HTTP 500 if you try to set membership to "join" for a federated account

[jaller94]

Description

If you try to set a custom m.room.member state event, a lot of things are caught and result in an HTTP 400. Membership value is invalid? HTTP 400. State key is no Matrix ID? HTTP 400.

However, if both are valid and you set membership to "join" for someone other than you, you get an HTTP 500.

Steps to reproduce

• Create a room (any room where you're a moderator).
• Send an m.room.member state event with any Matrix-ID-looking value other than your Matrix ID. The content must be {"membership": "join"}.

I expect this to be an HTTP 400, telling me that I cannot join others without their interaction. I can set their membership to "invite", "leave" and "ban" but not "invite" (or "knock").

Version information

• Homeserver:

If not matrix.org: vector.modular.im

• Version: 1.48.0, maybe?

• Install method: EMS

• Platform: EMS

[clokep]

I was only able to reproduce this when choosing a Matrix ID that wasn't local to my server, e..g @foo:bar

Stack trace:

Traceback (most recent call last):
  File ".venv/lib/python3.9/site-packages/twisted/internet/defer.py", line 1657, in _inlineCallbacks
    result = current_context.run(
  File ".venv/lib/python3.9/site-packages/twisted/python/failure.py", line 500, in throwExceptionIntoGenerator
    return g.throw(self.type, self.value, self.tb)
  File "synapse/storage/databases/main/roommember.py", line 333, in get_invited_rooms_for_local_user
    return await self.get_rooms_for_local_user_where_membership_is(
  File "synapse/storage/databases/main/roommember.py", line 374, in get_rooms_for_local_user_where_membership_is
    rooms = await self.db_pool.runInteraction(
  File "synapse/storage/database.py", line 741, in runInteraction
    result = await self.runWithConnection(
  File "synapse/storage/database.py", line 846, in runWithConnection
    return await make_deferred_yieldable(
  File ".venv/lib/python3.9/site-packages/twisted/python/threadpool.py", line 238, in inContext
    result = inContext.theWork()  # type: ignore[attr-defined]
  File ".venv/lib/python3.9/site-packages/twisted/python/threadpool.py", line 254, in <lambda>
    inContext.theWork = lambda: context.call(  # type: ignore[attr-defined]
  File ".venv/lib/python3.9/site-packages/twisted/python/context.py", line 118, in callWithContext
    return self.currentContext().callWithContext(ctx, func, *args, **kw)
  File ".venv/lib/python3.9/site-packages/twisted/python/context.py", line 83, in callWithContext
    return func(*args, **kw)
  File ".venv/lib/python3.9/site-packages/twisted/enterprise/adbapi.py", line 293, in _runWithConnection
    compat.reraise(excValue, excTraceback)
  File ".venv/lib/python3.9/site-packages/twisted/python/deprecate.py", line 298, in deprecatedFunction
    return function(*args, **kwargs)
  File ".venv/lib/python3.9/site-packages/twisted/python/compat.py", line 404, in reraise
    raise exception.with_traceback(traceback)
  File ".venv/lib/python3.9/site-packages/twisted/enterprise/adbapi.py", line 284, in _runWithConnection
    result = func(conn, *args, **kw)
  File "synapse/storage/database.py", line 841, in inner_func
    return func(db_conn, *args, **kwargs)
  File "synapse/storage/database.py", line 609, in new_transaction
    r = func(cursor, *args, **kwargs)
  File "synapse/storage/databases/main/roommember.py", line 390, in _get_rooms_for_local_user_where_membership_is_txn
    raise Exception(
Exception: Cannot call 'get_rooms_for_local_user_where_membership_is' on non-local user '@foo:bar'

[jaller94]

Right, for local users I get:
HTTP 403
{"errcode":"M_FORBIDDEN","error":"Cannot force another user to join."}

Fun Fact: @:matrix.org passes as a valid Matrix-ID.