gitlord
/
synapse
mirror of https://github.com/matrix-org/synapse.git
1
0
Fork 0
Code Issues 0 Releases 671 Wiki Activity
Browse Source

Remove special auth and redaction rules for aliases events in experimental room ver. (#7037)

tags/v1.12.0rc1
Patrick Cloke 4 years ago
committed by GitHub
parent
66315d862f
commit
06eb5cae08
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 148 additions and 22 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      changelog.d/7037.feature
  2. +5
    -4
      synapse/api/room_versions.py
  3. +1
    -1
      synapse/crypto/event_signing.py
  4. +3
    -5
      synapse/event_auth.py
  5. +5
    -7
      synapse/events/utils.py
  6. +8
    -2
      synapse/storage/data_stores/main/events.py
  7. +33
    -2
      tests/events/test_utils.py
  8. +92
    -1
      tests/test_event_auth.py

+ 1
- 0
changelog.d/7037.feature View File

@@ -0,0 +1 @@
Implement updated authorization rules and redaction rules for aliases events, from [MSC2261](https://github.com/matrix-org/matrix-doc/pull/2261) and [MSC2432](https://github.com/matrix-org/matrix-doc/pull/2432).

+ 5
- 4
synapse/api/room_versions.py View File

@@ -57,7 +57,7 @@ class RoomVersion(object):
state_res = attr.ib() # int; one of the StateResolutionVersions
enforce_key_validity = attr.ib() # bool

# bool: before MSC2260, anyone was allowed to send an aliases event
# bool: before MSC2261/MSC2432, m.room.aliases had special auth rules and redaction rules
special_case_aliases_auth = attr.ib(type=bool, default=False)


@@ -102,12 +102,13 @@ class RoomVersions(object):
enforce_key_validity=True,
special_case_aliases_auth=True,
)
MSC2260_DEV = RoomVersion(
"org.matrix.msc2260",
MSC2432_DEV = RoomVersion(
"org.matrix.msc2432",
RoomDisposition.UNSTABLE,
EventFormatVersions.V3,
StateResolutionVersions.V2,
enforce_key_validity=True,
special_case_aliases_auth=False,
)


@@ -119,6 +120,6 @@ KNOWN_ROOM_VERSIONS = {
RoomVersions.V3,
RoomVersions.V4,
RoomVersions.V5,
RoomVersions.MSC2260_DEV,
RoomVersions.MSC2432_DEV,
)
} # type: Dict[str, RoomVersion]

+ 1
- 1
synapse/crypto/event_signing.py View File

@@ -140,7 +140,7 @@ def compute_event_signature(
Returns:
a dictionary in the same format of an event's signatures field.
"""
redact_json = prune_event_dict(event_dict)
redact_json = prune_event_dict(room_version, event_dict)
redact_json.pop("age_ts", None)
redact_json.pop("unsigned", None)
if logger.isEnabledFor(logging.DEBUG):


+ 3
- 5
synapse/event_auth.py View File

@@ -137,7 +137,7 @@ def check(
raise AuthError(403, "This room has been marked as unfederatable.")

# 4. If type is m.room.aliases
if event.type == EventTypes.Aliases:
if event.type == EventTypes.Aliases and room_version_obj.special_case_aliases_auth:
# 4a. If event has no state_key, reject
if not event.is_state():
raise AuthError(403, "Alias event must be a state event")
@@ -152,10 +152,8 @@ def check(
)

# 4c. Otherwise, allow.
# This is removed by https://github.com/matrix-org/matrix-doc/pull/2260
if room_version_obj.special_case_aliases_auth:
logger.debug("Allowing! %s", event)
return
logger.debug("Allowing! %s", event)
return

if logger.isEnabledFor(logging.DEBUG):
logger.debug("Auth events: %s", [a.event_id for a in auth_events.values()])


+ 5
- 7
synapse/events/utils.py View File

@@ -23,6 +23,7 @@ from frozendict import frozendict
from twisted.internet import defer

from synapse.api.constants import EventTypes, RelationTypes
from synapse.api.room_versions import RoomVersion
from synapse.util.async_helpers import yieldable_gather_results

from . import EventBase
@@ -43,7 +44,7 @@ def prune_event(event: EventBase) -> EventBase:
the user has specified, but we do want to keep necessary information like
type, state_key etc.
"""
pruned_event_dict = prune_event_dict(event.get_dict())
pruned_event_dict = prune_event_dict(event.room_version, event.get_dict())

from . import make_event_from_dict

@@ -57,15 +58,12 @@ def prune_event(event: EventBase) -> EventBase:
return pruned_event


def prune_event_dict(event_dict):
def prune_event_dict(room_version: RoomVersion, event_dict: dict) -> dict:
"""Redacts the event_dict in the same way as `prune_event`, except it
operates on dicts rather than event objects

Args:
event_dict (dict)

Returns:
dict: A copy of the pruned event dict
A copy of the pruned event dict
"""

allowed_keys = [
@@ -112,7 +110,7 @@ def prune_event_dict(event_dict):
"kick",
"redact",
)
elif event_type == EventTypes.Aliases:
elif event_type == EventTypes.Aliases and room_version.special_case_aliases_auth:
add_fields("aliases")
elif event_type == EventTypes.RoomHistoryVisibility:
add_fields("history_visibility")


+ 8
- 2
synapse/storage/data_stores/main/events.py View File

@@ -1168,7 +1168,11 @@ class EventsStore(
and original_event.internal_metadata.is_redacted()
):
# Redaction was allowed
pruned_json = encode_json(prune_event_dict(original_event.get_dict()))
pruned_json = encode_json(
prune_event_dict(
original_event.room_version, original_event.get_dict()
)
)
else:
# Redaction wasn't allowed
pruned_json = None
@@ -1929,7 +1933,9 @@ class EventsStore(
return

# Prune the event's dict then convert it to JSON.
pruned_json = encode_json(prune_event_dict(event.get_dict()))
pruned_json = encode_json(
prune_event_dict(event.room_version, event.get_dict())
)

# Update the event_json table to replace the event's JSON with the pruned
# JSON.


+ 33
- 2
tests/events/test_utils.py View File

@@ -13,6 +13,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

from synapse.api.room_versions import RoomVersions
from synapse.events import make_event_from_dict
from synapse.events.utils import (
copy_power_levels_contents,
@@ -36,9 +37,9 @@ class PruneEventTestCase(unittest.TestCase):
""" Asserts that a new event constructed with `evdict` will look like
`matchdict` when it is redacted. """

def run_test(self, evdict, matchdict):
def run_test(self, evdict, matchdict, **kwargs):
self.assertEquals(
prune_event(make_event_from_dict(evdict)).get_dict(), matchdict
prune_event(make_event_from_dict(evdict, **kwargs)).get_dict(), matchdict
)

def test_minimal(self):
@@ -128,6 +129,36 @@ class PruneEventTestCase(unittest.TestCase):
},
)

def test_alias_event(self):
"""Alias events have special behavior up through room version 6."""
self.run_test(
{
"type": "m.room.aliases",
"event_id": "$test:domain",
"content": {"aliases": ["test"]},
},
{
"type": "m.room.aliases",
"event_id": "$test:domain",
"content": {"aliases": ["test"]},
"signatures": {},
"unsigned": {},
},
)

def test_msc2432_alias_event(self):
"""After MSC2432, alias events have no special behavior."""
self.run_test(
{"type": "m.room.aliases", "content": {"aliases": ["test"]}},
{
"type": "m.room.aliases",
"content": {},
"signatures": {},
"unsigned": {},
},
room_version=RoomVersions.MSC2432_DEV,
)


class SerializeEventTestCase(unittest.TestCase):
def serialize(self, ev, fields):


+ 92
- 1
tests/test_event_auth.py View File

@@ -19,6 +19,7 @@ from synapse import event_auth
from synapse.api.errors import AuthError
from synapse.api.room_versions import RoomVersions
from synapse.events import make_event_from_dict
from synapse.types import get_domain_from_id


class EventAuthTestCase(unittest.TestCase):
@@ -51,7 +52,7 @@ class EventAuthTestCase(unittest.TestCase):
_random_state_event(joiner),
auth_events,
do_sig_check=False,
),
)

def test_state_default_level(self):
"""
@@ -87,6 +88,83 @@ class EventAuthTestCase(unittest.TestCase):
RoomVersions.V1, _random_state_event(king), auth_events, do_sig_check=False,
)

def test_alias_event(self):
"""Alias events have special behavior up through room version 6."""
creator = "@creator:example.com"
other = "@other:example.com"
auth_events = {
("m.room.create", ""): _create_event(creator),
("m.room.member", creator): _join_event(creator),
}

# creator should be able to send aliases
event_auth.check(
RoomVersions.V1, _alias_event(creator), auth_events, do_sig_check=False,
)

# Reject an event with no state key.
with self.assertRaises(AuthError):
event_auth.check(
RoomVersions.V1,
_alias_event(creator, state_key=""),
auth_events,
do_sig_check=False,
)

# If the domain of the sender does not match the state key, reject.
with self.assertRaises(AuthError):
event_auth.check(
RoomVersions.V1,
_alias_event(creator, state_key="test.com"),
auth_events,
do_sig_check=False,
)

# Note that the member does *not* need to be in the room.
event_auth.check(
RoomVersions.V1, _alias_event(other), auth_events, do_sig_check=False,
)

def test_msc2432_alias_event(self):
"""After MSC2432, alias events have no special behavior."""
creator = "@creator:example.com"
other = "@other:example.com"
auth_events = {
("m.room.create", ""): _create_event(creator),
("m.room.member", creator): _join_event(creator),
}

# creator should be able to send aliases
event_auth.check(
RoomVersions.MSC2432_DEV,
_alias_event(creator),
auth_events,
do_sig_check=False,
)

# No particular checks are done on the state key.
event_auth.check(
RoomVersions.MSC2432_DEV,
_alias_event(creator, state_key=""),
auth_events,
do_sig_check=False,
)
event_auth.check(
RoomVersions.MSC2432_DEV,
_alias_event(creator, state_key="test.com"),
auth_events,
do_sig_check=False,
)

# Per standard auth rules, the member must be in the room.
with self.assertRaises(AuthError):
event_auth.check(
RoomVersions.MSC2432_DEV,
_alias_event(other),
auth_events,
do_sig_check=False,
)


# helpers for making events

@@ -131,6 +209,19 @@ def _power_levels_event(sender, content):
)


def _alias_event(sender, **kwargs):
data = {
"room_id": TEST_ROOM_ID,
"event_id": _get_event_id(),
"type": "m.room.aliases",
"sender": sender,
"state_key": get_domain_from_id(sender),
"content": {"aliases": []},
}
data.update(**kwargs)
return make_event_from_dict(data)


def _random_state_event(sender):
return make_event_from_dict(
{


Write Preview
Loading…
Cancel
Save