Check third party rules before persisting knocks over federation (#10212

) An accidental mis-ordering of operations during #6739 technically allowed an incoming knock event over federation in before checking it against any configured Third Party Access Rules modules. This PR corrects that by performing the TPAR check *before* persisting the event.
matrix-org · Jun 21, 2021 · 1821471 · 1821471
1 parent 107c060
commit 1821471
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/changelog.d/10212.feature b/changelog.d/10212.feature
@@ -0,0 +1 @@
+Implement "room knocking" as per [MSC2403](https://github.com/matrix-org/matrix-doc/pull/2403). Contributed by Sorunome and anoa.
diff --git a/synapse/handlers/federation.py b/synapse/handlers/federation.py
@@ -2086,8 +2086,6 @@ async def on_send_knock_request(
 
         context = await self.state_handler.compute_event_context(event)
 
-        await self._auth_and_persist_event(origin, event, context)
-
         event_allowed = await self.third_party_event_rules.check_event_allowed(
             event, context
         )
@@ -2097,6 +2095,8 @@ async def on_send_knock_request(
                 403, "This event is not allowed in this context", Codes.FORBIDDEN
             )
 
+        await self._auth_and_persist_event(origin, event, context)
+
         return context
 
     async def get_state_for_pdu(self, room_id: str, event_id: str) -> List[EventBase]: