Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge branch 'rav/simplify_event_auth_interface' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
richvdh committed Jun 13, 2022
2 parents cfff055 + a6173a1 commit f68b5e5
Show file tree
Hide file tree
Showing 11 changed files with 239 additions and 228 deletions.
1 change: 1 addition & 0 deletions changelog.d/13017.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Remove redundant `room_version` parameters from event auth functions.
27 changes: 12 additions & 15 deletions synapse/event_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,7 @@
logger = logging.getLogger(__name__)


def validate_event_for_room_version(
room_version_obj: RoomVersion, event: "EventBase"
) -> None:
def validate_event_for_room_version(event: "EventBase") -> None:
"""Ensure that the event complies with the limits, and has the right signatures
NB: does not *validate* the signatures - it assumes that any signatures present
Expand All @@ -60,12 +58,10 @@ def validate_event_for_room_version(
NB: This is used to check events that have been received over federation. As such,
it can only enforce the checks specified in the relevant room version, to avoid
a split-brain situation where some servers accept such events, and others reject
them.
TODO: consider moving this into EventValidator
them. See also EventValidator, which contains extra checks which are applied only to
locally-generated events.
Args:
room_version_obj: the version of the room which contains this event
event: the event to be checked
Raises:
Expand Down Expand Up @@ -103,7 +99,7 @@ def validate_event_for_room_version(
raise AuthError(403, "Event not signed by sending server")

is_invite_via_allow_rule = (
room_version_obj.msc3083_join_rules
event.room_version.msc3083_join_rules
and event.type == EventTypes.Member
and event.membership == Membership.JOIN
and EventContentFields.AUTHORISING_USER in event.content
Expand All @@ -117,7 +113,6 @@ def validate_event_for_room_version(


def check_auth_rules_for_event(
room_version_obj: RoomVersion,
event: "EventBase",
auth_events: Iterable["EventBase"],
) -> None:
Expand All @@ -136,7 +131,6 @@ def check_auth_rules_for_event(
a bunch of other tests.
Args:
room_version_obj: the version of the room
event: the event being checked.
auth_events: the room state to check the events against.
Expand Down Expand Up @@ -205,7 +199,10 @@ def check_auth_rules_for_event(
raise AuthError(403, "This room has been marked as unfederatable.")

# 4. If type is m.room.aliases
if event.type == EventTypes.Aliases and room_version_obj.special_case_aliases_auth:
if (
event.type == EventTypes.Aliases
and event.room_version.special_case_aliases_auth
):
# 4a. If event has no state_key, reject
if not event.is_state():
raise AuthError(403, "Alias event must be a state event")
Expand All @@ -225,7 +222,7 @@ def check_auth_rules_for_event(

# 5. If type is m.room.membership
if event.type == EventTypes.Member:
_is_membership_change_allowed(room_version_obj, event, auth_dict)
_is_membership_change_allowed(event.room_version, event, auth_dict)
logger.debug("Allowing! %s", event)
return

Expand All @@ -247,17 +244,17 @@ def check_auth_rules_for_event(
_can_send_event(event, auth_dict)

if event.type == EventTypes.PowerLevels:
_check_power_levels(room_version_obj, event, auth_dict)
_check_power_levels(event.room_version, event, auth_dict)

if event.type == EventTypes.Redaction:
check_redaction(room_version_obj, event, auth_dict)
check_redaction(event.room_version, event, auth_dict)

if (
event.type == EventTypes.MSC2716_INSERTION
or event.type == EventTypes.MSC2716_BATCH
or event.type == EventTypes.MSC2716_MARKER
):
check_historical(room_version_obj, event, auth_dict)
check_historical(event.room_version, event, auth_dict)

logger.debug("Allowing! %s", event)

Expand Down
4 changes: 4 additions & 0 deletions synapse/events/validator.py
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,10 @@ class EventValidator:
def validate_new(self, event: EventBase, config: HomeServerConfig) -> None:
"""Validates the event has roughly the right format
Suitable for checking a locally-created event. It has stricter checks than
is appropriate for an event received over federation (for which, see
event_auth.validate_event_for_room_version)
Args:
event: The event to validate.
config: The homeserver's configuration.
Expand Down
3 changes: 1 addition & 2 deletions synapse/handlers/event_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,14 +48,13 @@ def __init__(self, hs: "HomeServer"):

async def check_auth_rules_from_context(
self,
room_version_obj: RoomVersion,
event: EventBase,
context: EventContext,
) -> None:
"""Check an event passes the auth rules at its own auth events"""
auth_event_ids = event.auth_event_ids()
auth_events_by_id = await self._store.get_events(auth_event_ids)
check_auth_rules_for_event(room_version_obj, event, auth_events_by_id.values())
check_auth_rules_for_event(event, auth_events_by_id.values())

def compute_auth_events(
self,
Expand Down
22 changes: 7 additions & 15 deletions synapse/handlers/federation.py
Original file line number Diff line number Diff line change
Expand Up @@ -800,9 +800,7 @@ async def on_make_join_request(

# The remote hasn't signed it yet, obviously. We'll do the full checks
# when we get the event back in `on_send_join_request`
await self._event_auth_handler.check_auth_rules_from_context(
room_version, event, context
)
await self._event_auth_handler.check_auth_rules_from_context(event, context)
return event

async def on_invite_request(
Expand Down Expand Up @@ -973,9 +971,7 @@ async def on_make_leave_request(
try:
# The remote hasn't signed it yet, obviously. We'll do the full checks
# when we get the event back in `on_send_leave_request`
await self._event_auth_handler.check_auth_rules_from_context(
room_version_obj, event, context
)
await self._event_auth_handler.check_auth_rules_from_context(event, context)
except AuthError as e:
logger.warning("Failed to create new leave %r because %s", event, e)
raise e
Expand Down Expand Up @@ -1034,9 +1030,7 @@ async def on_make_knock_request(
try:
# The remote hasn't signed it yet, obviously. We'll do the full checks
# when we get the event back in `on_send_knock_request`
await self._event_auth_handler.check_auth_rules_from_context(
room_version_obj, event, context
)
await self._event_auth_handler.check_auth_rules_from_context(event, context)
except AuthError as e:
logger.warning("Failed to create new knock %r because %s", event, e)
raise e
Expand Down Expand Up @@ -1207,9 +1201,9 @@ async def exchange_third_party_invite(
event.internal_metadata.send_on_behalf_of = self.hs.hostname

try:
validate_event_for_room_version(room_version_obj, event)
validate_event_for_room_version(event)
await self._event_auth_handler.check_auth_rules_from_context(
room_version_obj, event, context
event, context
)
except AuthError as e:
logger.warning("Denying new third party invite %r because %s", event, e)
Expand Down Expand Up @@ -1259,10 +1253,8 @@ async def on_exchange_third_party_invite_request(
)

try:
validate_event_for_room_version(room_version_obj, event)
await self._event_auth_handler.check_auth_rules_from_context(
room_version_obj, event, context
)
validate_event_for_room_version(event)
await self._event_auth_handler.check_auth_rules_from_context(event, context)
except AuthError as e:
logger.warning("Denying third party invite %r because %s", event, e)
raise e
Expand Down
20 changes: 6 additions & 14 deletions synapse/handlers/federation_event.py
Original file line number Diff line number Diff line change
Expand Up @@ -1430,9 +1430,6 @@ async def _auth_and_persist_outliers_inner(
allow_rejected=True,
)

room_version = await self._store.get_room_version_id(room_id)
room_version_obj = KNOWN_ROOM_VERSIONS[room_version]

def prep(event: EventBase) -> Optional[Tuple[EventBase, EventContext]]:
with nested_logging_context(suffix=event.event_id):
auth = []
Expand All @@ -1455,8 +1452,8 @@ def prep(event: EventBase) -> Optional[Tuple[EventBase, EventContext]]:

context = EventContext.for_outlier(self._storage_controllers)
try:
validate_event_for_room_version(room_version_obj, event)
check_auth_rules_for_event(room_version_obj, event, auth)
validate_event_for_room_version(event)
check_auth_rules_for_event(event, auth)
except AuthError as e:
logger.warning("Rejecting %r because %s", event, e)
context.rejected = RejectedReason.AUTH_ERROR
Expand Down Expand Up @@ -1499,11 +1496,8 @@ async def _check_event_auth(
assert not event.internal_metadata.outlier

# first of all, check that the event itself is valid.
room_version = await self._store.get_room_version_id(event.room_id)
room_version_obj = KNOWN_ROOM_VERSIONS[room_version]

try:
validate_event_for_room_version(room_version_obj, event)
validate_event_for_room_version(event)
except AuthError as e:
logger.warning("While validating received event %r: %s", event, e)
# TODO: use a different rejected reason here?
Expand All @@ -1521,7 +1515,7 @@ async def _check_event_auth(

# ... and check that the event passes auth at those auth events.
try:
check_auth_rules_for_event(room_version_obj, event, claimed_auth_events)
check_auth_rules_for_event(event, claimed_auth_events)
except AuthError as e:
logger.warning(
"While checking auth of %r against auth_events: %s", event, e
Expand Down Expand Up @@ -1569,9 +1563,7 @@ async def _check_event_auth(
auth_events_for_auth = calculated_auth_event_map

try:
check_auth_rules_for_event(
room_version_obj, event, auth_events_for_auth.values()
)
check_auth_rules_for_event(event, auth_events_for_auth.values())
except AuthError as e:
logger.warning("Failed auth resolution for %r because %s", event, e)
context.rejected = RejectedReason.AUTH_ERROR
Expand Down Expand Up @@ -1671,7 +1663,7 @@ async def _check_for_soft_fail(
)

try:
check_auth_rules_for_event(room_version_obj, event, current_auth_events)
check_auth_rules_for_event(event, current_auth_events)
except AuthError as e:
logger.warning(
"Soft-failing %r (from %s) because %s",
Expand Down
23 changes: 3 additions & 20 deletions synapse/handlers/message.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
SynapseError,
UnsupportedRoomVersionError,
)
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS, RoomVersions
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
from synapse.api.urls import ConsentURIBuilder
from synapse.event_auth import validate_event_for_room_version
from synapse.events import EventBase, relation_from_event
Expand Down Expand Up @@ -1274,33 +1274,16 @@ async def handle_new_client_event(
)
return prev_event

if event.is_state() and (event.type, event.state_key) == (
EventTypes.Create,
"",
):
room_version_id = event.content.get(
"room_version", RoomVersions.V1.identifier
)
maybe_room_version_obj = KNOWN_ROOM_VERSIONS.get(room_version_id)
if not maybe_room_version_obj:
raise UnsupportedRoomVersionError(
"Attempt to create a room with unsupported room version %s"
% (room_version_id,)
)
room_version_obj = maybe_room_version_obj
else:
room_version_obj = await self.store.get_room_version(event.room_id)

if event.internal_metadata.is_out_of_band_membership():
# the only sort of out-of-band-membership events we expect to see here are
# invite rejections and rescinded knocks that we have generated ourselves.
assert event.type == EventTypes.Member
assert event.content["membership"] == Membership.LEAVE
else:
try:
validate_event_for_room_version(room_version_obj, event)
validate_event_for_room_version(event)
await self._event_auth_handler.check_auth_rules_from_context(
room_version_obj, event, context
event, context
)
except AuthError as err:
logger.warning("Denying new event %r because %s", event, err)
Expand Down
5 changes: 2 additions & 3 deletions synapse/handlers/room.py
Original file line number Diff line number Diff line change
Expand Up @@ -226,10 +226,9 @@ async def upgrade_room(
},
},
)
old_room_version = await self.store.get_room_version(old_room_id)
validate_event_for_room_version(old_room_version, tombstone_event)
validate_event_for_room_version(tombstone_event)
await self._event_auth_handler.check_auth_rules_from_context(
old_room_version, tombstone_event, tombstone_context
tombstone_event, tombstone_context
)

# Upgrade the room
Expand Down
4 changes: 1 addition & 3 deletions synapse/state/v1.py
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
from synapse import event_auth
from synapse.api.constants import EventTypes
from synapse.api.errors import AuthError
from synapse.api.room_versions import RoomVersion, RoomVersions
from synapse.api.room_versions import RoomVersion
from synapse.events import EventBase
from synapse.types import MutableStateMap, StateMap

Expand Down Expand Up @@ -331,7 +331,6 @@ def _resolve_auth_events(
try:
# The signatures have already been checked at this point
event_auth.check_auth_rules_for_event(
RoomVersions.V1,
event,
auth_events.values(),
)
Expand All @@ -349,7 +348,6 @@ def _resolve_normal_events(
try:
# The signatures have already been checked at this point
event_auth.check_auth_rules_for_event(
RoomVersions.V1,
event,
auth_events.values(),
)
Expand Down
1 change: 0 additions & 1 deletion synapse/state/v2.py
Original file line number Diff line number Diff line change
Expand Up @@ -574,7 +574,6 @@ async def _iterative_auth_checks(

try:
event_auth.check_auth_rules_for_event(
room_version,
event,
auth_events.values(),
)
Expand Down
Loading

0 comments on commit f68b5e5

Please sign in to comment.