Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Room Shutdown API has no validation/error handling #5575

Closed
f0x52 opened this issue Jun 27, 2019 · 4 comments
Closed

Room Shutdown API has no validation/error handling #5575

f0x52 opened this issue Jun 27, 2019 · 4 comments

Comments

@f0x52
Copy link

f0x52 commented Jun 27, 2019

Description

after calling _matrix/client/r0/admin/shutdown_room on a room, I get invited to the replacement room, but I still continue to receive new events in the old room.

Steps to reproduce

  • join a room
  • run the _matrix/client/r0/admin/shutdown_room endpoint on it
  • continue to receive new events

I don't see any errors in the log, and from my understanding this endpoint should totally remove this room from my server, for the future as well.

Version information

  • Homeserver: pixie.town

If not matrix.org:

  • Version: Synapse 1.0.0

  • Install method: pip in virtualenv

  • Platform: Debian Unstable on bare metal
@richvdh
Copy link
Member

richvdh commented Jun 28, 2019

shutdown_room is undocumented, but afaict it only removes local users from the room. It doesn't remove the room in its entirety from the server.

That said, you should be removed from the room, and the server should reject new events for the room (because all local users have left). Can you share logs that show the shutdown_room running and the new messages arriving?

@f0x52
Copy link
Author

f0x52 commented Aug 10, 2019

As this issue is appearing again, with a new version of the same alt-right room sending spam invites and harassment, here are my steps:

  • receive invite
  • join room
  • call shutdown_room endpoint with curl:
curl 'https://pixie.town/_matrix/client/r0/admin/shutdown_room/\!HkIVpVBRHoIryLnGUn:chat.thisisjoes.site' \
-H "Authorization: Bearer $ADMIN_TOKEN" -XPOST \
-d'{"new_room_user_id": "@f0x:pixie.town", "message": "testing shutdown_room", "room_name": "Replacement Room after supposed shutdown"}'

After that I do get joined to the replacement room, but my account will also still be in the supposedly shutdown room, receiving new events and continued harassment. After leaving they can also still send invites

log entries:

2019-08-10 20:02:12,174 - synapse.access.http.8008 - 233 - INFO - POST-322750 - 213.10.105.53 - 8008 - Received request: POST /_matrix/client/r0/admin/shutdown_room/\!HkIVpVBRHoIryLnGUn:chat.thisisjoes.site
2019-08-10 20:02:12,262 - synapse.handlers.room - 700 - INFO - POST-322750 - Sending m.room.create in new room
2019-08-10 20:02:12,322 - synapse.storage.events - 475 - INFO - persist_events-15919 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
2019-08-10 20:02:12,472 - synapse.handlers.room - 714 - INFO - POST-322750 - Sending m.room.member in new room
2019-08-10 20:02:12,480 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88981 - Handling 1 state deltas
2019-08-10 20:02:12,481 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87811 - Handling 1 state deltas
2019-08-10 20:02:12,557 - synapse.storage.events - 475 - INFO - persist_events-15920 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
2019-08-10 20:02:12,732 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87812 - Handling 1 state deltas
2019-08-10 20:02:12,735 - synapse.handlers.sync - 925 - INFO - GET-322748 - Calculating sync response for @f0x:pixie.town between StreamToken(room_key='s1043242', presence_key='6535874', typing_key='6523', receipt_key='592263', account_data_key='83423', push_rules_key='60', to_device_key='370', device_list_key='76388', groups_key='22') and StreamToken(room_key='s1043244', presence_key=6535874, typing_key=6523, receipt_key=592263, account_data_key=83423, push_rules_key=60, to_device_key=370, device_list_key=76388, groups_key=22)
2019-08-10 20:02:12,736 - synapse.handlers.room - 700 - INFO - POST-322750 - Sending m.room.power_levels in new room
2019-08-10 20:02:12,739 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88982 - Handling 1 state deltas
2019-08-10 20:02:12,765 - synapse.handlers.sync - 1467 - INFO - GET-322748 - Membership changes in !RmOEuSphBBBbywJSeb:pixie.town: [$fndld36eMDhmigA_5aBLrpCr0bC_BA-ih6xUftv4h6Q (join)]
2019-08-10 20:02:12,785 - synapse.metrics - 451 - INFO -  - Collecting gc 1
2019-08-10 20:02:12,809 - synapse.storage.events - 475 - INFO - persist_events-15921 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
2019-08-10 20:02:12,825 - synapse.access.http.8008 - 302 - INFO - GET-322748 - 213.10.105.53 - 8008 - {@f0x:pixie.town} Processed request: 0.935sec/0.001sec (0.027sec, 0.006sec) (0.018sec/0.042sec/10) 1564B 200 "GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s1043242_6535874_6523_592263_83423_60_370_76388_22 HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" [0 dbevts]
2019-08-10 20:02:12,907 - synapse.handlers.room - 700 - INFO - POST-322750 - Sending m.room.join_rules in new room
2019-08-10 20:02:12,919 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88983 - Handling 1 state deltas
2019-08-10 20:02:12,922 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87813 - Handling 1 state deltas
2019-08-10 20:02:12,977 - synapse.storage.events - 475 - INFO - persist_events-15922 - Calculating state delta for room !RmOEuSphBBBbywJSeb:pixie.town
[/sync requests]
2019-08-10 20:02:13,646 - synapse.handlers.stats - 98 - INFO - stats.notify_new_event-88985 - Handling 1 state deltas
2019-08-10 20:02:13,657 - synapse.handlers.user_directory - 145 - INFO - user_directory.notify_new_event-87815 - Handling 1 state deltas
2019-08-10 20:02:13,674 - synapse.access.http.8008 - 302 - INFO - GET-322756 - 213.10.105.53 - 8008 - {@f0x:pixie.town} Processed request: 0.140sec/0.001sec (0.023sec, 0.000sec) (0.003sec/0.006sec/1) 886B 200 "GET /_matrix/client/r0/sync?filter=1&timeout=30000&since=s1043246_6535874_6523_592263_83423_60_370_76388_22 HTTP/1.0" "Mozilla/5.0 (X11; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0" [0 dbevts]
--
2019-08-10 20:02:14,650 - synapse.access.http.8008 - 302 - INFO - POST-322750 - 213.10.105.53 - 8008 - {@f0x:pixie.town} Processed request: 2.475sec/0.001sec (0.052sec, 0.015sec) (0.055sec/0.398sec/43) 137B 200 "POST /_matrix/client/r0/admin/shutdown_room/\!HkIVpVBRHoIryLnGUn:chat.thisisjoes.site HTTP/1.0" "curl/7.64.0" [6 dbevts]

@f0x52
Copy link
Author

f0x52 commented Aug 10, 2019

It seems the issue is with my escaping of the room id, after which Synapse will happily "block" a nonexisting room and still return a

{
    "failed_to_kick_users": [],
    "kicked_users": [],
    "local_aliases": [],
    "new_room_id": "<id>"
}

@f0x52 f0x52 changed the title Room keeps receiving messages after using the shutdown API Room Shutdown API has no validation/error handling Aug 10, 2019
richvdh pushed a commit that referenced this issue Jul 14, 2020
The Delete Room admin API allows server admins to remove rooms from server
and block these rooms.
`DELETE /_synapse/admin/v1/rooms/<room_id>`
It is a combination and improvement of "[Shutdown room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/shutdown_room.md)" and "[Purge room](https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/purge_room.md)" API.

Fixes: #6425 

It also fixes a bug in [synapse/storage/data_stores/main/room.py](synapse/storage/data_stores/main/room.py) in ` get_room_with_stats`.
It should return `None` if the room is unknown. But it returns an `IndexError`.
https://github.com/matrix-org/synapse/blob/901b1fa561e3cc661d78aa96d59802cf2078cb0d/synapse/storage/data_stores/main/room.py#L99-L105

Related to:
- #5575
- Awesome-Technologies/synapse-admin#17

Signed-off-by: Dirk Klimpel dirk@klimpel.org
@aaronraimist
Copy link
Contributor

Fixed by #8830

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants