Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

_check_event_auth: move event validation earlier #10988

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/10988.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Clean up some of the federation event authentication code for clarity.
13 changes: 9 additions & 4 deletions synapse/handlers/federation_event.py
Original file line number Diff line number Diff line change
Expand Up @@ -1250,9 +1250,18 @@ async def _check_event_auth(
# This method should only be used for non-outliers
assert not event.internal_metadata.outlier

# first of all, check that the event itself is valid.
room_version = await self._store.get_room_version_id(event.room_id)
room_version_obj = KNOWN_ROOM_VERSIONS[room_version]

try:
validate_event_for_room_version(room_version_obj, event)
except AuthError as e:
logger.warning("While validating received event %r: %s", event, e)
# TODO: use a different rejected reason here?
context.rejected = RejectedReason.AUTH_ERROR
return context
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like moving this up means that we won't call cache_joined_hosts_for_event in some situations, but I see #10986 moves it out of this method anyway.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah. We shouldn't be calling cache_joined_hosts_for_event on rejected events anyway, since we won't be sending them out.


# calculate what the auth events *should* be, to use as a basis for auth.
prev_state_ids = await context.get_prev_state_ids()
auth_events_ids = self._event_auth_handler.compute_auth_events(
Expand Down Expand Up @@ -1286,7 +1295,6 @@ async def _check_event_auth(
auth_events_for_auth = calculated_auth_event_map

try:
validate_event_for_room_version(room_version_obj, event)
check_auth_rules_for_event(room_version_obj, event, auth_events_for_auth)
except AuthError as e:
logger.warning("Failed auth resolution for %r because %s", event, e)
Expand Down Expand Up @@ -1399,9 +1407,6 @@ async def _check_for_soft_fail(
}

try:
# TODO: skip the call to validate_event_for_room_version? we should already
# have validated the event.
validate_event_for_room_version(room_version_obj, event)
check_auth_rules_for_event(room_version_obj, event, current_auth_events)
except AuthError as e:
logger.warning(
Expand Down