Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Add auth events as per spec. #6556

Merged
merged 4 commits into from
Dec 16, 2019
+35 −67
Merged

Add auth events as per spec. #6556

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
40cca89
Add auth events as per spec.
erikjohnston Dec 16, 2019
5aed4e9
Newsfile
erikjohnston Dec 16, 2019
6985777
Fixup review comments
erikjohnston Dec 16, 2019
5fe3894
Lint
erikjohnston Dec 16, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/6556.bugfix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fix a cause of state resets in room versions 2 onwards.
101 changes: 34 additions & 67 deletions synapse/api/auth.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
# limitations under the License.

import logging
from typing import Dict, Tuple

from six import itervalues

Expand All @@ -25,13 +26,7 @@
import synapse.logging.opentracing as opentracing
import synapse.types
from synapse import event_auth
from synapse.api.constants import (
EventTypes,
JoinRules,
LimitBlockingTypes,
Membership,
UserTypes,
)
from synapse.api.constants import EventTypes, LimitBlockingTypes, Membership, UserTypes
from synapse.api.errors import (
AuthError,
Codes,
Expand Down Expand Up @@ -513,71 +508,43 @@ def is_server_admin(self, user):
"""
return self.store.is_server_admin(user)

@defer.inlineCallbacks
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

turning this from a deferred-returning function to an immediate one without updating the call sites feels like it might bite us later? Better to return defer.suceed() or add a yield defer.succeed() ?

Not that bothered though. We'll probably catch it when we update the call sites...

def compute_auth_events(self, event, current_state_ids, for_verification=False):
if event.type == EventTypes.Create:
return []

auth_ids = []

key = (EventTypes.PowerLevels, "")
power_level_event_id = current_state_ids.get(key)

if power_level_event_id:
auth_ids.append(power_level_event_id)

key = (EventTypes.JoinRules, "")
join_rule_event_id = current_state_ids.get(key)
def compute_auth_events(
self,
event,
current_state_ids: Dict[Tuple[str, str], str],
for_verification: bool = False,
):
"""Given an event and current state return the list of event IDs used
to auth an event.

key = (EventTypes.Member, event.sender)
member_event_id = current_state_ids.get(key)
If `for_verification` is False then only return auth events that
should be added to the event's `auth_events`.

key = (EventTypes.Create, "")
create_event_id = current_state_ids.get(key)
if create_event_id:
auth_ids.append(create_event_id)
Returns:
defer.Deferred(list[str]): List of event IDs.
"""

if join_rule_event_id:
join_rule_event = yield self.store.get_event(join_rule_event_id)
join_rule = join_rule_event.content.get("join_rule")
is_public = join_rule == JoinRules.PUBLIC if join_rule else False
else:
is_public = False
if event.type == EventTypes.Create:
return defer.succeed([])

# Currently we ignore the `for_verification` flag even though there are
# some situations where we can drop particular auth events when adding
# to the event's `auth_events` (e.g. joins pointing to previous joins
# when room is publically joinable). Dropping event IDs has the
# advantage that the auth chain for the room grows slower, but we use
# the auth chain in state resolution v2 to order events, which means
# care must be taken if dropping events to ensure that it doesn't
# introduce undesirable "state reset" behaviour.
#
# All of which sounds a bit tricky so we don't bother for now.

if event.type == EventTypes.Member:
e_type = event.content["membership"]
if e_type in [Membership.JOIN, Membership.INVITE]:
if join_rule_event_id:
auth_ids.append(join_rule_event_id)
auth_ids = []
for etype, state_key in event_auth.auth_types_for_event(event):
auth_ev_id = current_state_ids.get((etype, state_key))
if auth_ev_id:
auth_ids.append(auth_ev_id)

if e_type == Membership.JOIN:
if member_event_id and not is_public:
auth_ids.append(member_event_id)
else:
if member_event_id:
auth_ids.append(member_event_id)

if for_verification:
key = (EventTypes.Member, event.state_key)
existing_event_id = current_state_ids.get(key)
if existing_event_id:
auth_ids.append(existing_event_id)

if e_type == Membership.INVITE:
if "third_party_invite" in event.content:
key = (
EventTypes.ThirdPartyInvite,
event.content["third_party_invite"]["signed"]["token"],
)
third_party_invite_id = current_state_ids.get(key)
if third_party_invite_id:
auth_ids.append(third_party_invite_id)
elif member_event_id:
member_event = yield self.store.get_event(member_event_id)
if member_event.content["membership"] == Membership.JOIN:
auth_ids.append(member_event.event_id)

return auth_ids
return defer.succeed(auth_ids)

@defer.inlineCallbacks
def check_can_change_room_list(self, room_id, user):
Expand Down