chris/ruwuma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix room version updates

Browse Source
This commit is contained in:
Timo Kösters 2021-03-26 10:53:20 +01:00
parent 1621a491a9
commit 625c37cb77
No known key found for this signature in database
GPG Key ID: 24DA7517711A2BA4
1 changed files with 27 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
src/event_auth.rs
View File

@ -171,9 +171,8 @@ pub fn auth_check<E: Event>(
// [synapse] checks for federation here // [synapse] checks for federation here
// 4. if type is m.room.aliases // 4. if type is m.room.aliases
if incoming_event.kind() == EventType::RoomAliases { if incoming_event.kind() == EventType::RoomAliases && room_version < &RoomVersionId::Version6 {
log::info!("starting m.room.aliases check"); log::info!("starting m.room.aliases check");
// [synapse] adds `&& room_version` "special case aliases auth"
// If sender's domain doesn't matches state_key, reject // If sender's domain doesn't matches state_key, reject
if incoming_event.state_key() != Some(incoming_event.sender().server_name().to_string()) { if incoming_event.state_key() != Some(incoming_event.sender().server_name().to_string()) {
@ -263,7 +262,14 @@ pub fn auth_check<E: Event>(
log::info!("power levels event allowed"); log::info!("power levels event allowed");
} }
if incoming_event.kind() == EventType::RoomRedaction // Room version 3: Redaction events are always accepted (provided the event is allowed by `events` and
// `events_default` in the power levels). However, servers should not apply or send redaction's
// to clients until both the redaction event and original event have been seen, and are valid.
// Servers should only apply redaction's to events where the sender's domains match,
// or the sender of the redaction has the appropriate permissions per the power levels.
if room_version >= &RoomVersionId::Version3
&& incoming_event.kind() == EventType::RoomRedaction
&& !check_redaction(room_version, incoming_event, &auth_events)? && !check_redaction(room_version, incoming_event, &auth_events)?
{ {
return Ok(false); return Ok(false);
@ -470,7 +476,7 @@ pub fn can_send_event<E: Event>(event: &Arc<E>, auth_events: &StateMap<Arc<E>>)
/// Confirm that the event sender has the required power levels. /// Confirm that the event sender has the required power levels.
pub fn check_power_levels<E: Event>( pub fn check_power_levels<E: Event>(
_: &RoomVersionId, room_version: &RoomVersionId,
power_event: &Arc<E>, power_event: &Arc<E>,
auth_events: &StateMap<Arc<E>>, auth_events: &StateMap<Arc<E>>,
) -> Option<bool> { ) -> Option<bool> {
@ -491,6 +497,7 @@ pub fn check_power_levels<E: Event>(
power_event.content(), power_event.content(),
) )
.unwrap(); .unwrap();
let current_content = serde_json::from_value::<room::power_levels::PowerLevelsEventContent>( let current_content = serde_json::from_value::<room::power_levels::PowerLevelsEventContent>(
current_state.content(), current_state.content(),
) )
@ -521,19 +528,6 @@ pub fn check_power_levels<E: Event>(
log::debug!("events to check {:?}", event_levels_to_check); log::debug!("events to check {:?}", event_levels_to_check);
// [synapse] validate MSC2209 depending on room version check "notifications".
// if RoomVersion::new(room_version).limit_notifications_power_levels {
// let old_level: i64 = current_content.notifications.room.into();
// let new_level: i64 = user_content.notifications.room.into();
// let old_level_too_big = old_level > user_level;
// let new_level_too_big = new_level > user_level;
// if old_level_too_big || new_level_too_big {
// log::warn!("m.room.power_level cannot add ops > than own");
// return Some(false); // cannot add ops greater than own
// }
// }
let old_state = &current_content; let old_state = &current_content;
let new_state = &user_content; let new_state = &user_content;
@ -582,6 +576,22 @@ pub fn check_power_levels<E: Event>(
} }
} }
// Notifications, currently there is only @room
if room_version >= &RoomVersionId::Version6 {
let old_level = old_state.notifications.room;
let new_level = new_state.notifications.room;
if old_level != new_level {
// If the current value is higher than the sender's current power level, reject
// If the new value is higher than the sender's current power level, reject
let old_level_too_big = i64::from(old_level) > user_level;
let new_level_too_big = i64::from(new_level) > user_level;
if old_level_too_big || new_level_too_big {
log::warn!("m.room.power_level failed to add ops > than own");
return Some(false); // cannot add ops greater than own
}
}
}
let levels = [ let levels = [
"users_default", "users_default",
"events_default", "events_default",
@ -633,13 +643,6 @@ pub fn check_redaction<E: Event>(
return Ok(true); return Ok(true);
} }
// FROM SPEC:
// Redaction events are always accepted (provided the event is allowed by `events` and
// `events_default` in the power levels). However, servers should not apply or send redaction's
// to clients until both the redaction event and original event have been seen, and are valid.
// Servers should only apply redaction's to events where the sender's domains match,
// or the sender of the redaction has the appropriate permissions per the power levels.
// If the domain of the event_id of the event being redacted is the same as the domain of the event_id of the m.room.redaction, allow // If the domain of the event_id of the event being redacted is the same as the domain of the event_id of the m.room.redaction, allow
if redaction_event.event_id().server_name() if redaction_event.event_id().server_name()
== redaction_event == redaction_event