,
+            event.user_id,
+            event.room_id
+        )
+
+    @staticmethod
+    def _check_joined_room(member, user_id, room_id):
+        if not member or member.membership != Membership.JOIN:
+            raise AuthError(403, "User %s not in room %s (%s)" % (
+                user_id, room_id, repr(member)
+            ))
+
+    @staticmethod
+    def _get_send_level(etype, state_key, auth_events):
+        key = (EventTypes.PowerLevels, "", )
+        send_level_event = auth_events.get(key)
+        send_level = None
+        if send_level_event:
+            send_level = send_level_event.content.get("events", {}).get(
+                etype
+            )
+            if send_level is None:
+                if state_key is not None:
+                    send_level = send_level_event.content.get(
+                        "state_default", 50
+                    )
+                else:
+                    send_level = send_level_event.content.get(
+                        "events_default", 0
+                    )
+
+        if send_level:
+            send_level = int(send_level)
+        else:
+            send_level = 0
+
+        return send_level
+
+    @staticmethod
+    def _can_send_event(event, auth_events):
+        send_level = Auther._get_send_level(
+            event.type, event.get("state_key", None), auth_events
+        )
+        user_level = Auther._get_user_power_level(event.user_id, auth_events)
+
+        if user_level < send_level:
+            raise AuthError(
+                403,
+                "You don't have permission to post that to the room. " +
+                "user_level (%d) < send_level (%d)" % (user_level, send_level)
+            )
+
+        # Check state_key
+        if hasattr(event, "state_key"):
+            if event.state_key.startswith("@"):
+                if event.state_key != event.user_id:
+                    raise AuthError(
+                        403,
+                        "You are not allowed to set others state"
+                    )
+
+        return True
+
+    @staticmethod
+    def check_redaction(event, auth_events):
+        """Check whether the event sender is allowed to redact the target event.
+
+        Returns:
+            True if the the sender is allowed to redact the target event if the
+            target event was created by them.
+            False if the sender is allowed to redact the target event with no
+            further checks.
+
+        Raises:
+            AuthError if the event sender is definitely not allowed to redact
+            the target event.
+        """
+        user_level = Auther._get_user_power_level(event.user_id, auth_events)
+
+        redact_level = Auther._get_named_level(auth_events, "redact", 50)
+
+        if user_level >= redact_level:
+            return False
+
+        redacter_domain = get_domain_from_id(event.event_id)
+        redactee_domain = get_domain_from_id(event.redacts)
+        if redacter_domain == redactee_domain:
+            return True
+
+        raise AuthError(
+            403,
+            "You don't have permission to redact events"
+        )
+
+    @staticmethod
+    def _check_power_levels(event, auth_events):
+        user_list = event.content.get("users", {})
+        # Validate users
+        for k, v in user_list.items():
+            try:
+                UserID.from_string(k)
+            except:
+                raise SynapseError(400, "Not a valid user_id: %s" % (k,))
+
+            try:
+                int(v)
+            except:
+                raise SynapseError(400, "Not a valid power level: %s" % (v,))
+
+        key = (event.type, event.state_key, )
+        current_state = auth_events.get(key)
+
+        if not current_state:
+            return
+
+        user_level = Auther._get_user_power_level(event.user_id, auth_events)
+
+        # Check other levels:
+        levels_to_check = [
+            ("users_default", None),
+            ("events_default", None),
+            ("state_default", None),
+            ("ban", None),
+            ("redact", None),
+            ("kick", None),
+            ("invite", None),
+        ]
+
+        old_list = current_state.content.get("users")
+        for user in set(old_list.keys() + user_list.keys()):
+            levels_to_check.append(
+                (user, "users")
+            )
+
+        old_list = current_state.content.get("events")
+        new_list = event.content.get("events")
+        for ev_id in set(old_list.keys() + new_list.keys()):
+            levels_to_check.append(
+                (ev_id, "events")
+            )
+
+        old_state = current_state.content
+        new_state = event.content
+
+        for level_to_check, dir in levels_to_check:
+            old_loc = old_state
+            new_loc = new_state
+            if dir:
+                old_loc = old_loc.get(dir, {})
+                new_loc = new_loc.get(dir, {})
+
+            if level_to_check in old_loc:
+                old_level = int(old_loc[level_to_check])
+            else:
+                old_level = None
+
+            if level_to_check in new_loc:
+                new_level = int(new_loc[level_to_check])
+            else:
+                new_level = None
+
+            if new_level is not None and old_level is not None:
+                if new_level == old_level:
+                    continue
+
+            if dir == "users" and level_to_check != event.user_id:
+                if old_level == user_level:
+                    raise AuthError(
+                        403,
+                        "You don't have permission to remove ops level equal "
+                        "to your own"
+                    )
+
+            if old_level > user_level or new_level > user_level:
+                raise AuthError(
+                    403,
+                    "You don't have permission to add ops level greater "
+                    "than your own"
+                )
+
+    @staticmethod
+    def _get_power_level_event(auth_events):
+        key = (EventTypes.PowerLevels, "", )
+        return auth_events.get(key)
+
+    @staticmethod
+    def _get_user_power_level(user_id, auth_events):
+        power_level_event = Auther._get_power_level_event(auth_events)
+
+        if power_level_event:
+            level = power_level_event.content.get("users", {}).get(user_id)
+            if not level:
+                level = power_level_event.content.get("users_default", 0)
+
+            if level is None:
+                return 0
+            else:
+                return int(level)
+        else:
+            key = (EventTypes.Create, "", )
+            create_event = auth_events.get(key)
+            if (create_event is not None and
+                    create_event.content["creator"] == user_id):
+                return 100
+            else:
+                return 0
+
+    @staticmethod
+    def _get_named_level(auth_events, name, default):
+        power_level_event = Auther._get_power_level_event(auth_events)
+
+        if not power_level_event:
+            return default
+
+        level = power_level_event.content.get(name, None)
+        if level is not None:
+            return int(level)
+        else:
+            return default
+
+    @staticmethod
+    def _verify_third_party_invite(event, auth_events):
         """
         Validates that the invite event is authorized by a previous third-party invite.
 
@@ -512,7 +622,7 @@ class Auth(object):
         if signed["token"] != token:
             return False
 
-        for public_key_object in self.get_public_keys(invite_event):
+        for public_key_object in Auther.get_public_keys(invite_event):
             public_key = public_key_object["public_key"]
             try:
                 for server, signature_block in signed["signatures"].items():
@@ -534,7 +644,8 @@ class Auth(object):
                 continue
         return False
 
-    def get_public_keys(self, invite_event):
+    @staticmethod
+    def get_public_keys(invite_event):
         public_keys = []
         if "public_key" in invite_event.content:
             o = {
@@ -546,42 +657,154 @@ class Auth(object):
         public_keys.extend(invite_event.content.get("public_keys", []))
         return public_keys
 
-    def _get_power_level_event(self, auth_events):
-        key = (EventTypes.PowerLevels, "", )
-        return auth_events.get(key)
 
-    def _get_user_power_level(self, user_id, auth_events):
-        power_level_event = self._get_power_level_event(auth_events)
+class Auth(object):
+    """
+    FIXME: This class contains a mix of functions for authenticating users
+    of our client-server API and authenticating events added to room graphs.
+    """
+    def __init__(self, hs):
+        self.hs = hs
+        self.clock = hs.get_clock()
+        self.store = hs.get_datastore()
+        self.state = hs.get_state_handler()
+        self.TOKEN_NOT_FOUND_HTTP_STATUS = 401
 
-        if power_level_event:
-            level = power_level_event.content.get("users", {}).get(user_id)
-            if not level:
-                level = power_level_event.content.get("users_default", 0)
+    @defer.inlineCallbacks
+    def check_from_context(self, event, context, do_sig_check=True):
+        auth_events_ids = yield self.compute_auth_events(
+            event, context.prev_state_ids, for_verification=True,
+        )
+        auth_events = yield self.store.get_events(auth_events_ids)
+        auth_events = {
+            (e.type, e.state_key): e for e in auth_events.values()
+        }
+        self.check(event, auth_events=auth_events, do_sig_check=do_sig_check)
 
-            if level is None:
-                return 0
-            else:
-                return int(level)
-        else:
-            key = (EventTypes.Create, "", )
-            create_event = auth_events.get(key)
-            if (create_event is not None and
-                    create_event.content["creator"] == user_id):
-                return 100
-            else:
-                return 0
+    def check(self, event, auth_events, do_sig_check=True):
+        """ Checks if this event is correctly authed.
 
-    def _get_named_level(self, auth_events, name, default):
-        power_level_event = self._get_power_level_event(auth_events)
+        Args:
+            event: the event being checked.
+            auth_events (dict: event-key -> event): the existing room state.
 
-        if not power_level_event:
-            return default
 
-        level = power_level_event.content.get(name, None)
-        if level is not None:
-            return int(level)
+        Returns:
+            True if the auth checks pass.
+        """
+        with Measure(self.clock, "auth.check"):
+            Auther.check(event, auth_events, do_sig_check=do_sig_check)
+
+    def check_size_limits(self, event):
+        def too_big(field):
+            raise EventSizeError("%s too large" % (field,))
+
+        if len(event.user_id) > 255:
+            too_big("user_id")
+        if len(event.room_id) > 255:
+            too_big("room_id")
+        if event.is_state() and len(event.state_key) > 255:
+            too_big("state_key")
+        if len(event.type) > 255:
+            too_big("type")
+        if len(event.event_id) > 255:
+            too_big("event_id")
+        if len(encode_canonical_json(event.get_pdu_json())) > 65536:
+            too_big("event")
+
+    @defer.inlineCallbacks
+    def check_joined_room(self, room_id, user_id, current_state=None):
+        """Check if the user is currently joined in the room
+        Args:
+            room_id(str): The room to check.
+            user_id(str): The user to check.
+            current_state(dict): Optional map of the current state of the room.
+                If provided then that map is used to check whether they are a
+                member of the room. Otherwise the current membership is
+                loaded from the database.
+        Raises:
+            AuthError if the user is not in the room.
+        Returns:
+            A deferred membership event for the user if the user is in
+            the room.
+        """
+        if current_state:
+            member = current_state.get(
+                (EventTypes.Member, user_id),
+                None
+            )
         else:
-            return default
+            member = yield self.state.get_current_state(
+                room_id=room_id,
+                event_type=EventTypes.Member,
+                state_key=user_id
+            )
+
+        self._check_joined_room(member, user_id, room_id)
+        defer.returnValue(member)
+
+    @defer.inlineCallbacks
+    def check_user_was_in_room(self, room_id, user_id):
+        """Check if the user was in the room at some point.
+        Args:
+            room_id(str): The room to check.
+            user_id(str): The user to check.
+        Raises:
+            AuthError if the user was never in the room.
+        Returns:
+            A deferred membership event for the user if the user was in the
+            room. This will be the join event if they are currently joined to
+            the room. This will be the leave event if they have left the room.
+        """
+        member = yield self.state.get_current_state(
+            room_id=room_id,
+            event_type=EventTypes.Member,
+            state_key=user_id
+        )
+        membership = member.membership if member else None
+
+        if membership not in (Membership.JOIN, Membership.LEAVE):
+            raise AuthError(403, "User %s not in room %s" % (
+                user_id, room_id
+            ))
+
+        if membership == Membership.LEAVE:
+            forgot = yield self.store.did_forget(user_id, room_id)
+            if forgot:
+                raise AuthError(403, "User %s not in room %s" % (
+                    user_id, room_id
+                ))
+
+        defer.returnValue(member)
+
+    @defer.inlineCallbacks
+    def check_host_in_room(self, room_id, host):
+        with Measure(self.clock, "check_host_in_room"):
+            latest_event_ids = yield self.store.get_latest_event_ids_in_room(room_id)
+
+            logger.info("calling resolve_state_groups from check_host_in_room")
+            entry = yield self.state.resolve_state_groups(
+                room_id, latest_event_ids
+            )
+
+            ret = yield self.store.is_host_joined(
+                room_id, host, entry.state_group, entry.state
+            )
+            defer.returnValue(ret)
+
+    def _check_joined_room(self, member, user_id, room_id):
+        if not member or member.membership != Membership.JOIN:
+            raise AuthError(403, "User %s not in room %s (%s)" % (
+                user_id, room_id, repr(member)
+            ))
+
+    def can_federate(self, event, auth_events):
+        creation_event = auth_events.get((EventTypes.Create, ""))
+
+        return creation_event.content.get("m.federate", True) is True
+
+    def get_public_keys(self, invite_event):
+        return Auther.get_public_keys(invite_event)
 
     @defer.inlineCallbacks
     def get_user_by_req(self, request, allow_guest=False, rights="access"):
@@ -975,54 +1198,7 @@ class Auth(object):
         defer.returnValue(auth_ids)
 
     def _get_send_level(self, etype, state_key, auth_events):
-        key = (EventTypes.PowerLevels, "", )
-        send_level_event = auth_events.get(key)
-        send_level = None
-        if send_level_event:
-            send_level = send_level_event.content.get("events", {}).get(
-                etype
-            )
-            if send_level is None:
-                if state_key is not None:
-                    send_level = send_level_event.content.get(
-                        "state_default", 50
-                    )
-                else:
-                    send_level = send_level_event.content.get(
-                        "events_default", 0
-                    )
-
-        if send_level:
-            send_level = int(send_level)
-        else:
-            send_level = 0
-
-        return send_level
-
-    @log_function
-    def _can_send_event(self, event, auth_events):
-        send_level = self._get_send_level(
-            event.type, event.get("state_key", None), auth_events
-        )
-        user_level = self._get_user_power_level(event.user_id, auth_events)
-
-        if user_level < send_level:
-            raise AuthError(
-                403,
-                "You don't have permission to post that to the room. " +
-                "user_level (%d) < send_level (%d)" % (user_level, send_level)
-            )
-
-        # Check state_key
-        if hasattr(event, "state_key"):
-            if event.state_key.startswith("@"):
-                if event.state_key != event.user_id:
-                    raise AuthError(
-                        403,
-                        "You are not allowed to set others state"
-                    )
-
-        return True
+        return Auther._get_send_level(etype, state_key, auth_events)
 
     def check_redaction(self, event, auth_events):
         """Check whether the event sender is allowed to redact the target event.
@@ -1037,107 +1213,7 @@ class Auth(object):
             AuthError if the event sender is definitely not allowed to redact
             the target event.
         """
-        user_level = self._get_user_power_level(event.user_id, auth_events)
-
-        redact_level = self._get_named_level(auth_events, "redact", 50)
-
-        if user_level >= redact_level:
-            return False
-
-        redacter_domain = get_domain_from_id(event.event_id)
-        redactee_domain = get_domain_from_id(event.redacts)
-        if redacter_domain == redactee_domain:
-            return True
-
-        raise AuthError(
-            403,
-            "You don't have permission to redact events"
-        )
-
-    def _check_power_levels(self, event, auth_events):
-        user_list = event.content.get("users", {})
-        # Validate users
-        for k, v in user_list.items():
-            try:
-                UserID.from_string(k)
-            except:
-                raise SynapseError(400, "Not a valid user_id: %s" % (k,))
-
-            try:
-                int(v)
-            except:
-                raise SynapseError(400, "Not a valid power level: %s" % (v,))
-
-        key = (event.type, event.state_key, )
-        current_state = auth_events.get(key)
-
-        if not current_state:
-            return
-
-        user_level = self._get_user_power_level(event.user_id, auth_events)
-
-        # Check other levels:
-        levels_to_check = [
-            ("users_default", None),
-            ("events_default", None),
-            ("state_default", None),
-            ("ban", None),
-            ("redact", None),
-            ("kick", None),
-            ("invite", None),
-        ]
-
-        old_list = current_state.content.get("users")
-        for user in set(old_list.keys() + user_list.keys()):
-            levels_to_check.append(
-                (user, "users")
-            )
-
-        old_list = current_state.content.get("events")
-        new_list = event.content.get("events")
-        for ev_id in set(old_list.keys() + new_list.keys()):
-            levels_to_check.append(
-                (ev_id, "events")
-            )
-
-        old_state = current_state.content
-        new_state = event.content
-
-        for level_to_check, dir in levels_to_check:
-            old_loc = old_state
-            new_loc = new_state
-            if dir:
-                old_loc = old_loc.get(dir, {})
-                new_loc = new_loc.get(dir, {})
-
-            if level_to_check in old_loc:
-                old_level = int(old_loc[level_to_check])
-            else:
-                old_level = None
-
-            if level_to_check in new_loc:
-                new_level = int(new_loc[level_to_check])
-            else:
-                new_level = None
-
-            if new_level is not None and old_level is not None:
-                if new_level == old_level:
-                    continue
-
-            if dir == "users" and level_to_check != event.user_id:
-                if old_level == user_level:
-                    raise AuthError(
-                        403,
-                        "You don't have permission to remove ops level equal "
-                        "to your own"
-                    )
-
-            if old_level > user_level or new_level > user_level:
-                raise AuthError(
-                    403,
-                    "You don't have permission to add ops level greater "
-                    "than your own"
-                )
+        return Auther.check_redaction(event, auth_events)
 
     @defer.inlineCallbacks
     def check_can_change_room_list(self, room_id, user):
@@ -1167,10 +1243,10 @@ class Auth(object):
         if power_level_event:
             auth_events[(EventTypes.PowerLevels, "")] = power_level_event
 
-        send_level = self._get_send_level(
+        send_level = Auther._get_send_level(
             EventTypes.Aliases, "", auth_events
         )
-        user_level = self._get_user_power_level(user_id, auth_events)
+        user_level = Auther._get_user_power_level(user_id, auth_events)
 
         if user_level < send_level:
             raise AuthError(