Implement MSC3821 to update redaction rules (`third_party_invite.signed`) (#15563)
Updates the redaction rules to protect enough information that the event can still be properly verified.
This commit is contained in:
parent
eb3c1823d8
commit
f2905d827f
|
@ -0,0 +1 @@
|
||||||
|
Implement [MSC3821](https://github.com/matrix-org/matrix-spec-proposals/pull/3821) to update the redaction rules.
|
|
@ -103,6 +103,8 @@ class RoomVersion:
|
||||||
msc3787_knock_restricted_join_rule: bool
|
msc3787_knock_restricted_join_rule: bool
|
||||||
# MSC3667: Enforce integer power levels
|
# MSC3667: Enforce integer power levels
|
||||||
msc3667_int_only_power_levels: bool
|
msc3667_int_only_power_levels: bool
|
||||||
|
# MSC3821: Do not redact the third_party_invite content field for membership events.
|
||||||
|
msc3821_redaction_rules: bool
|
||||||
# MSC3931: Adds a push rule condition for "room version feature flags", making
|
# MSC3931: Adds a push rule condition for "room version feature flags", making
|
||||||
# some push rules room version dependent. Note that adding a flag to this list
|
# some push rules room version dependent. Note that adding a flag to this list
|
||||||
# is not enough to mark it "supported": the push rule evaluator also needs to
|
# is not enough to mark it "supported": the push rule evaluator also needs to
|
||||||
|
@ -133,6 +135,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -155,6 +158,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -177,6 +181,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -199,6 +204,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -221,6 +227,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -243,6 +250,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -265,6 +273,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -287,6 +296,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -309,6 +319,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -331,6 +342,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -353,6 +365,30 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=True,
|
msc3787_knock_restricted_join_rule=True,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
|
msc3931_push_features=(),
|
||||||
|
msc3989_redaction_rules=False,
|
||||||
|
)
|
||||||
|
MSC3821 = RoomVersion(
|
||||||
|
"org.matrix.msc3821.opt1",
|
||||||
|
RoomDisposition.UNSTABLE,
|
||||||
|
EventFormatVersions.ROOM_V4_PLUS,
|
||||||
|
StateResolutionVersions.V2,
|
||||||
|
enforce_key_validity=True,
|
||||||
|
special_case_aliases_auth=False,
|
||||||
|
strict_canonicaljson=True,
|
||||||
|
limit_notifications_power_levels=True,
|
||||||
|
msc2175_implicit_room_creator=False,
|
||||||
|
msc2176_redaction_rules=False,
|
||||||
|
msc3083_join_rules=True,
|
||||||
|
msc3375_redaction_rules=True,
|
||||||
|
msc2403_knocking=True,
|
||||||
|
msc2716_historical=False,
|
||||||
|
msc2716_redactions=False,
|
||||||
|
msc3389_relation_redactions=False,
|
||||||
|
msc3787_knock_restricted_join_rule=False,
|
||||||
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=True,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -375,6 +411,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=True,
|
msc3787_knock_restricted_join_rule=True,
|
||||||
msc3667_int_only_power_levels=True,
|
msc3667_int_only_power_levels=True,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -397,6 +434,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=False,
|
msc3787_knock_restricted_join_rule=False,
|
||||||
msc3667_int_only_power_levels=False,
|
msc3667_int_only_power_levels=False,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -420,6 +458,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=True,
|
msc3787_knock_restricted_join_rule=True,
|
||||||
msc3667_int_only_power_levels=True,
|
msc3667_int_only_power_levels=True,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(PushRuleRoomFlag.EXTENSIBLE_EVENTS,),
|
msc3931_push_features=(PushRuleRoomFlag.EXTENSIBLE_EVENTS,),
|
||||||
msc3989_redaction_rules=False,
|
msc3989_redaction_rules=False,
|
||||||
)
|
)
|
||||||
|
@ -442,6 +481,7 @@ class RoomVersions:
|
||||||
msc3389_relation_redactions=False,
|
msc3389_relation_redactions=False,
|
||||||
msc3787_knock_restricted_join_rule=True,
|
msc3787_knock_restricted_join_rule=True,
|
||||||
msc3667_int_only_power_levels=True,
|
msc3667_int_only_power_levels=True,
|
||||||
|
msc3821_redaction_rules=False,
|
||||||
msc3931_push_features=(),
|
msc3931_push_features=(),
|
||||||
msc3989_redaction_rules=True,
|
msc3989_redaction_rules=True,
|
||||||
)
|
)
|
||||||
|
|
|
@ -130,6 +130,16 @@ def prune_event_dict(room_version: RoomVersion, event_dict: JsonDict) -> JsonDic
|
||||||
add_fields("membership")
|
add_fields("membership")
|
||||||
if room_version.msc3375_redaction_rules:
|
if room_version.msc3375_redaction_rules:
|
||||||
add_fields(EventContentFields.AUTHORISING_USER)
|
add_fields(EventContentFields.AUTHORISING_USER)
|
||||||
|
if room_version.msc3821_redaction_rules:
|
||||||
|
# Preserve the signed field under third_party_invite.
|
||||||
|
third_party_invite = event_dict["content"].get("third_party_invite")
|
||||||
|
if isinstance(third_party_invite, collections.abc.Mapping):
|
||||||
|
new_content["third_party_invite"] = {}
|
||||||
|
if "signed" in third_party_invite:
|
||||||
|
new_content["third_party_invite"]["signed"] = third_party_invite[
|
||||||
|
"signed"
|
||||||
|
]
|
||||||
|
|
||||||
elif event_type == EventTypes.Create:
|
elif event_type == EventTypes.Create:
|
||||||
# MSC2176 rules state that create events cannot be redacted.
|
# MSC2176 rules state that create events cannot be redacted.
|
||||||
if room_version.msc2176_redaction_rules:
|
if room_version.msc2176_redaction_rules:
|
||||||
|
|
|
@ -394,7 +394,7 @@ class PruneEventTestCase(stdlib_unittest.TestCase):
|
||||||
)
|
)
|
||||||
|
|
||||||
def test_member(self) -> None:
|
def test_member(self) -> None:
|
||||||
"""Member events have changed behavior starting with MSC3375."""
|
"""Member events have changed behavior in MSC3375 and MSC3821."""
|
||||||
self.run_test(
|
self.run_test(
|
||||||
{
|
{
|
||||||
"type": "m.room.member",
|
"type": "m.room.member",
|
||||||
|
@ -437,6 +437,79 @@ class PruneEventTestCase(stdlib_unittest.TestCase):
|
||||||
room_version=RoomVersions.V9,
|
room_version=RoomVersions.V9,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# After MSC3821, the signed key under third_party_invite is protected
|
||||||
|
# from redaction.
|
||||||
|
THIRD_PARTY_INVITE = {
|
||||||
|
"display_name": "alice",
|
||||||
|
"signed": {
|
||||||
|
"mxid": "@alice:example.org",
|
||||||
|
"signatures": {
|
||||||
|
"magic.forest": {
|
||||||
|
"ed25519:3": "fQpGIW1Snz+pwLZu6sTy2aHy/DYWWTspTJRPyNp0PKkymfIsNffysMl6ObMMFdIJhk6g6pwlIqZ54rxo8SLmAg"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"token": "abc123",
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
self.run_test(
|
||||||
|
{
|
||||||
|
"type": "m.room.member",
|
||||||
|
"content": {
|
||||||
|
"membership": "invite",
|
||||||
|
"third_party_invite": THIRD_PARTY_INVITE,
|
||||||
|
"other_key": "stripped",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "m.room.member",
|
||||||
|
"content": {
|
||||||
|
"membership": "invite",
|
||||||
|
"third_party_invite": {"signed": THIRD_PARTY_INVITE["signed"]},
|
||||||
|
},
|
||||||
|
"signatures": {},
|
||||||
|
"unsigned": {},
|
||||||
|
},
|
||||||
|
room_version=RoomVersions.MSC3821,
|
||||||
|
)
|
||||||
|
|
||||||
|
# Ensure this doesn't break if an invalid field is sent.
|
||||||
|
self.run_test(
|
||||||
|
{
|
||||||
|
"type": "m.room.member",
|
||||||
|
"content": {
|
||||||
|
"membership": "invite",
|
||||||
|
"third_party_invite": {},
|
||||||
|
"other_key": "stripped",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "m.room.member",
|
||||||
|
"content": {"membership": "invite", "third_party_invite": {}},
|
||||||
|
"signatures": {},
|
||||||
|
"unsigned": {},
|
||||||
|
},
|
||||||
|
room_version=RoomVersions.MSC3821,
|
||||||
|
)
|
||||||
|
|
||||||
|
self.run_test(
|
||||||
|
{
|
||||||
|
"type": "m.room.member",
|
||||||
|
"content": {
|
||||||
|
"membership": "invite",
|
||||||
|
"third_party_invite": "stripped",
|
||||||
|
"other_key": "stripped",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "m.room.member",
|
||||||
|
"content": {"membership": "invite"},
|
||||||
|
"signatures": {},
|
||||||
|
"unsigned": {},
|
||||||
|
},
|
||||||
|
room_version=RoomVersions.MSC3821,
|
||||||
|
)
|
||||||
|
|
||||||
def test_relations(self) -> None:
|
def test_relations(self) -> None:
|
||||||
"""Event relations get redacted until MSC3389."""
|
"""Event relations get redacted until MSC3389."""
|
||||||
# Normally the m._relates_to field is redacted.
|
# Normally the m._relates_to field is redacted.
|
||||||
|
|
Loading…
Reference in New Issue