tileradotorg/synapse
1
0
Fork 0
forked from MirrorHub/synapse
Code Pull requests Activity

Return stripped m.space.child events via the space summary. (#10760)

Browse source 
The full event content cannot be trusted from this API (as no auth
chain, etc.) is processed over federation. Returning the full event
content was a bug as MSC2946 specifies that only the stripped
state should be returned.

This also avoids calculating aggregations / annotations which go
unused.
This commit is contained in:
Patrick Cloke 2021-09-07 08:43:54 -04:00 committed by GitHub
parent f30c9745ab
commit a23f3abb9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.d/10760.bugfix Normal file
View file

@ -0,0 +1 @@
Only return the stripped state events for the `m.space.child` events in a room for the spaces summary from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946).

26
synapse/handlers/room_summary.py
View file

@ -37,7 +37,6 @@ from synapse.api.errors import (
UnsupportedRoomVersionError, UnsupportedRoomVersionError,
) )
from synapse.events import EventBase from synapse.events import EventBase
from synapse.events.utils import format_event_for_client_v2
from synapse.types import JsonDict from synapse.types import JsonDict
from synapse.util.caches.response_cache import ResponseCache from synapse.util.caches.response_cache import ResponseCache
@ -89,7 +88,6 @@ class RoomSummaryHandler:
_PAGINATION_SESSION_VALIDITY_PERIOD_MS = 5 * 60 * 1000 _PAGINATION_SESSION_VALIDITY_PERIOD_MS = 5 * 60 * 1000
def __init__(self, hs: "HomeServer"): def __init__(self, hs: "HomeServer"):
self._clock = hs.get_clock()
self._event_auth_handler = hs.get_event_auth_handler() self._event_auth_handler = hs.get_event_auth_handler()
self._store = hs.get_datastore() self._store = hs.get_datastore()
self._event_serializer = hs.get_event_client_serializer() self._event_serializer = hs.get_event_client_serializer()
@ -648,18 +646,18 @@ class RoomSummaryHandler:
if max_children is None or max_children > MAX_ROOMS_PER_SPACE: if max_children is None or max_children > MAX_ROOMS_PER_SPACE:
max_children = MAX_ROOMS_PER_SPACE max_children = MAX_ROOMS_PER_SPACE
now = self._clock.time_msec() stripped_events: List[JsonDict] = [
events_result: List[JsonDict] = [] {
for edge_event in itertools.islice(child_events, max_children): "type": e.type,
events_result.append( "state_key": e.state_key,
await self._event_serializer.serialize_event( "content": e.content,
edge_event, "room_id": e.room_id,
time_now=now, "sender": e.sender,
event_format=format_event_for_client_v2, "origin_server_ts": e.origin_server_ts,
) }
) for e in itertools.islice(child_events, max_children)
]
return _RoomEntry(room_id, room_entry, events_result) return _RoomEntry(room_id, room_entry, stripped_events)
async def _summarize_remote_room( async def _summarize_remote_room(
self, self,