diff --git a/synapse/handlers/e2e_keys.py b/synapse/handlers/e2e_keys.py
index 63e00f102e..1ece54ccfc 100644
--- a/synapse/handlers/e2e_keys.py
+++ b/synapse/handlers/e2e_keys.py
@@ -1476,6 +1476,42 @@ class E2eKeysHandler:
else:
return exists, self.clock.time_msec() < ts_replacable_without_uia_before
+ async def has_different_keys(self, user_id: str, body: JsonDict) -> bool:
+ """
+ Check if a key provided in `body` differs from the same key stored in the DB. Returns
+ true on the first difference. If a key exists in `body` but does not exist in the DB,
+ returns True. If `body` has no keys, this always returns False.
+ Note by 'key' we mean Matrix key rather than JSON key.
+
+ The purpose of this function is to detect whether or not we need to apply UIA checks.
+ We must apply UIA checks if any key in the database is being overwritten. If a key is
+ being inserted for the first time, or if the key exactly matches what is in the database,
+ then no UIA check needs to be performed.
+
+ Args:
+ user_id: The user who sent the `body`.
+ body: The JSON request body from POST /keys/device_signing/upload
+ Returns:
+ True if any key in `body` has a different value in the database.
+ """
+ # Ensure that each key provided in the request body exactly matches the one we have stored.
+ # The first time we see the DB having a different key to the matching request key, bail.
+ # Note: we do not care if the DB has a key which the request does not specify, as we only
+ # care about *replacements* or *insertions* (i.e UPSERT)
+ req_body_key_to_db_key = {
+ "master_key": "master",
+ "self_signing_key": "self_signing",
+ "user_signing_key": "user_signing",
+ }
+ for req_body_key, db_key in req_body_key_to_db_key.items():
+ if req_body_key in body:
+ existing_key = await self.store.get_e2e_cross_signing_key(
+ user_id, db_key
+ )
+ if existing_key != body[req_body_key]:
+ return True
+ return False
+
def _check_cross_signing_key(
key: JsonDict, user_id: str, key_type: str, signing_key: Optional[VerifyKey] = None
diff --git a/synapse/rest/client/keys.py b/synapse/rest/client/keys.py
index b6d9ee074a..86c9515854 100644
--- a/synapse/rest/client/keys.py
+++ b/synapse/rest/client/keys.py
@@ -409,7 +409,18 @@ class SigningKeyUploadServlet(RestServlet):
# But first-time setup is fine
elif self.hs.config.experimental.msc3967_enabled:
- # If we already have a master key then cross signing is set up and we require UIA to reset
+ # MSC3967 allows this endpoint to 200 OK for idempotency. Resending exactly the same
+ # keys should just 200 OK without doing a UIA prompt.
+ keys_are_different = await self.e2e_keys_handler.has_different_keys(
+ user_id, body
+ )
+ if not keys_are_different:
+ # FIXME: we do not fallthrough to upload_signing_keys_for_user because confusingly
+ # if we do, we 500 as it looks like it tries to INSERT the same key twice, causing a
+ # unique key constraint violation. This sounds like a bug?
+ return 200, {}
+ # the keys are different, is x-signing set up? If no, then the keys don't exist which is
+ # why they are different. If yes, then we need to UIA to change them.
if is_cross_signing_setup:
await self.auth_handler.validate_user_via_ui_auth(
requester,
@@ -420,7 +431,6 @@ class SigningKeyUploadServlet(RestServlet):
can_skip_ui_auth=False,
)
# Otherwise we don't require UIA since we are setting up cross signing for first time
-
else:
# Previous behaviour is to always require UIA but allow it to be skipped
await self.auth_handler.validate_user_via_ui_auth(
|
