summary refs log tree commit diff
path: root/synapse/handlers/event_auth.py (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Faster joins: use servers list approximation in `assert_host_in_room` (#14515)Mathieu Velten2022-11-241-11/+17
| | | Signed-off-by: Mathieu Velten <mathieuv@matrix.org>
* Prepatory work for adding power level event to batched events (#14214)Shay2022-10-181-5/+13
|
* Faster Remote Room Joins: tell remote homeservers that we are unable to ↵reivilibre2022-09-231-4/+27
| | | | authorise them if they query a room which has partial state on our server. (#13823)
* Use dedicated `get_local_users_in_room` to find local users when calculating ↵Eric Eastwood2022-08-241-6/+3
| | | | | | | `join_authorised_via_users_server` of a `/make_join` request (#13606) Use dedicated `get_local_users_in_room` to find local users when calculating `join_authorised_via_users_server` ("the authorising user for joining a restricted room") of a `/make_join` request. Found while working on https://github.com/matrix-org/synapse/pull/13575#discussion_r953023755 but it's not related.
* Move some event auth checks out to a different method (#13065)Richard van der Hoff2022-06-151-2/+6
| | | | | | | | | | | | | | * Add auth events to events used in tests * Move some event auth checks out to a different method Some of the event auth checks apply to an event's auth_events, rather than the state at the event - which means they can play no part in state resolution. Move them out to a separate method. * Rename check_auth_rules_for_event Now it only checks the state-dependent auth rules, it needs a better name.
* Remove redundant `room_version` param from `check_auth_rules_from_context`Richard van der Hoff2022-06-121-1/+0
| | | | It's now implied by the room_version property on the event.
* Remove `room_version` param from `check_auth_rules_for_event`Richard van der Hoff2022-06-121-1/+1
| | | | | | | Instead, use the `room_version` property of the event we're checking. The `room_version` was originally added as a parameter somewhere around #4482, but really it's been redundant since #6875 added a `room_version` field to `EventBase`.
* Add a new room version for MSC3787's knock+restricted join rule (#12623)Travis Ralston2022-05-171-1/+9
|
* Remove `HomeServer.get_datastore()` (#12031)Richard van der Hoff2022-02-231-1/+1
| | | | | | | The presence of this method was confusing, and mostly present for backwards compatibility. Let's get rid of it. Part of #11733
* Check *all* auth events for room id and rejection (#11009)Richard van der Hoff2021-10-181-2/+1
| | | | | | | | | | | This fixes a bug where we would accept an event whose `auth_events` include rejected events, if the rejected event was shadowed by another `auth_event` with same `(type, state_key)`. The approach is to pass a list of auth events into `check_auth_rules_for_event` instead of a dict, which of course means updating the call sites. This is an extension of #10956.
* Split `event_auth.check` into two parts (#10940)Richard van der Hoff2021-09-291-9/+6
| | | | | | | | | | | | | Broadly, the existing `event_auth.check` function has two parts: * a validation section: checks that the event isn't too big, that it has the rught signatures, etc. This bit is independent of the rest of the state in the room, and so need only be done once for each event. * an auth section: ensures that the event is allowed, given the rest of the state in the room. This gets done multiple times, against various sets of room state, because it forms part of the state res algorithm. Currently, this is implemented with `do_sig_check` and `do_size_check` parameters, but I think that makes everything hard to follow. Instead, we split the function in two and call each part separately where it is needed.
* Require type hints in the handlers module. (#10831)Patrick Cloke2021-09-201-1/+6
| | | | | | | Adds missing type hints to methods in the synapse.handlers module and requires all methods to have type hints there. This also removes the unused construct_auth_difference method from the FederationHandler.
* Clarify error message when joining a restricted room. (#10572)Patrick Cloke2021-08-111-1/+1
|
* Support MSC3289: Room version 8 (#10449)Patrick Cloke2021-08-091-1/+1
| | | This adds support for MSC3289: room version 8. This is room version 7 + MSC3083.
* Update the MSC3083 support to verify if joins are from an authorized server. ↵Patrick Cloke2021-07-261-4/+81
| | | | (#10254)
* Move methods involving event authentication to EventAuthHandler. (#10268)Patrick Cloke2021-07-011-2/+60
| | | Instead of mixing them with user authentication methods.
* Update MSC3083 support per changes in the MSC. (#10189)Patrick Cloke2021-06-171-18/+27
| | | Adds a "type" field and generalize "space" to "room_id".
* Allow a user who could join a restricted room to see it in spaces summary. ↵Patrick Cloke2021-05-201-21/+83
| | | | | | (#9922) This finishes up the experimental implementation of MSC3083 by showing the restricted rooms in the spaces summary (from MSC2946).
* Refactor checking restricted join rules (#10007)Patrick Cloke2021-05-181-16/+35
| | | | | To be more consistent with similar code. The check now automatically raises an AuthError instead of passing back a boolean. It also absorbs some shared logic between callers.
* Check for space membership during a remote join of a restricted room (#9814)Patrick Cloke2021-04-231-0/+86
| | | | | | When receiving a /send_join request for a room with join rules set to 'restricted', check if the user is a member of the spaces defined in the 'allow' key of the join rules. This only applies to an experimental room version, as defined in MSC3083.
* Revert "Check for space membership during a remote join of a restricted ↵Patrick Cloke2021-04-141-82/+0
| | | | | | | | room. (#9763)" This reverts commit cc51aaaa7adb0ec2235e027b5184ebda9b660ec4. The PR was prematurely merged and not yet approved.
* Check for space membership during a remote join of a restricted room. (#9763)Patrick Cloke2021-04-141-0/+82
When receiving a /send_join request for a room with join rules set to 'restricted', check if the user is a member of the spaces defined in the 'allow' key of the join rules. This only applies to an experimental room version, as defined in MSC3083.