Add auth events as per spec. (#6556)
Previously we tried to be clever and filter out some unnecessary event IDs to keep the auth chain small, but that had some annoying interactions with state res v2 so we stop doing that for now.
This commit is contained in:
Erik Johnston
parent
6316530366
commit
5ca2cfadc3
|
|
@ -0,0 +1 @@
|
||||||
|
Fix a cause of state resets in room versions 2 onwards.
|
||||||
|
|
@ -14,6 +14,7 @@
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
from typing import Dict, Tuple
|
||||||
|
|
||||||
from six import itervalues
|
from six import itervalues
|
||||||
|
|
||||||
|
|
@ -25,13 +26,7 @@ from twisted.internet import defer
|
||||||
import synapse.logging.opentracing as opentracing
|
import synapse.logging.opentracing as opentracing
|
||||||
import synapse.types
|
import synapse.types
|
||||||
from synapse import event_auth
|
from synapse import event_auth
|
||||||
from synapse.api.constants import (
|
from synapse.api.constants import EventTypes, LimitBlockingTypes, Membership, UserTypes
|
||||||
EventTypes,
|
|
||||||
JoinRules,
|
|
||||||
LimitBlockingTypes,
|
|
||||||
Membership,
|
|
||||||
UserTypes,
|
|
||||||
)
|
|
||||||
from synapse.api.errors import (
|
from synapse.api.errors import (
|
||||||
AuthError,
|
AuthError,
|
||||||
Codes,
|
Codes,
|
||||||
|
|
@ -513,71 +508,43 @@ class Auth(object):
|
||||||
"""
|
"""
|
||||||
return self.store.is_server_admin(user)
|
return self.store.is_server_admin(user)
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
def compute_auth_events(
|
||||||
def compute_auth_events(self, event, current_state_ids, for_verification=False):
|
self,
|
||||||
|
event,
|
||||||
|
current_state_ids: Dict[Tuple[str, str], str],
|
||||||
|
for_verification: bool = False,
|
||||||
|
):
|
||||||
|
"""Given an event and current state return the list of event IDs used
|
||||||
|
to auth an event.
|
||||||
|
|
||||||
|
If `for_verification` is False then only return auth events that
|
||||||
|
should be added to the event's `auth_events`.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
defer.Deferred(list[str]): List of event IDs.
|
||||||
|
"""
|
||||||
|
|
||||||
if event.type == EventTypes.Create:
|
if event.type == EventTypes.Create:
|
||||||
return []
|
return defer.succeed([])
|
||||||
|
|
||||||
|
# Currently we ignore the `for_verification` flag even though there are
|
||||||
|
# some situations where we can drop particular auth events when adding
|
||||||
|
# to the event's `auth_events` (e.g. joins pointing to previous joins
|
||||||
|
# when room is publically joinable). Dropping event IDs has the
|
||||||
|
# advantage that the auth chain for the room grows slower, but we use
|
||||||
|
# the auth chain in state resolution v2 to order events, which means
|
||||||
|
# care must be taken if dropping events to ensure that it doesn't
|
||||||
|
# introduce undesirable "state reset" behaviour.
|
||||||
|
#
|
||||||
|
# All of which sounds a bit tricky so we don't bother for now.
|
||||||
|
|
||||||
auth_ids = []
|
auth_ids = []
|
||||||
|
for etype, state_key in event_auth.auth_types_for_event(event):
|
||||||
|
auth_ev_id = current_state_ids.get((etype, state_key))
|
||||||
|
if auth_ev_id:
|
||||||
|
auth_ids.append(auth_ev_id)
|
||||||
|
|
||||||
key = (EventTypes.PowerLevels, "")
|
return defer.succeed(auth_ids)
|
||||||
power_level_event_id = current_state_ids.get(key)
|
|
||||||
|
|
||||||
if power_level_event_id:
|
|
||||||
auth_ids.append(power_level_event_id)
|
|
||||||
|
|
||||||
key = (EventTypes.JoinRules, "")
|
|
||||||
join_rule_event_id = current_state_ids.get(key)
|
|
||||||
|
|
||||||
key = (EventTypes.Member, event.sender)
|
|
||||||
member_event_id = current_state_ids.get(key)
|
|
||||||
|
|
||||||
key = (EventTypes.Create, "")
|
|
||||||
create_event_id = current_state_ids.get(key)
|
|
||||||
if create_event_id:
|
|
||||||
auth_ids.append(create_event_id)
|
|
||||||
|
|
||||||
if join_rule_event_id:
|
|
||||||
join_rule_event = yield self.store.get_event(join_rule_event_id)
|
|
||||||
join_rule = join_rule_event.content.get("join_rule")
|
|
||||||
is_public = join_rule == JoinRules.PUBLIC if join_rule else False
|
|
||||||
else:
|
|
||||||
is_public = False
|
|
||||||
|
|
||||||
if event.type == EventTypes.Member:
|
|
||||||
e_type = event.content["membership"]
|
|
||||||
if e_type in [Membership.JOIN, Membership.INVITE]:
|
|
||||||
if join_rule_event_id:
|
|
||||||
auth_ids.append(join_rule_event_id)
|
|
||||||
|
|
||||||
if e_type == Membership.JOIN:
|
|
||||||
if member_event_id and not is_public:
|
|
||||||
auth_ids.append(member_event_id)
|
|
||||||
else:
|
|
||||||
if member_event_id:
|
|
||||||
auth_ids.append(member_event_id)
|
|
||||||
|
|
||||||
if for_verification:
|
|
||||||
key = (EventTypes.Member, event.state_key)
|
|
||||||
existing_event_id = current_state_ids.get(key)
|
|
||||||
if existing_event_id:
|
|
||||||
auth_ids.append(existing_event_id)
|
|
||||||
|
|
||||||
if e_type == Membership.INVITE:
|
|
||||||
if "third_party_invite" in event.content:
|
|
||||||
key = (
|
|
||||||
EventTypes.ThirdPartyInvite,
|
|
||||||
event.content["third_party_invite"]["signed"]["token"],
|
|
||||||
)
|
|
||||||
third_party_invite_id = current_state_ids.get(key)
|
|
||||||
if third_party_invite_id:
|
|
||||||
auth_ids.append(third_party_invite_id)
|
|
||||||
elif member_event_id:
|
|
||||||
member_event = yield self.store.get_event(member_event_id)
|
|
||||||
if member_event.content["membership"] == Membership.JOIN:
|
|
||||||
auth_ids.append(member_event.event_id)
|
|
||||||
|
|
||||||
return auth_ids
|
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
@defer.inlineCallbacks
|
||||||
def check_can_change_room_list(self, room_id, user):
|
def check_can_change_room_list(self, room_id, user):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue