Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Fix messages from multiple senders in historical chunk
Browse files Browse the repository at this point in the history
Follow-up to #9247

Part of MSC2716: matrix-org/matrix-spec-proposals#2716

---

Previously, Synapse would throw a 403,
`Cannot force another user to join.`,
because we were trying to use `?user_id` from a single virtual user
which did not match with messages from other users in the chunk.
  • Loading branch information
MadLittleMods committed Jul 7, 2021
1 parent 38bcf13 commit e405a23
Show file tree
Hide file tree
Showing 2 changed files with 31 additions and 6 deletions.
10 changes: 10 additions & 0 deletions synapse/event_auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -342,7 +342,17 @@ def _is_membership_change_allowed(
# * They are accepting a previously sent invitation.
# * They are already joined (it's a NOOP).
# * The room is public or restricted.
logger.info(
"check join aewffaewafewf %s %s",
event.user_id,
target_user_id,
)
if event.user_id != target_user_id:
logger.error(
"Cannot force another user to join aewffaewafewf %s %s",
event.user_id,
target_user_id,
)
raise AuthError(403, "Cannot force another user to join.")
elif target_banned:
raise AuthError(403, "You are banned from this room")
Expand Down
27 changes: 21 additions & 6 deletions synapse/rest/client/v1/room.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
# limitations under the License.

""" This module contains REST servlets to do with rooms: /rooms/<paths> """
import copy
import logging
import re
from typing import TYPE_CHECKING, Dict, List, Optional, Tuple
Expand Down Expand Up @@ -47,6 +48,7 @@
from synapse.streams.config import PaginationConfig
from synapse.types import (
JsonDict,
Requester,
RoomAlias,
RoomID,
StreamToken,
Expand Down Expand Up @@ -309,7 +311,14 @@ def __init__(self, hs):
self.room_member_handler = hs.get_room_member_handler()
self.auth = hs.get_auth()

async def inherit_depth_from_prev_ids(self, prev_event_ids) -> int:
def _copy_requester_and_override_user_id(self, requester, new_user_id):
serialized_requester = requester.serialize()
serialized_requester["user_id"] = new_user_id
new_requester = Requester.deserialize(self.store, serialized_requester)

return new_requester

async def _inherit_depth_from_prev_ids(self, prev_event_ids) -> int:
(
most_recent_prev_event_id,
most_recent_prev_event_depth,
Expand Down Expand Up @@ -438,7 +447,9 @@ async def on_POST(self, request, room_id):
if event_dict["type"] == EventTypes.Member:
membership = event_dict["content"].get("membership", None)
event_id, _ = await self.room_member_handler.update_membership(
requester,
self._copy_requester_and_override_user_id(
requester, state_event["sender"]
),
target=UserID.from_string(event_dict["state_key"]),
room_id=room_id,
action=membership,
Expand All @@ -458,7 +469,9 @@ async def on_POST(self, request, room_id):
event,
_,
) = await self.event_creation_handler.create_and_send_nonmember_event(
requester,
self._copy_requester_and_override_user_id(
requester, state_event["sender"]
),
event_dict,
outlier=True,
prev_event_ids=[fake_prev_event_id],
Expand Down Expand Up @@ -510,7 +523,9 @@ async def on_POST(self, request, room_id):
# Prepend the insertion event to the start of the chunk
events_to_create = [insertion_event] + events_to_create

inherited_depth = await self.inherit_depth_from_prev_ids(prev_events_from_query)
inherited_depth = await self._inherit_depth_from_prev_ids(
prev_events_from_query
)

event_ids = []
prev_event_ids = prev_events_from_query
Expand All @@ -532,7 +547,7 @@ async def on_POST(self, request, room_id):
}

event, context = await self.event_creation_handler.create_event(
requester,
self._copy_requester_and_override_user_id(requester, ev["sender"]),
event_dict,
prev_event_ids=event_dict.get("prev_events"),
auth_event_ids=auth_event_ids,
Expand Down Expand Up @@ -562,7 +577,7 @@ async def on_POST(self, request, room_id):
# where topological_ordering is just depth.
for (event, context) in reversed(events_to_persist):
ev = await self.event_creation_handler.handle_new_client_event(
requester=requester,
self._copy_requester_and_override_user_id(requester, event["sender"]),
event=event,
context=context,
)
Expand Down

0 comments on commit e405a23

Please sign in to comment.