tileradotorg/synapse
1
0
Fork 0
forked from MirrorHub/synapse
Code Pull requests Activity

Remove room_version param from check_auth_rules_for_event

Browse source 
Instead, use the `room_version` property of the event we're checking.

The `room_version` was originally added as a parameter somewhere around #4482,
but really it's been redundant since #6875 added a `room_version` field to `EventBase`.
This commit is contained in:
Richard van der Hoff 2022-06-10 10:48:25 +01:00
parent 68be42f6b6
commit 0d9d36b15c
6 changed files with 16 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
synapse/event_auth.py
View file

@ -113,7 +113,6 @@ def validate_event_for_room_version(event: "EventBase") -> None:
def check_auth_rules_for_event( def check_auth_rules_for_event(
room_version_obj: RoomVersion,
event: "EventBase", event: "EventBase",
auth_events: Iterable["EventBase"], auth_events: Iterable["EventBase"],
) -> None: ) -> None:
@ -132,7 +131,6 @@ def check_auth_rules_for_event(
a bunch of other tests. a bunch of other tests.
Args: Args:
room_version_obj: the version of the room
event: the event being checked. event: the event being checked.
auth_events: the room state to check the events against. auth_events: the room state to check the events against.
@ -201,7 +199,10 @@ def check_auth_rules_for_event(
raise AuthError(403, "This room has been marked as unfederatable.") raise AuthError(403, "This room has been marked as unfederatable.")
# 4. If type is m.room.aliases # 4. If type is m.room.aliases
if event.type == EventTypes.Aliases and room_version_obj.special_case_aliases_auth: if (
event.type == EventTypes.Aliases
and event.room_version.special_case_aliases_auth
):
# 4a. If event has no state_key, reject # 4a. If event has no state_key, reject
if not event.is_state(): if not event.is_state():
raise AuthError(403, "Alias event must be a state event") raise AuthError(403, "Alias event must be a state event")
@ -221,7 +222,7 @@ def check_auth_rules_for_event(
# 5. If type is m.room.membership # 5. If type is m.room.membership
if event.type == EventTypes.Member: if event.type == EventTypes.Member:
_is_membership_change_allowed(room_version_obj, event, auth_dict) _is_membership_change_allowed(event.room_version, event, auth_dict)
logger.debug("Allowing! %s", event) logger.debug("Allowing! %s", event)
return return
@ -243,17 +244,17 @@ def check_auth_rules_for_event(
_can_send_event(event, auth_dict) _can_send_event(event, auth_dict)
if event.type == EventTypes.PowerLevels: if event.type == EventTypes.PowerLevels:
_check_power_levels(room_version_obj, event, auth_dict) _check_power_levels(event.room_version, event, auth_dict)
if event.type == EventTypes.Redaction: if event.type == EventTypes.Redaction:
check_redaction(room_version_obj, event, auth_dict) check_redaction(event.room_version, event, auth_dict)
if ( if (
event.type == EventTypes.MSC2716_INSERTION event.type == EventTypes.MSC2716_INSERTION
or event.type == EventTypes.MSC2716_BATCH or event.type == EventTypes.MSC2716_BATCH
or event.type == EventTypes.MSC2716_MARKER or event.type == EventTypes.MSC2716_MARKER
): ):
check_historical(room_version_obj, event, auth_dict) check_historical(event.room_version, event, auth_dict)
logger.debug("Allowing! %s", event) logger.debug("Allowing! %s", event)

2
synapse/handlers/event_auth.py
View file

@ -55,7 +55,7 @@ class EventAuthHandler:
"""Check an event passes the auth rules at its own auth events""" """Check an event passes the auth rules at its own auth events"""
auth_event_ids = event.auth_event_ids() auth_event_ids = event.auth_event_ids()
auth_events_by_id = await self._store.get_events(auth_event_ids) auth_events_by_id = await self._store.get_events(auth_event_ids)
check_auth_rules_for_event(room_version_obj, event, auth_events_by_id.values()) check_auth_rules_for_event(event, auth_events_by_id.values())
def compute_auth_events( def compute_auth_events(
self, self,

16
synapse/handlers/federation_event.py
View file

@ -1428,9 +1428,6 @@ class FederationEventHandler:
allow_rejected=True, allow_rejected=True,
) )
room_version = await self._store.get_room_version_id(room_id)
room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
def prep(event: EventBase) -> Optional[Tuple[EventBase, EventContext]]: def prep(event: EventBase) -> Optional[Tuple[EventBase, EventContext]]:
with nested_logging_context(suffix=event.event_id): with nested_logging_context(suffix=event.event_id):
auth = [] auth = []
@ -1454,7 +1451,7 @@ class FederationEventHandler:
context = EventContext.for_outlier(self._storage_controllers) context = EventContext.for_outlier(self._storage_controllers)
try: try:
validate_event_for_room_version(event) validate_event_for_room_version(event)
check_auth_rules_for_event(room_version_obj, event, auth) check_auth_rules_for_event(event, auth)
except AuthError as e: except AuthError as e:
logger.warning("Rejecting %r because %s", event, e) logger.warning("Rejecting %r because %s", event, e)
context.rejected = RejectedReason.AUTH_ERROR context.rejected = RejectedReason.AUTH_ERROR
@ -1497,9 +1494,6 @@ class FederationEventHandler:
assert not event.internal_metadata.outlier assert not event.internal_metadata.outlier
# first of all, check that the event itself is valid. # first of all, check that the event itself is valid.
room_version = await self._store.get_room_version_id(event.room_id)
room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
try: try:
validate_event_for_room_version(event) validate_event_for_room_version(event)
except AuthError as e: except AuthError as e:
@ -1519,7 +1513,7 @@ class FederationEventHandler:
# ... and check that the event passes auth at those auth events. # ... and check that the event passes auth at those auth events.
try: try:
check_auth_rules_for_event(room_version_obj, event, claimed_auth_events) check_auth_rules_for_event(event, claimed_auth_events)
except AuthError as e: except AuthError as e:
logger.warning( logger.warning(
"While checking auth of %r against auth_events: %s", event, e "While checking auth of %r against auth_events: %s", event, e
@ -1567,9 +1561,7 @@ class FederationEventHandler:
auth_events_for_auth = calculated_auth_event_map auth_events_for_auth = calculated_auth_event_map
try: try:
check_auth_rules_for_event( check_auth_rules_for_event(event, auth_events_for_auth.values())
room_version_obj, event, auth_events_for_auth.values()
)
except AuthError as e: except AuthError as e:
logger.warning("Failed auth resolution for %r because %s", event, e) logger.warning("Failed auth resolution for %r because %s", event, e)
context.rejected = RejectedReason.AUTH_ERROR context.rejected = RejectedReason.AUTH_ERROR
@ -1669,7 +1661,7 @@ class FederationEventHandler:
) )
try: try:
check_auth_rules_for_event(room_version_obj, event, current_auth_events) check_auth_rules_for_event(event, current_auth_events)
except AuthError as e: except AuthError as e:
logger.warning( logger.warning(
"Soft-failing %r (from %s) because %s", "Soft-failing %r (from %s) because %s",

4
synapse/state/v1.py
View file

@ -30,7 +30,7 @@ from typing import (
from synapse import event_auth from synapse import event_auth
from synapse.api.constants import EventTypes from synapse.api.constants import EventTypes
from synapse.api.errors import AuthError from synapse.api.errors import AuthError
from synapse.api.room_versions import RoomVersion, RoomVersions from synapse.api.room_versions import RoomVersion
from synapse.events import EventBase from synapse.events import EventBase
from synapse.types import MutableStateMap, StateMap from synapse.types import MutableStateMap, StateMap
@ -331,7 +331,6 @@ def _resolve_auth_events(
try: try:
# The signatures have already been checked at this point # The signatures have already been checked at this point
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
event, event,
auth_events.values(), auth_events.values(),
) )
@ -349,7 +348,6 @@ def _resolve_normal_events(
try: try:
# The signatures have already been checked at this point # The signatures have already been checked at this point
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
event, event,
auth_events.values(), auth_events.values(),
) )

1
synapse/state/v2.py
View file

@ -547,7 +547,6 @@ async def _iterative_auth_checks(
try: try:
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
room_version,
event, event,
auth_events.values(), auth_events.values(),
) )

43
tests/test_event_auth.py
View file

@ -38,7 +38,6 @@ class EventAuthTestCase(unittest.TestCase):
# creator should be able to send state # creator should be able to send state
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V9,
_random_state_event(RoomVersions.V9, creator), _random_state_event(RoomVersions.V9, creator),
auth_events, auth_events,
) )
@ -55,7 +54,6 @@ class EventAuthTestCase(unittest.TestCase):
self.assertRaises( self.assertRaises(
AuthError, AuthError,
event_auth.check_auth_rules_for_event, event_auth.check_auth_rules_for_event,
RoomVersions.V9,
_random_state_event(RoomVersions.V9, creator), _random_state_event(RoomVersions.V9, creator),
auth_events, auth_events,
) )
@ -66,7 +64,6 @@ class EventAuthTestCase(unittest.TestCase):
self.assertRaises( self.assertRaises(
AuthError, AuthError,
event_auth.check_auth_rules_for_event, event_auth.check_auth_rules_for_event,
RoomVersions.V9,
_random_state_event(RoomVersions.V9, creator), _random_state_event(RoomVersions.V9, creator),
auth_events, auth_events,
) )
@ -86,7 +83,6 @@ class EventAuthTestCase(unittest.TestCase):
# creator should be able to send state # creator should be able to send state
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
_random_state_event(RoomVersions.V1, creator), _random_state_event(RoomVersions.V1, creator),
auth_events, auth_events,
) )
@ -95,7 +91,6 @@ class EventAuthTestCase(unittest.TestCase):
self.assertRaises( self.assertRaises(
AuthError, AuthError,
event_auth.check_auth_rules_for_event, event_auth.check_auth_rules_for_event,
RoomVersions.V1,
_random_state_event(RoomVersions.V1, joiner), _random_state_event(RoomVersions.V1, joiner),
auth_events, auth_events,
) )
@ -125,14 +120,12 @@ class EventAuthTestCase(unittest.TestCase):
self.assertRaises( self.assertRaises(
AuthError, AuthError,
event_auth.check_auth_rules_for_event, event_auth.check_auth_rules_for_event,
RoomVersions.V1,
_random_state_event(RoomVersions.V1, pleb), _random_state_event(RoomVersions.V1, pleb),
auth_events, auth_events,
), ),
# king should be able to send state # king should be able to send state
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
_random_state_event(RoomVersions.V1, king), _random_state_event(RoomVersions.V1, king),
auth_events, auth_events,
) )
@ -148,7 +141,6 @@ class EventAuthTestCase(unittest.TestCase):
# creator should be able to send aliases # creator should be able to send aliases
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
_alias_event(RoomVersions.V1, creator), _alias_event(RoomVersions.V1, creator),
auth_events, auth_events,
) )
@ -156,7 +148,6 @@ class EventAuthTestCase(unittest.TestCase):
# Reject an event with no state key. # Reject an event with no state key.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
_alias_event(RoomVersions.V1, creator, state_key=""), _alias_event(RoomVersions.V1, creator, state_key=""),
auth_events, auth_events,
) )
@ -164,14 +155,12 @@ class EventAuthTestCase(unittest.TestCase):
# If the domain of the sender does not match the state key, reject. # If the domain of the sender does not match the state key, reject.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
_alias_event(RoomVersions.V1, creator, state_key="test.com"), _alias_event(RoomVersions.V1, creator, state_key="test.com"),
auth_events, auth_events,
) )
# Note that the member does *not* need to be in the room. # Note that the member does *not* need to be in the room.
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V1,
_alias_event(RoomVersions.V1, other), _alias_event(RoomVersions.V1, other),
auth_events, auth_events,
) )
@ -187,19 +176,16 @@ class EventAuthTestCase(unittest.TestCase):
# creator should be able to send aliases # creator should be able to send aliases
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_alias_event(RoomVersions.V6, creator), _alias_event(RoomVersions.V6, creator),
auth_events, auth_events,
) )
# No particular checks are done on the state key. # No particular checks are done on the state key.
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_alias_event(RoomVersions.V6, creator, state_key=""), _alias_event(RoomVersions.V6, creator, state_key=""),
auth_events, auth_events,
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_alias_event(RoomVersions.V6, creator, state_key="test.com"), _alias_event(RoomVersions.V6, creator, state_key="test.com"),
auth_events, auth_events,
) )
@ -207,7 +193,6 @@ class EventAuthTestCase(unittest.TestCase):
# Per standard auth rules, the member must be in the room. # Per standard auth rules, the member must be in the room.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_alias_event(RoomVersions.V6, other), _alias_event(RoomVersions.V6, other),
auth_events, auth_events,
) )
@ -235,14 +220,12 @@ class EventAuthTestCase(unittest.TestCase):
# on room V1, pleb should be able to modify the notifications power level. # on room V1, pleb should be able to modify the notifications power level.
if allow_modification: if allow_modification:
event_auth.check_auth_rules_for_event(room_version, pl_event, auth_events) event_auth.check_auth_rules_for_event(pl_event, auth_events)
else: else:
# But an MSC2209 room rejects this change. # But an MSC2209 room rejects this change.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(pl_event, auth_events)
room_version, pl_event, auth_events
)
def test_join_rules_public(self): def test_join_rules_public(self):
""" """
@ -261,7 +244,6 @@ class EventAuthTestCase(unittest.TestCase):
# Check join. # Check join.
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -269,7 +251,6 @@ class EventAuthTestCase(unittest.TestCase):
# A user cannot be force-joined to a room. # A user cannot be force-joined to a room.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_member_event(RoomVersions.V6, pleb, "join", sender=creator), _member_event(RoomVersions.V6, pleb, "join", sender=creator),
auth_events.values(), auth_events.values(),
) )
@ -280,7 +261,6 @@ class EventAuthTestCase(unittest.TestCase):
) )
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -290,7 +270,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V6, pleb, "leave" RoomVersions.V6, pleb, "leave"
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -300,7 +279,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V6, pleb, "join" RoomVersions.V6, pleb, "join"
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -310,7 +288,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V6, pleb, "invite", sender=creator RoomVersions.V6, pleb, "invite", sender=creator
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -333,7 +310,6 @@ class EventAuthTestCase(unittest.TestCase):
# A join without an invite is rejected. # A join without an invite is rejected.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -341,7 +317,6 @@ class EventAuthTestCase(unittest.TestCase):
# A user cannot be force-joined to a room. # A user cannot be force-joined to a room.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_member_event(RoomVersions.V6, pleb, "join", sender=creator), _member_event(RoomVersions.V6, pleb, "join", sender=creator),
auth_events.values(), auth_events.values(),
) )
@ -352,7 +327,6 @@ class EventAuthTestCase(unittest.TestCase):
) )
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -363,7 +337,6 @@ class EventAuthTestCase(unittest.TestCase):
) )
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -373,7 +346,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V6, pleb, "join" RoomVersions.V6, pleb, "join"
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -383,7 +355,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V6, pleb, "invite", sender=creator RoomVersions.V6, pleb, "invite", sender=creator
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -406,7 +377,6 @@ class EventAuthTestCase(unittest.TestCase):
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V6,
_join_event(RoomVersions.V6, pleb), _join_event(RoomVersions.V6, pleb),
auth_events.values(), auth_events.values(),
) )
@ -444,7 +414,6 @@ class EventAuthTestCase(unittest.TestCase):
}, },
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
authorised_join_event, authorised_join_event,
auth_events.values(), auth_events.values(),
) )
@ -461,7 +430,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V8, "@inviter:foo.test" RoomVersions.V8, "@inviter:foo.test"
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
_join_event( _join_event(
RoomVersions.V8, RoomVersions.V8,
pleb, pleb,
@ -475,7 +443,6 @@ class EventAuthTestCase(unittest.TestCase):
# A join which is missing an authorised server is rejected. # A join which is missing an authorised server is rejected.
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
_join_event(RoomVersions.V8, pleb), _join_event(RoomVersions.V8, pleb),
auth_events.values(), auth_events.values(),
) )
@ -489,7 +456,6 @@ class EventAuthTestCase(unittest.TestCase):
) )
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
_join_event( _join_event(
RoomVersions.V8, RoomVersions.V8,
pleb, pleb,
@ -504,7 +470,6 @@ class EventAuthTestCase(unittest.TestCase):
# *would* be valid, but is sent be a different user.) # *would* be valid, but is sent be a different user.)
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
_member_event( _member_event(
RoomVersions.V8, RoomVersions.V8,
pleb, pleb,
@ -523,7 +488,6 @@ class EventAuthTestCase(unittest.TestCase):
) )
with self.assertRaises(AuthError): with self.assertRaises(AuthError):
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
authorised_join_event, authorised_join_event,
auth_events.values(), auth_events.values(),
) )
@ -533,7 +497,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V8, pleb, "leave" RoomVersions.V8, pleb, "leave"
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
authorised_join_event, authorised_join_event,
auth_events.values(), auth_events.values(),
) )
@ -544,7 +507,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V8, pleb, "join" RoomVersions.V8, pleb, "join"
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
_join_event(RoomVersions.V8, pleb), _join_event(RoomVersions.V8, pleb),
auth_events.values(), auth_events.values(),
) )
@ -555,7 +517,6 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V8, pleb, "invite", sender=creator RoomVersions.V8, pleb, "invite", sender=creator
) )
event_auth.check_auth_rules_for_event( event_auth.check_auth_rules_for_event(
RoomVersions.V8,
_join_event(RoomVersions.V8, pleb), _join_event(RoomVersions.V8, pleb),
auth_events.values(), auth_events.values(),
) )