From 11fdfaf03b67810f3d289241f772d3177e3c6b7e Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 10 Aug 2016 11:55:15 +0100 Subject: Only resign our own events --- synapse/handlers/federation.py | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index 618cb53629..55d11122ba 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -1093,16 +1093,17 @@ class FederationHandler(BaseHandler): ) if event: - # FIXME: This is a temporary work around where we occasionally - # return events slightly differently than when they were - # originally signed - event.signatures.update( - compute_event_signature( - event, - self.hs.hostname, - self.hs.config.signing_key[0] + if self.hs.is_mine_id(event.event_id): + # FIXME: This is a temporary work around where we occasionally + # return events slightly differently than when they were + # originally signed + event.signatures.update( + compute_event_signature( + event, + self.hs.hostname, + self.hs.config.signing_key[0] + ) ) - ) if do_auth: in_room = yield self.auth.check_host_in_room( -- cgit 1.5.1 From 7f41bcbeec64da874c10a70f8a0b8e3f9f0626d8 Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 10 Aug 2016 13:22:20 +0100 Subject: Correctly auth /event/ requests --- synapse/handlers/federation.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index 55d11122ba..2f8959db92 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -249,7 +249,7 @@ class FederationHandler(BaseHandler): if ev.type != EventTypes.Member: continue try: - domain = UserID.from_string(ev.state_key).domain + domain = get_domain_from_id(ev.state_key) except: continue @@ -1106,13 +1106,14 @@ class FederationHandler(BaseHandler): ) if do_auth: - in_room = yield self.auth.check_host_in_room( - event.room_id, - origin + events = yield self._filter_events_for_server( + origin, event.room_id, [event] ) - if not in_room: + if not events: raise AuthError(403, "Host not in room.") + event = events[0] + defer.returnValue(event) else: defer.returnValue(None) -- cgit 1.5.1 From 739ea29d1ecbdf414db1f5062c8a2aeaa519f4ff Mon Sep 17 00:00:00 2001 From: Erik Johnston Date: Wed, 10 Aug 2016 13:32:23 +0100 Subject: Also check if server is in the room --- synapse/handlers/federation.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'synapse/handlers') diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index 2f8959db92..ff6bb475b5 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -1106,11 +1106,16 @@ class FederationHandler(BaseHandler): ) if do_auth: + in_room = yield self.auth.check_host_in_room( + event.room_id, + origin + ) + if not in_room: + raise AuthError(403, "Host not in room.") + events = yield self._filter_events_for_server( origin, event.room_id, [event] ) - if not events: - raise AuthError(403, "Host not in room.") event = events[0] -- cgit 1.5.1