Room Shutdown API has no validation/error handling

[f0x52]

Description

after calling _matrix/client/r0/admin/shutdown_room on a room, I get invited to the replacement room, but I still continue to receive new events in the old room.

Steps to reproduce

• join a room
• run the _matrix/client/r0/admin/shutdown_room endpoint on it
• continue to receive new events

I don't see any errors in the log, and from my understanding this endpoint should totally remove this room from my server, for the future as well.

Version information

• Homeserver: pixie.town

If not matrix.org:

• Version: Synapse 1.0.0

• Install method: pip in virtualenv

• Platform: Debian Unstable on bare metal

[richvdh]

shutdown_room is undocumented, but afaict it only removes local users from the room. It doesn't remove the room in its entirety from the server.

That said, you should be removed from the room, and the server should reject new events for the room (because all local users have left). Can you share logs that show the shutdown_room running and the new messages arriving?

[f0x52]

As this issue is appearing again, with a new version of the same alt-right room sending spam invites and harassment, here are my steps:

• receive invite
• join room
• call shutdown_room endpoint with curl:

curl 'https://pixie.town/_matrix/client/r0/admin/shutdown_room/\!HkIVpVBRHoIryLnGUn:chat.thisisjoes.site' \
-H "Authorization: Bearer $ADMIN_TOKEN" -XPOST \
-d'{"new_room_user_id": "@f0x:pixie.town", "message": "testing shutdown_room", "room_name": "Replacement Room after supposed shutdown"}'

After that I do get joined to the replacement room, but my account will also still be in the supposedly shutdown room, receiving new events and continued harassment. After leaving they can also still send invites

log entries:

2019-08-10 20:02:12,174 - synapse.access.http.8008 - 233 - INFO - POST-322750 - 213.10.105.53 - 8008 - Received request: POST /_matrix/client/r0/admin/shutdown_room/\!HkIVpVBRHoIryLnGUn:chat.thisisjoes.site
2019-08-10 20:02:12,262 - synapse.handlers.room - 700 - INFO - POST-322750 - Sending m.room.create in new room
2019-08-10 20:02:12,322 - synapse.storage.events - 475 - INFO - persist_events-15919 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
2019-08-10 20:02:12,472 - synapse.handlers.room - 714 - INFO - POST-322750 - Sending m.room.member in new room
2019-08-10 20:02:12,480 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88981 - Handling 1 state deltas
2019-08-10 20:02:12,481 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87811 - Handling 1 state deltas
2019-08-10 20:02:12,557 - synapse.storage.events - 475 - INFO - persist_events-15920 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
2019-08-10 20:02:12,732 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87812 - Handling 1 state deltas
2019-08-10 20:02:12,735 - synapse.handlers.sync - 925 - INFO - GET-322748 - Calculating sync response for @f0x:pixie.town between StreamToken(room_key='s1043242', presence_key='6535874', typing_key='6523', receipt_key='592263', account_data_key='83423', push_rules_key='60', to_device_key='370', device_list_key='76388', groups_key='22') and StreamToken(room_key='s1043244', presence_key=6535874, typing_key=6523, receipt_key=592263, account_data_key=83423, push_rules_key=60, to_device_key=370, device_list_key=76388, groups_key=22)
2019-08-10 20:02:12,736 - synapse.handlers.room - 700 - INFO - POST-322750 - Sending m.room.power_levels in new room
2019-08-10 20:02:12,739 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88982 - Handling 1 state deltas
2019-08-10 20:02:12,765 - synapse.handlers.sync - 1467 - INFO - GET-322748 - Membership changes in !RmOEuSphBBBbywJSeb:pixie.town: [$fndld36eMDhmigA_5aBLrpCr0bC_BA-ih6xUftv4h6Q (join)]
2019-08-10 20:02:12,785 - synapse.metrics - 451 - INFO -  - Collecting gc 1
2019-08-10 20:02:12,809 - synapse.storage.events - 475 - INFO - persist_events-15921 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
2019-08-10 20:02:12,825 - synapse.access.http.8008 - 302 - INFO - GET-322748 - 213.10.105.53 - 8008 - {@f0x:pixie.town} Processed request: 0.935sec/0.001sec (0.027sec, 0.006sec) (0.018sec/0.042sec/10) 1564B 200 "GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s1043242_6535874_6523_592263_83423_60_370_76388_22 HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" [0 dbevts]
2019-08-10 20:02:12,907 - synapse.handlers.room - 700 - INFO - POST-322750 - Sending m.room.join_rules in new room
2019-08-10 20:02:12,919 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88983 - Handling 1 state deltas
2019-08-10 20:02:12,922 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87813 - Handling 1 state deltas
2019-08-10 20:02:12,977 - synapse.storage.events - 475 - INFO - persist_events-15922 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
[/sync requests]
2019-08-10 20:02:13,646 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88985 - Handling 1 state deltas
2019-08-10 20:02:13,657 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87815 - Handling 1 state deltas
2019-08-10 20:02:13,674 - synapse.access.http.8008 - 302 - INFO - GET-322756 - 213.10.105.53 - 8008 - {@f0x:pixie.town} Processed request: 0.140sec/0.001sec (0.023sec, 0.000sec) (0.003sec/0.006sec/1) 886B 200 "GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s1043246_6535874_6523_592263_83423_60_370_76388_22 HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" [0 dbevts]
--
2019-08-10 20:02:14,650 - synapse.access.http.8008 - 302 - INFO - POST-322750 - 213.10.105.53 - 8008 - {@f0x:pixie.town} Processed request: 2.475sec/0.001sec (0.052sec, 0.015sec) (0.055sec/0.398sec/43) 137B 200 "POST /_matrix/client/r0/admin/shutdown_room/\!HkIVpVBRHoIryLnGUn:chat.thisisjoes.site HTTP/1.0" "curl/7.64.0" [6 dbevts]

[f0x52]

It seems the issue is with my escaping of the room id, after which Synapse will happily "block" a nonexisting room and still return a

{
    "failed_to_kick_users": [],
    "kicked_users": [],
    "local_aliases": [],
    "new_room_id": "<id>"
}

[aaronraimist]

Fixed by #8830