Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

join_authorised_via_users_server user must be joined to the room #1477

Open
turt2live opened this issue Mar 29, 2023 · 0 comments
Open

join_authorised_via_users_server user must be joined to the room #1477

turt2live opened this issue Mar 29, 2023 · 0 comments
Labels
A-Room-spec Something to do with the room version specifications A-S2S Server-to-Server API (federation) spec-omission implemented but not currently specified

Comments

@turt2live
Copy link
Member

turt2live commented Mar 29, 2023
edited
Loading

Link to problem area: https://spec.matrix.org/v1.6/rooms/v10/#authorization-rules (and room versions using the same condition)

Issue
Under 4.3.5.2 we only verify that the user has permission to do it, but in practice we also pull their membership event to ensure they're also joined to the room.

This is a documentation error: implementation and the original MSC both require the referenced user.

Implementation (Synapse): https://github.com/matrix-org/synapse/blob/a368d30c1cfe7457fca4fcdd03ae481ba65a226c/synapse/event_auth.py#L632

The MSC states:

It should be confirmed that the authorising user is in the room. (This prevents situations where any homeserver could process the join, even if they weren't in the room, under certain power level conditions.)

Additionally, the auth_events restriction is not mentioned in the spec:

The auth chain of the join event needs to include events which prove the homeserver can be issuing the join. This can be done by including:

  • The m.room.power_levels event.
  • The join event of the user specified in join_authorised_via_users_server.

but is added by Synapse here
@turt2live turt2live added spec-bug Something which is in the spec, but is wrong A-S2S Server-to-Server API (federation) A-Room-spec Something to do with the room version specifications spec-omission implemented but not currently specified and removed spec-bug Something which is in the spec, but is wrong labels Mar 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-Room-spec Something to do with the room version specifications A-S2S Server-to-Server API (federation) spec-omission implemented but not currently specified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@turt2live