Description
This issue has been migrated from #13968.
Description
I created a room (room version 10) as a test user with the following initial state:
history_visibility: sharedjoin_rule: knock
I'm observing that if another user knocks on the room and that admin test user kicks them, the kicked user is still able to fetch all of the previous events of the room using the /_matrix/client/v3/rooms/{roomId}/messages GET endpoint.
This seems like unexpected behaviour to me and a major risk to the privacy/confidentiality of the users in the room.
The Client-Server API Spec mentions this for shared room history visibility:
"Previous events are always accessible to newly joined members. All events in the room are accessible, even those sent when the member was not a part of the room."
I have a feeling that room members with membership set as knock are mistakenly being considered as newly joined members in this case.
Steps to reproduce
- the following steps refer to user 1 (room creator and admin) and user 2 (knocker)
- create a room as user 1 with the following properties:
history_visibility: sharedjoin_rule: knockroom_version: 10
- send a few test messages as user 1 in the room
- knock on the room as user 2
- kick user 2 as user 1
- access previous events in the room as user 2 using the
/_matrix/client/v3/rooms/{roomId}/messagesGET endpoint - observe that the test messages sent as user 1 are accessible through this endpoint by user 2
Homeserver
Local test homeserver
Synapse Version
1.68.0
Installation Method
Docker (matrixdotorg/synapse)
Platform
Official Docker image running in a container on Manjaro Linux
Relevant log output
[Edit 2022-09-30 11:41 UTC by dmr: redacted logs which contained sensitive information.]
Anything else that would be useful to know?
No response