diff --git a/synapse/event_auth.py b/synapse/event_auth.py index 4c0b587a7643..77f90558d848 100644 --- a/synapse/event_auth.py +++ b/synapse/event_auth.py @@ -45,9 +45,7 @@ logger = logging.getLogger(__name__) -def validate_event_for_room_version( - room_version_obj: RoomVersion, event: "EventBase" -) -> None: +def validate_event_for_room_version(event: "EventBase") -> None: """Ensure that the event complies with the limits, and has the right signatures NB: does not *validate* the signatures - it assumes that any signatures present @@ -60,12 +58,10 @@ def validate_event_for_room_version( NB: This is used to check events that have been received over federation. As such, it can only enforce the checks specified in the relevant room version, to avoid a split-brain situation where some servers accept such events, and others reject - them. - - TODO: consider moving this into EventValidator + them. See also EventValidator, which contains extra checks which are applied only to + locally-generated events. Args: - room_version_obj: the version of the room which contains this event event: the event to be checked Raises: @@ -103,7 +99,7 @@ def validate_event_for_room_version( raise AuthError(403, "Event not signed by sending server") is_invite_via_allow_rule = ( - room_version_obj.msc3083_join_rules + event.room_version.msc3083_join_rules and event.type == EventTypes.Member and event.membership == Membership.JOIN and EventContentFields.AUTHORISING_USER in event.content diff --git a/synapse/events/validator.py b/synapse/events/validator.py index 29fa9b388026..27c8beba25b6 100644 --- a/synapse/events/validator.py +++ b/synapse/events/validator.py @@ -35,6 +35,10 @@ class EventValidator: def validate_new(self, event: EventBase, config: HomeServerConfig) -> None: """Validates the event has roughly the right format + Suitable for checking a locally-created event. It has stricter checks than + is appropriate for an event received over federation (for which, see + event_auth.validate_event_for_room_version) + Args: event: The event to validate. config: The homeserver's configuration. diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py index 6a143440d3f9..b59641776932 100644 --- a/synapse/handlers/federation.py +++ b/synapse/handlers/federation.py @@ -1206,7 +1206,7 @@ async def exchange_third_party_invite( event.internal_metadata.send_on_behalf_of = self.hs.hostname try: - validate_event_for_room_version(room_version_obj, event) + validate_event_for_room_version(event) await self._event_auth_handler.check_auth_rules_from_context( room_version_obj, event, context ) @@ -1258,7 +1258,7 @@ async def on_exchange_third_party_invite_request( ) try: - validate_event_for_room_version(room_version_obj, event) + validate_event_for_room_version(event) await self._event_auth_handler.check_auth_rules_from_context( room_version_obj, event, context ) diff --git a/synapse/handlers/federation_event.py b/synapse/handlers/federation_event.py index 87a0608359c8..420ad8b9694b 100644 --- a/synapse/handlers/federation_event.py +++ b/synapse/handlers/federation_event.py @@ -1453,7 +1453,7 @@ def prep(event: EventBase) -> Optional[Tuple[EventBase, EventContext]]: context = EventContext.for_outlier(self._storage_controllers) try: - validate_event_for_room_version(room_version_obj, event) + validate_event_for_room_version(event) check_auth_rules_for_event(room_version_obj, event, auth) except AuthError as e: logger.warning("Rejecting %r because %s", event, e) @@ -1501,7 +1501,7 @@ async def _check_event_auth( room_version_obj = KNOWN_ROOM_VERSIONS[room_version] try: - validate_event_for_room_version(room_version_obj, event) + validate_event_for_room_version(event) except AuthError as e: logger.warning("While validating received event %r: %s", event, e) # TODO: use a different rejected reason here? diff --git a/synapse/handlers/message.py b/synapse/handlers/message.py index f455158a2cf6..b078e2424f72 100644 --- a/synapse/handlers/message.py +++ b/synapse/handlers/message.py @@ -1297,7 +1297,7 @@ async def handle_new_client_event( assert event.content["membership"] == Membership.LEAVE else: try: - validate_event_for_room_version(room_version_obj, event) + validate_event_for_room_version(event) await self._event_auth_handler.check_auth_rules_from_context( room_version_obj, event, context ) diff --git a/synapse/handlers/room.py b/synapse/handlers/room.py index 520663f172dd..44d9784077f6 100644 --- a/synapse/handlers/room.py +++ b/synapse/handlers/room.py @@ -227,7 +227,7 @@ async def upgrade_room( }, ) old_room_version = await self.store.get_room_version(old_room_id) - validate_event_for_room_version(old_room_version, tombstone_event) + validate_event_for_room_version(tombstone_event) await self._event_auth_handler.check_auth_rules_from_context( old_room_version, tombstone_event, tombstone_context )