mirror of
https://github.com/matrix-org/dendrite.git
synced 2026-01-15 01:53:09 -06:00
Fix statekey usage in roomserver/auth
This commit is contained in:
Devon Hudson
parent
d2bbf9e315
commit
1e4fa2791c
|
|
@ -13,6 +13,9 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
|
|
||||||
|
"github.com/matrix-org/dendrite/roomserver/storage"
|
||||||
"github.com/matrix-org/gomatrixserverlib"
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/matrix-org/gomatrixserverlib/spec"
|
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||||
)
|
)
|
||||||
|
|
@ -22,6 +25,7 @@ import (
|
||||||
// IsServerAllowed returns true if the server is allowed to see events in the room
|
// IsServerAllowed returns true if the server is allowed to see events in the room
|
||||||
// at this particular state. This function implements https://matrix.org/docs/spec/client_server/r0.6.0#id87
|
// at this particular state. This function implements https://matrix.org/docs/spec/client_server/r0.6.0#id87
|
||||||
func IsServerAllowed(
|
func IsServerAllowed(
|
||||||
|
ctx context.Context, db storage.RoomDatabase,
|
||||||
serverName spec.ServerName,
|
serverName spec.ServerName,
|
||||||
serverCurrentlyInRoom bool,
|
serverCurrentlyInRoom bool,
|
||||||
authEvents []gomatrixserverlib.PDU,
|
authEvents []gomatrixserverlib.PDU,
|
||||||
|
|
@ -37,7 +41,7 @@ func IsServerAllowed(
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
// 2. If the user's membership was join, allow.
|
// 2. If the user's membership was join, allow.
|
||||||
joinedUserExists := IsAnyUserOnServerWithMembership(serverName, authEvents, spec.Join)
|
joinedUserExists := IsAnyUserOnServerWithMembership(ctx, db, serverName, authEvents, spec.Join)
|
||||||
if joinedUserExists {
|
if joinedUserExists {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
@ -46,7 +50,7 @@ func IsServerAllowed(
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
// 4. If the user's membership was invite, and the history_visibility was set to invited, allow.
|
// 4. If the user's membership was invite, and the history_visibility was set to invited, allow.
|
||||||
invitedUserExists := IsAnyUserOnServerWithMembership(serverName, authEvents, spec.Invite)
|
invitedUserExists := IsAnyUserOnServerWithMembership(ctx, db, serverName, authEvents, spec.Invite)
|
||||||
if invitedUserExists && historyVisibility == gomatrixserverlib.HistoryVisibilityInvited {
|
if invitedUserExists && historyVisibility == gomatrixserverlib.HistoryVisibilityInvited {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
@ -70,7 +74,7 @@ func HistoryVisibilityForRoom(authEvents []gomatrixserverlib.PDU) gomatrixserver
|
||||||
return visibility
|
return visibility
|
||||||
}
|
}
|
||||||
|
|
||||||
func IsAnyUserOnServerWithMembership(serverName spec.ServerName, authEvents []gomatrixserverlib.PDU, wantMembership string) bool {
|
func IsAnyUserOnServerWithMembership(ctx context.Context, db storage.RoomDatabase, serverName spec.ServerName, authEvents []gomatrixserverlib.PDU, wantMembership string) bool {
|
||||||
for _, ev := range authEvents {
|
for _, ev := range authEvents {
|
||||||
if ev.Type() != spec.MRoomMember {
|
if ev.Type() != spec.MRoomMember {
|
||||||
continue
|
continue
|
||||||
|
|
@ -85,12 +89,12 @@ func IsAnyUserOnServerWithMembership(serverName spec.ServerName, authEvents []go
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
_, domain, err := gomatrixserverlib.SplitID('@', *stateKey)
|
userID, err := db.GetUserIDForSender(ctx, ev.RoomID(), spec.SenderID(*stateKey))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
|
||||||
if domain == serverName {
|
if userID.Domain() == serverName {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,13 +1,23 @@
|
||||||
package auth
|
package auth
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/matrix-org/dendrite/roomserver/storage"
|
||||||
"github.com/matrix-org/dendrite/test"
|
"github.com/matrix-org/dendrite/test"
|
||||||
"github.com/matrix-org/gomatrixserverlib"
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/matrix-org/gomatrixserverlib/spec"
|
"github.com/matrix-org/gomatrixserverlib/spec"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
type FakeStorageDB struct {
|
||||||
|
storage.RoomDatabase
|
||||||
|
}
|
||||||
|
|
||||||
|
func (f *FakeStorageDB) GetUserIDForSender(ctx context.Context, roomID string, senderID spec.SenderID) (*spec.UserID, error) {
|
||||||
|
return spec.NewUserID(string(senderID), true)
|
||||||
|
}
|
||||||
|
|
||||||
func TestIsServerAllowed(t *testing.T) {
|
func TestIsServerAllowed(t *testing.T) {
|
||||||
alice := test.NewUser(t)
|
alice := test.NewUser(t)
|
||||||
|
|
||||||
|
|
@ -77,7 +87,7 @@ func TestIsServerAllowed(t *testing.T) {
|
||||||
authEvents = append(authEvents, ev.PDU)
|
authEvents = append(authEvents, ev.PDU)
|
||||||
}
|
}
|
||||||
|
|
||||||
if got := IsServerAllowed(tt.serverName, tt.serverCurrentlyInRoom, authEvents); got != tt.want {
|
if got := IsServerAllowed(context.Background(), &FakeStorageDB{}, tt.serverName, tt.serverCurrentlyInRoom, authEvents); got != tt.want {
|
||||||
t.Errorf("IsServerAllowed() = %v, want %v", got, tt.want)
|
t.Errorf("IsServerAllowed() = %v, want %v", got, tt.want)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -95,7 +95,7 @@ func IsServerCurrentlyInRoom(ctx context.Context, db storage.Database, serverNam
|
||||||
for i := range events {
|
for i := range events {
|
||||||
gmslEvents[i] = events[i].PDU
|
gmslEvents[i] = events[i].PDU
|
||||||
}
|
}
|
||||||
return auth.IsAnyUserOnServerWithMembership(serverName, gmslEvents, spec.Join), nil
|
return auth.IsAnyUserOnServerWithMembership(ctx, db, serverName, gmslEvents, spec.Join), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func IsInvitePending(
|
func IsInvitePending(
|
||||||
|
|
@ -289,7 +289,7 @@ func CheckServerAllowedToSeeEvent(
|
||||||
return false, err
|
return false, err
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return auth.IsServerAllowed(serverName, isServerInRoom, stateAtEvent), nil
|
return auth.IsServerAllowed(ctx, db, serverName, isServerInRoom, stateAtEvent), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func slowGetHistoryVisibilityState(
|
func slowGetHistoryVisibilityState(
|
||||||
|
|
|
||||||
|
|
@ -582,7 +582,7 @@ func joinEventsFromHistoryVisibility(
|
||||||
}
|
}
|
||||||
|
|
||||||
// Can we see events in the room?
|
// Can we see events in the room?
|
||||||
canSeeEvents := auth.IsServerAllowed(thisServer, true, events)
|
canSeeEvents := auth.IsServerAllowed(ctx, db, thisServer, true, events)
|
||||||
visibility := auth.HistoryVisibilityForRoom(events)
|
visibility := auth.HistoryVisibilityForRoom(events)
|
||||||
if !canSeeEvents {
|
if !canSeeEvents {
|
||||||
logrus.Infof("ServersAtEvent history not visible to us: %s", visibility)
|
logrus.Infof("ServersAtEvent history not visible to us: %s", visibility)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue