summary refs log tree commit diff
path: root/synapse/event_auth.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Change collection[str] to StrCollection in event_auth code (#14929)Harishankar Kumar2023-02-141-14/+9
| | | Signed-off-by: Harishankar Kumar <hari01584@gmail.com>
* Reject boolean power levels (#14944)David Robertson2023-01-311-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Better test for bad values in power levels events The previous test only checked that Synapse didn't raise an exception, but didn't check that we had correctly interpreted the value of the dodgy power level. It also conflated two things: bad room notification levels, and bad user levels. There _is_ logic for converting the latter to integers, but we should test it separately. * Check we ignore types that don't convert to int * Handle `None` values in `notifications.room` * Changelog * Also test that bad values are rejected by event auth * Docstring * linter scripttttttttt * Test boolean values in PL content * Reject boolean power levels * Changelog
* Properly check for frozendicts in event auth code. (#14864)Patrick Cloke2023-01-181-1/+2
| | | | | Check for for an instance of a mapping instead of a dict. This only affects room version 10 when frozen events are enabled.
* Improve validation of field size limits in events. (#14664)reivilibre2022-12-131-7/+69
|
* Revert "Fix event size checks (#13710)"David Robertson2022-11-011-5/+5
| | | | | | | | | | | This reverts commit fab495a9e1442d99e922367f65f41de5eaa488eb. As noted in https://github.com/matrix-org/synapse/pull/13710#issuecomment-1298396007: > We want to see this change land for the protocol's sake (and plan to un-revert it) but want to give this a little more time before releasing this.
* Fix event size checks (#13710)DeepBlueV7.X2022-10-211-5/+5
|
* Prepatory work for adding power level event to batched events (#14214)Shay2022-10-181-1/+18
|
* Rename the `EventFormatVersions` enum values so that they line up with room ↵reivilibre2022-09-071-2/+2
| | | | version numbers. (#13706)
* Implement MSC3848: Introduce errcodes for specific event sending failures ↵Will Hunt2022-07-271-11/+51
| | | | | (#13343) Implements MSC3848
* Add support for room version 10 (#13220)Shay2022-07-131-0/+26
|
* Fix inconsistencies in event validation (#13088)Richard van der Hoff2022-06-171-2/+21
|
* Fix inconsistencies in event validation for `m.room.create` events (#13087)Richard van der Hoff2022-06-171-23/+44
| | | | | | | | | | * Extend the auth rule checks for `m.room.create` events ... and move them up to the top of the function. Since the no auth_events are allowed for m.room.create events, we may as well get the m.room.create event checks out of the way first. * Add a test for create events with prev_events
* Move some event auth checks out to a different method (#13065)Richard van der Hoff2022-06-151-29/+79
| | | | | | | | | | | | | | * Add auth events to events used in tests * Move some event auth checks out to a different method Some of the event auth checks apply to an event's auth_events, rather than the state at the event - which means they can play no part in state resolution. Move them out to a separate method. * Rename check_auth_rules_for_event Now it only checks the state-dependent auth rules, it needs a better name.
* Remove `room_version` param from `check_auth_rules_for_event`Richard van der Hoff2022-06-121-7/+8
| | | | | | | Instead, use the `room_version` property of the event we're checking. The `room_version` was originally added as a parameter somewhere around #4482, but really it's been redundant since #6875 added a `room_version` field to `EventBase`.
* Remove `room_version` param from `validate_event_for_room_version`Richard van der Hoff2022-06-121-8/+4
| | | | | | | Instead, use the `room_version` property of the event we're validating. The `room_version` was originally added as a parameter somewhere around #4482, but really it's been redundant since #6875 added a `room_version` field to `EventBase`.
* Add a new room version for MSC3787's knock+restricted join rule (#12623)Travis Ralston2022-05-171-4/+17
|
* Remove excess condition on `knock->leave` check (#11900)Travis Ralston2022-02-221-3/+3
|
* fix import cycle (#11965)Richard van der Hoff2022-02-111-23/+31
|
* Adds misc missing type hints (#11953)Patrick Cloke2022-02-111-1/+3
|
* Check *all* auth events for room id and rejection (#11009)Richard van der Hoff2021-10-181-18/+15
| | | | | | | | | | | This fixes a bug where we would accept an event whose `auth_events` include rejected events, if the rejected event was shadowed by another `auth_event` with same `(type, state_key)`. The approach is to pass a list of auth events into `check_auth_rules_for_event` instead of a dict, which of course means updating the call sites. This is an extension of #10956.
* Ensure that we reject events which use rejected events for auth (#10956)Richard van der Hoff2021-10-051-0/+6
| | | | | | | | | | When we consider whether to accept events, we should not accept those which depend on rejected events for their auth events. This (together with earlier changes such as https://github.com/matrix-org/synapse/pull/10771 and https://github.com/matrix-org/synapse/pull/10896) forms a partial fix to https://github.com/matrix-org/synapse/issues/9595. There still remain code paths where we do not check the `auth_events` at all.
* Strip "join_authorised_via_users_server" from join events which do not need ↵Patrick Cloke2021-09-301-5/+7
| | | | | | | it. (#10933) This fixes a "Event not signed by authorising server" error when transition room member from join -> join, e.g. when updating a display name or avatar URL for restricted rooms.
* Split `event_auth.check` into two parts (#10940)Richard van der Hoff2021-09-291-61/+92
| | | | | | | | | | | | | Broadly, the existing `event_auth.check` function has two parts: * a validation section: checks that the event isn't too big, that it has the rught signatures, etc. This bit is independent of the rest of the state in the room, and so need only be done once for each event. * an auth section: ensures that the event is allowed, given the rest of the state in the room. This gets done multiple times, against various sets of room state, because it forms part of the state res algorithm. Currently, this is implemented with `do_sig_check` and `do_size_check` parameters, but I think that makes everything hard to follow. Instead, we split the function in two and call each part separately where it is needed.
* Only do restricted join rules signature checks for room versions 8/9. (#10927)Patrick Cloke2021-09-281-1/+2
| | | | Otherwise the presence of a (bogus, unused) field could cause auth checks to fail.
* Rename MSC2716 things from `chunk` to `batch` to match `/batch_send` ↵Eric Eastwood2021-09-211-4/+4
| | | | | | | | endpoint (#10838) See https://github.com/matrix-org/matrix-doc/pull/2716#discussion_r684574497 Dropping support for older MSC2716 room versions so we don't have to worry about supporting both chunk and batch events.
* Add a constant for m.federate. (#10775)Patrick Cloke2021-09-081-2/+8
|
* Ease searching for M_TOO_LARGE-related error codes (#10750)Andrew Morgan2021-09-061-9/+6
|
* Support MSC3289: Room version 8 (#10449)Patrick Cloke2021-08-091-4/+1
| | | This adds support for MSC3289: room version 8. This is room version 7 + MSC3083.
* Fix explicit assignment of PL 0 from being misinterpreted in rare ↵reivilibre2021-07-301-1/+1
| | | | circumstances (#10499)
* Make historical events discoverable from backfill for servers without any ↵Eric Eastwood2021-07-281-0/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | scrollback history (MSC2716) (#10245) * Make historical messages available to federated servers Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 Follow-up to https://github.com/matrix-org/synapse/pull/9247 * Debug message not available on federation * Add base starting insertion point when no chunk ID is provided * Fix messages from multiple senders in historical chunk Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716 --- Previously, Synapse would throw a 403, `Cannot force another user to join.`, because we were trying to use `?user_id` from a single virtual user which did not match with messages from other users in the chunk. * Remove debug lines * Messing with selecting insertion event extremeties * Move db schema change to new version * Add more better comments * Make a fake requester with just what we need See https://github.com/matrix-org/synapse/pull/10276#discussion_r660999080 * Store insertion events in table * Make base insertion event float off on its own See https://github.com/matrix-org/synapse/pull/10250#issuecomment-875711889 Conflicts: synapse/rest/client/v1/room.py * Validate that the app service can actually control the given user See https://github.com/matrix-org/synapse/pull/10276#issuecomment-876316455 Conflicts: synapse/rest/client/v1/room.py * Add some better comments on what we're trying to check for * Continue debugging * Share validation logic * Add inserted historical messages to /backfill response * Remove debug sql queries * Some marker event implemntation trials * Clean up PR * Rename insertion_event_id to just event_id * Add some better sql comments * More accurate description * Add changelog * Make it clear what MSC the change is part of * Add more detail on which insertion event came through * Address review and improve sql queries * Only use event_id as unique constraint * Fix test case where insertion event is already in the normal DAG * Remove debug changes * Switch to chunk events so we can auth via power_levels Previously, we were using `content.chunk_id` to connect one chunk to another. But these events can be from any `sender` and we can't tell who should be able to send historical events. We know we only want the application service to do it but these events have the sender of a real historical message, not the application service user ID as the sender. Other federated homeservers also have no indicator which senders are an application service on the originating homeserver. So we want to auth all of the MSC2716 events via power_levels and have them be sent by the application service with proper PL levels in the room. * Switch to chunk events for federation * Add unstable room version to support new historical PL * Fix federated events being rejected for no state_groups Add fix from https://github.com/matrix-org/synapse/pull/10439 until it merges. * Only connect base insertion event to prev_event_ids Per discussion with @erikjohnston, https://matrix.to/#/!UytJQHLQYfvYWsGrGY:jki.re/$12bTUiObDFdHLAYtT7E-BvYRp3k_xv8w0dUQHibasJk?via=jki.re&via=matrix.org * Make it possible to get the room_version with txn * Allow but ignore historical events in unsupported room version See https://github.com/matrix-org/synapse/pull/10245#discussion_r675592489 We can't reject historical events on unsupported room versions because homeservers without knowledge of MSC2716 or the new room version don't reject historical events either. Since we can't rely on the auth check here to stop historical events on unsupported room versions, I've added some additional checks in the processing/persisting code (`synapse/storage/databases/main/events.py` -> `_handle_insertion_event` and `_handle_chunk_event`). I've had to do some refactoring so there is method to fetch the room version by `txn`. * Move to unique index syntax See https://github.com/matrix-org/synapse/pull/10245#discussion_r675638509 * High-level document how the insertion->chunk lookup works * Remove create_event fallback for room_versions See https://github.com/matrix-org/synapse/pull/10245/files#r677641879 * Use updated method name
* Update the MSC3083 support to verify if joins are from an authorized server. ↵Patrick Cloke2021-07-261-16/+61
| | | | (#10254)
* Use inline type hints in various other places (in `synapse/`) (#10380)Jonathan de Jong2021-07-151-4/+4
|
* Add type hints and comments to event auth code. (#10393)Patrick Cloke2021-07-141-0/+3
|
* Correct type hints for synapse.event_auth. (#10253)Patrick Cloke2021-06-301-2/+3
|
* Implement knock feature (#6739)Sorunome2021-06-091-4/+29
| | | | | | This PR aims to implement the knock feature as proposed in https://github.com/matrix-org/matrix-doc/pull/2403 Signed-off-by: Sorunome mail@sorunome.de Signed-off-by: Andrew Morgan andrewm@element.io
* Improved validation for received requests (#9817)Richard van der Hoff2021-04-231-2/+2
| | | | | | * Simplify `start_listening` callpath * Correctly check the size of uploaded files
* Add type hints to auth and auth_blocking. (#9876)Patrick Cloke2021-04-231-2/+2
|
* Fix (final) Bugbear violations (#9838)Jonathan de Jong2021-04-201-1/+1
|
* Remove redundant "coding: utf-8" lines (#9786)Jonathan de Jong2021-04-141-1/+0
| | | | | | | Part of #9744 Removes all redundant `# -*- coding: utf-8 -*-` lines from files, as python 3 automatically reads source code as utf-8 now. `Signed-off-by: Jonathan de Jong <jonathan@automatia.nl>`
* Add an experimental room version to support restricted join rules. (#9717)Patrick Cloke2021-03-311-6/+22
| | | Per MSC3083.
* Update black, and run auto formatting over the codebase (#9381)Eric Eastwood2021-02-161-3/+7
| | | | | | | - Update black version to the latest - Run black auto formatting over the codebase - Run autoformatting according to [`docs/code_style.md `](https://github.com/matrix-org/synapse/blob/80d6dc9783aa80886a133756028984dbf8920168/docs/code_style.md) - Update `code_style.md` docs around installing black to use the correct version
* Ensure that event.redacts is the proper type before handling it (#8457)Patrick Cloke2020-10-051-0/+2
| | | This fixes a bug when backfilling invalid events.
* Convert events worker database to async/await. (#8071)Patrick Cloke2020-08-181-1/+1
|
* Fix recursion error when fetching auth chain over federation (#7817)Erik Johnston2020-07-101-4/+6
| | | | | | | | | | | | | | | When fetching the state of a room over federation we receive the event IDs of the state and auth chain. We then fetch those events that we don't already have. However, we used a function that recursively fetched any missing auth events for the fetched events, which can lead to a lot of recursion if the server is missing most of the auth chain. This work is entirely pointless because would have queued up the missing events in the auth chain to be fetched already. Let's just diable the recursion, since it only gets called from one place anyway.
* Add type hints to event_auth code. (#7505)Patrick Cloke2020-05-151-32/+46
|
* Enforce MSC2209: auth rules for notifications in power level event (#7502)Patrick Cloke2020-05-141-2/+10
| | | | In a new room version, the "notifications" key of power level events are subject to restricted auth rules.
* Remove special auth and redaction rules for aliases events in experimental ↵Patrick Cloke2020-03-091-5/+3
| | | | room ver. (#7037)
* fix bad variable refRichard van der Hoff2020-01-281-1/+1
|
* Implement updated auth rules from MSC2260Richard van der Hoff2020-01-281-5/+19
|
* Pass room version object into event_auth.check and check_redaction (#6788)Richard van der Hoff2020-01-281-13/+21
| | | | | | | These are easier to work with than the strings and we normally have one around. This fixes `FederationHander._persist_auth_tree` which was passing a RoomVersion object into event_auth.check instead of a string.
* Fixup synapse.api to pass mypy (#6733)Erik Johnston2020-01-201-1/+1
|
* Merge release-v1.7.1 into developRichard van der Hoff2019-12-181-7/+8
|\
| * Fix bug where we added duplicate event IDs as auth_events (#6560)Erik Johnston2019-12-171-7/+8
| |
| * Sanity-check room ids in event auth (#6530)Richard van der Hoff2019-12-161-0/+12
| | | | | | | | When we do an event auth operation, check that all of the events involved are in the right room.
* | Sanity-check room ids in event auth (#6530)Richard van der Hoff2019-12-131-0/+12
| | | | | | | | When we do an event auth operation, check that all of the events involved are in the right room.
* | Remove redundant code from event authorisation implementation. (#6502)Richard van der Hoff2019-12-101-6/+2
|/
* Remove usage of deprecated logger.warn method from codebase (#6271)Andrew Morgan2019-10-311-1/+1
| | | Replace every instance of `logger.warn` with `logger.warning` as the former is deprecated.
* Cleanup extra quotes from IDEs (#6236)Andrew Morgan2019-10-231-2/+1
|
* Cleanup event auth type initialisation (#5975)Andrew Morgan2019-09-041-5/+5
| | | Very small code cleanup.
* Run Black. (#5482)Amber Brown2019-06-201-120/+57
|
* Collect room-version variations into one place (#4969)Richard van der Hoff2019-04-011-12/+8
| | | | Collect all the things that make room-versions different to one another into one place, so that it's easier to define new room versions.
* Merge branch 'develop' of github.com:matrix-org/synapse into ↵Erik Johnston2019-01-291-4/+8
|\ | | | | | | erikj/redactions_eiah
| * check event format version not room versionErik Johnston2019-01-291-2/+2
| |
| * Only check event IDs domain signed event for V1 and V2Erik Johnston2019-01-291-5/+14
| | | | | | | | Since newer versions of events don't have the same format for event ID.
* | Drop vdh supportErik Johnston2019-01-291-1/+1
| |
* | Implement rechecking of redactionsErik Johnston2019-01-291-6/+18
|/
* Pass through room version to event authErik Johnston2019-01-251-1/+2
|
* Add helpers for getting prev and auth events (#4139)Erik Johnston2018-11-061-2/+2
| | | | | | | * Add helpers for getting prev and auth events This is in preparation for allowing the event format to change between room versions.
* User event.sender rather than alias event.user_idErik Johnston2018-10-161-1/+1
|
* Sanitise error messages when user doesn't have permission to inviteErik Johnston2018-10-031-5/+2
|
* Fix handling of rejected threepid invitesErik Johnston2018-10-031-1/+1
|
* Fix error handling for missing auth_eventRichard van der Hoff2018-09-261-2/+2
| | | | | | | | | | When we were authorizing an event, if there was no `m.room.create` in its auth_events, we would raise a SynapseError with a cryptic message, which then meant that we would bail out of processing any incoming events, rather than storing a rejection for the faulty event and moving on. We should treat the absent event the same as any other auth failure, by raising an AuthError, so that the event is marked as rejected.
* Check m.room.create for sane room_versionsRichard van der Hoff2018-08-061-1/+9
|
* run isortAmber Brown2018-07-091-3/+3
|
* Avoid relying on int vs None comparisonErik Johnston2018-07-021-1/+5
| | | | Python 3 doesn't support comparing None to ints
* Ensure that we define sender_domainErik Johnston2018-07-021-0/+1
|
* Make default state_default 50Richard van der Hoff2018-06-141-20/+14
| | | | | | | Make it so that, before there is a power-levels event in the room, you need a power level of at least 50 to send state. Partially addresses https://github.com/matrix-org/matrix-doc/issues/1192
* Clarify interface for event_authRichard van der Hoff2018-06-141-18/+16
| | | | | stop pretending that it returns a boolean, which just almost gave me a heart attack.
* Refactor get_send_level to take a power_levels eventRichard van der Hoff2018-06-141-7/+38
| | | | it makes it easier for me to reason about
* Consistently use six's iteritems and wrap lazy keys/values in list() if ↵Amber Brown2018-05-311-2/+2
| | | | they're not meant to be lazy (#3307)
* Fix templating error with unban permission messageTravis Ralston2018-01-071-1/+1
| | | | | Fixes https://github.com/matrix-org/synapse/issues/2759 Signed-off-by: Travis Ralston <travpc@gmail.com>
* replace 'except:' with 'except Exception:'Richard van der Hoff2017-10-231-2/+2
| | | | what could possibly go wrong
* Fix 500 error when fields missing from power_levels eventRichard van der Hoff2017-10-171-3/+3
| | | | | If the users or events keys were missing from a power_levels event, then we would throw 500s when trying to auth them.
* Use better variable nameErik Johnston2017-01-171-3/+3
|
* Optimise state resolutionErik Johnston2017-01-171-6/+43
|
* Split event auth code into seperate moduleErik Johnston2017-01-131-0/+641