Fix joining over federation

synapse/api/auth.py

@@ -24,6 +24,7 @@
     RoomJoinRulesEvent, RoomCreateEvent,
 )
 from synapse.util.logutils import log_function
+from syutil.base64util import encode_base64
 
 import logging
 
@@ -61,8 +62,6 @@ def check(self, event, raises=False):
                     # FIXME
                     return True
 
-                self._can_send_event(event)
-
                 if event.type == RoomMemberEvent.TYPE:
                     allowed = self.is_membership_change_allowed(event)
                     if allowed:
@@ -71,6 +70,8 @@ def check(self, event, raises=False):
                         logger.debug("Denying! %s", event)
                     return allowed
 
+                self._can_send_event(event)
+
                 if event.type == RoomPowerLevelsEvent.TYPE:
                     self._check_power_levels(event)
 
@@ -311,6 +312,54 @@ def get_user_by_token(self, token):
     def is_server_admin(self, user):
         return self.store.is_server_admin(user)
 
+    @defer.inlineCallbacks
+    def add_auth_events(self, event):
+        if event.type == RoomCreateEvent.TYPE:
+            event.auth_events = []
+            return
+
+        auth_events = []
+
+        key = (RoomPowerLevelsEvent.TYPE, "", )
+        power_level_event = event.old_state_events.get(key)
+
+        if power_level_event:
+            auth_events.append(power_level_event.event_id)
+
+        key = (RoomJoinRulesEvent.TYPE, "", )
+        join_rule_event = event.old_state_events.get(key)
+
+        key = (RoomMemberEvent.TYPE, event.user_id, )
+        member_event = event.old_state_events.get(key)
+
+        if join_rule_event:
+            join_rule = join_rule_event.content.get("join_rule")
+            is_public = join_rule == JoinRules.PUBLIC if join_rule else False
+
+            if event.type == RoomMemberEvent.TYPE:
+                if event.content["membership"] == Membership.JOIN:
+                    if is_public:
+                        auth_events.append(join_rule_event.event_id)
+                elif member_event:
+                    auth_events.append(member_event.event_id)
+
+        if member_event:
+            if member_event.content["membership"] == Membership.JOIN:
+                auth_events.append(member_event.event_id)
+
+        hashes = yield self.store.get_event_reference_hashes(
+            auth_events
+        )
+        hashes = [
+            {
+                k: encode_base64(v) for k, v in h.items()
+                if k == "sha256"
+            }
+            for h in hashes
+        ]
+        event.auth_events = zip(auth_events, hashes)
+
+
     @log_function
     def _can_send_event(self, event):
         key = (RoomPowerLevelsEvent.TYPE, "", )

synapse/api/events/__init__.py

@@ -61,7 +61,6 @@ class SynapseEvent(JsonEncodedObject):
         "replaces_state",
         "redacted_because",
         "origin_server_ts",
-        "auth_events",
     ]
 
     internal_keys = [
@@ -75,6 +74,7 @@ class SynapseEvent(JsonEncodedObject):
         "hashes",
         "signatures",
         "prev_state",
+        "auth_events",
     ]
 
     required_keys = [

synapse/handlers/_base.py

@@ -18,11 +18,6 @@
 from synapse.api.errors import LimitExceededError
 from synapse.util.async import run_on_reactor
 from synapse.crypto.event_signing import add_hashes_and_signatures
-from synapse.api.events.room import (
-    RoomCreateEvent, RoomMemberEvent, RoomPowerLevelsEvent, RoomJoinRulesEvent,
-)
-from synapse.api.constants import Membership, JoinRules
-from syutil.base64util import encode_base64
 
 import logging
 
@@ -59,53 +54,6 @@ def ratelimit(self, user_id):
                 retry_after_ms=int(1000*(time_allowed - time_now)),
             )
 
-    @defer.inlineCallbacks
-    def _add_auth(self, event):
-        if event.type == RoomCreateEvent.TYPE:
-            event.auth_events = []
-            return
-
-        auth_events = []
-
-        key = (RoomPowerLevelsEvent.TYPE, "", )
-        power_level_event = event.old_state_events.get(key)
-
-        if power_level_event:
-            auth_events.append(power_level_event.event_id)
-
-        key = (RoomJoinRulesEvent.TYPE, "", )
-        join_rule_event = event.old_state_events.get(key)
-
-        key = (RoomMemberEvent.TYPE, event.user_id, )
-        member_event = event.old_state_events.get(key)
-
-        if join_rule_event:
-            join_rule = join_rule_event.content.get("join_rule")
-            is_public = join_rule == JoinRules.PUBLIC if join_rule else False
-
-            if event.type == RoomMemberEvent.TYPE:
-                if event.content["membership"] == Membership.JOIN:
-                    if is_public:
-                        auth_events.append(join_rule_event.event_id)
-                elif member_event:
-                    auth_events.append(member_event.event_id)
-
-        if member_event:
-            if member_event.content["membership"] == Membership.JOIN:
-                auth_events.append(member_event.event_id)
-
-        hashes = yield self.store.get_event_reference_hashes(
-            auth_events
-        )
-        hashes = [
-            {
-                k: encode_base64(v) for k, v in h.items()
-                if k == "sha256"
-            }
-            for h in hashes
-        ]
-        event.auth_events = zip(auth_events, hashes)
-
     @defer.inlineCallbacks
     def _on_new_room_event(self, event, snapshot, extra_destinations=[],
                            extra_users=[], suppress_auth=False):
@@ -115,7 +63,7 @@ def _on_new_room_event(self, event, snapshot, extra_destinations=[],
 
         yield self.state_handler.annotate_state_groups(event)
 
-        yield self._add_auth(event)
+        yield self.auth.add_auth_events(event)
 
         logger.debug("Signing event...")
 

synapse/handlers/federation.py

@@ -317,6 +317,7 @@ def on_make_join_request(self, context, user_id):
         snapshot.fill_out_prev_events(event)
 
         yield self.state_handler.annotate_state_groups(event)
+        yield self.auth.add_auth_events(event)
         self.auth.check(event, raises=True)
 
         pdu = self.pdu_codec.pdu_from_event(event)

synapse/storage/__init__.py

@@ -310,6 +310,7 @@ def _persist_event_txn(self, txn, event, backfilled, stream_ordering=None,
                     "room_id": event.room_id,
                     "auth_id": auth_id,
                 },
+                or_ignore=True,
             )
 
         (ref_alg, ref_hash_bytes) = compute_event_reference_hash(event)