Richard van der Hoff
172f264ed3
Improve signature checking on some federation APIs ( #6262 )
...
Make sure that we check that events sent over /send_join, /send_leave, and
/invite, are correctly signed and come from the expected servers.
2019-10-28 12:43:23 +00:00
Amber Brown
4806651744
Replace returnValue with return ( #5736 )
2019-07-23 23:00:55 +10:00
Amber Brown
463b072b12
Move logging utilities out of the side drawer of util/ and into logging/ ( #5606 )
2019-07-04 00:07:04 +10:00
Richard van der Hoff
2f8491daef
Fix logging error when a tampered event is detected. ( #5500 )
2019-06-21 15:11:42 +01:00
Amber Brown
32e7c9e7f2
Run Black. ( #5482 )
2019-06-20 19:32:02 +10:00
Richard van der Hoff
cea9750d11
Associate a request_name with each verify request, for logging
...
Also:
* rename VerifyKeyRequest->VerifyJsonRequest
* calculate key_ids on VerifyJsonRequest construction
* refactor things to pass around VerifyJsonRequests instead of 4-tuples
2019-06-05 10:46:26 +01:00
Richard van der Hoff
14f13babb0
Add a test room version where we enforce key validity ( #5348 )
2019-06-05 10:38:25 +01:00
Richard van der Hoff
fec2dcb1a5
Enforce validity period on server_keys for fed requests. ( #5321 )
...
When handling incoming federation requests, make sure that we have an
up-to-date copy of the signing key.
We do not yet enforce the validity period for event signatures.
2019-06-03 22:59:51 +01:00
Richard van der Hoff
837d7f85a9
more logging improvements
2019-04-25 22:17:59 +01:00
Richard van der Hoff
fd8fb32bdd
remove extraneous exception logging
2019-04-25 22:02:03 +01:00
Richard van der Hoff
7ca638c761
Clarify logging when PDU signature checking fails
2019-04-25 20:55:12 +01:00
Richard van der Hoff
54a87a7b08
Collect room-version variations into one place ( #4969 )
...
Collect all the things that make room-versions different to one another into
one place, so that it's easier to define new room versions.
2019-04-01 10:24:38 +01:00
Erik Johnston
0b24d58e05
No vdh tests!
2019-01-29 23:11:48 +00:00
Erik Johnston
a1b0e1879b
Enable room version v3
2019-01-29 23:09:10 +00:00
Erik Johnston
ff2f65d737
Update comment
2019-01-29 22:35:36 +00:00
Erik Johnston
840068bd78
Only check event ID domain for signatures for V1 events
...
In future version events won't have an event ID, so we won't be able to
do this check.
2019-01-29 18:02:02 +00:00
Erik Johnston
a50cf929c1
Require event format version to parse or create events
2019-01-25 10:32:19 +00:00
Erik Johnston
be6a7e47fa
Revert "Require event format version to parse or create events"
2019-01-25 10:23:51 +00:00
Erik Johnston
f431ff3fb8
Require event format version to parse or create events
2019-01-23 20:21:33 +00:00
Erik Johnston
6a41d2a187
Add room_version param to get_pdu
...
When we add new event format we'll need to know the event format or room
version when parsing events.
2019-01-23 17:19:58 +00:00
Erik Johnston
89a76d1889
Fix handling of redacted events from federation
...
If we receive an event that doesn't pass their content hash check (e.g.
due to already being redacted) then we hit a bug which causes an
exception to be raised, which then promplty stops the event (and
request) from being processed.
This effects all sorts of federation APIs, including joining rooms with
a redacted state event.
2018-09-13 15:44:12 +01:00
Richard van der Hoff
cd7ef43872
clearer logging when things fail, too
2018-09-06 23:56:47 +01:00
Richard van der Hoff
804dd41e18
Check that signatures on events are valid
...
We should check that both the sender's server, and the server which created the
event_id (which may be different from whatever the remote server has told us
the origin is), have signed the event.
2018-09-05 13:08:07 +01:00
Krombel
3366b9c534
rename assert_params_in_request to assert_params_in_dict
...
the method "assert_params_in_request" does handle dicts and not
requests. A request body has to be parsed to json before this method
can be used
2018-07-13 21:53:01 +02:00
Amber Brown
49af402019
run isort
2018-07-09 16:09:20 +10:00
Richard van der Hoff
33f469ba19
Apply some limits to depth to counter abuse
...
* When creating a new event, cap its depth to 2^63 - 1
* When receiving events, reject any without a sensible depth
As per https://docs.google.com/document/d/1I3fi2S-XnpO45qrpCsowZv8P8dHcNZ4fsBsbOW7KABI
2018-05-01 17:54:19 +01:00
Erik Johnston
e05bf34117
Move property setting from ReplicationLayer to FederationBase
2018-03-13 10:51:30 +00:00
Richard van der Hoff
bd91857028
Check missing fields in event_from_pdu_json
...
Return a 400 rather than a 500 when somebody messes up their send_join
2017-12-30 18:40:19 +00:00
Richard van der Hoff
3079f80d4a
Factor out `event_from_pdu_json`
...
turns out we have two copies of this, and neither needs to be an instance
method
2017-12-30 18:40:19 +00:00
David Baker
6cd5fcd536
Make the spam checker a module
2017-09-26 19:20:23 +01:00
Richard van der Hoff
6de74ea6d7
Fix logcontexts in _check_sigs_and_hashes
2017-09-20 01:32:42 +01:00
Richard van der Hoff
fcf2c0fd1a
Remove redundant `preserve_fn`
...
preserve_fn is a no-op unless the wrapped function returns a
Deferred. verify_json_objects_for_server returns a list, so this is doing
nothing.
2017-09-20 01:32:42 +01:00
Richard van der Hoff
5ed109d59f
PoC for filtering spammy events ( #2456 )
...
Demonstration of how you might add some hooks to filter out spammy events.
2017-09-19 12:20:11 +01:00
Erik Johnston
9219139351
Preserve some logcontexts
2016-08-24 11:58:40 +01:00
Erik Johnston
d41a1a91d3
Linearize fetching of gaps on incoming events
...
This potentially stops the server from doing multiple requests for the
same data.
2016-06-15 15:16:14 +01:00
Matthew Hodgson
6c28ac260c
copyrights
2016-01-07 04:26:29 +00:00
Erik Johnston
b5f55a1d85
Implement bulk verify_signed_json API
2015-06-26 10:39:34 +01:00
Erik Johnston
d3ded420b1
Rephrase log line
2015-06-02 16:30:52 +01:00
Erik Johnston
22716774d5
Don't about JSON when warning about content tampering
2015-06-02 16:30:52 +01:00
Erik Johnston
5b1631a4a9
Add a timeout param to get_event
2015-05-19 14:53:32 +01:00
Erik Johnston
95dedb866f
Unwrap defer.gatherResults failures
2015-05-12 13:14:29 +01:00
Erik Johnston
789251afa7
Fix logging
2015-02-12 19:29:43 +00:00
Erik Johnston
58d848adc0
Parrellize fetching of events
2015-02-12 18:35:36 +00:00
Erik Johnston
963256638d
Correctly handle all the places that can throw exceptions
2015-02-12 18:17:11 +00:00
Erik Johnston
3c39f42a05
New line
2015-02-03 16:14:19 +00:00
Erik Johnston
9bace3a367
Actually, the old prune_event function was non-deterministic, so no point keeping it around :(
2015-02-03 15:32:17 +00:00
Erik Johnston
7b810e136e
Add new FederationBase
2015-02-03 15:00:42 +00:00