mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-12 09:23:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Check validity of keys for an incoming m.room.third_party_invite event

Browse source
This commit is contained in:
Brendan Abolivier 2017-08-29 17:44:16 +01:00
parent 2183712e04
commit 2a951970d3
No known key found for this signature in database
GPG key ID: 8EF1500759F70623
2 changed files with 75 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
src/github.com/matrix-org/dendrite/roomserver/input/events.go
View file

@ -22,6 +22,8 @@ import (
"github.com/matrix-org/dendrite/roomserver/state" "github.com/matrix-org/dendrite/roomserver/state"
"github.com/matrix-org/dendrite/roomserver/types" "github.com/matrix-org/dendrite/roomserver/types"
"github.com/matrix-org/gomatrixserverlib" "github.com/matrix-org/gomatrixserverlib"
"github.com/Sirupsen/logrus"
) )
// A RoomEventDatabase has the storage APIs needed to store a room event. // A RoomEventDatabase has the storage APIs needed to store a room event.
@ -56,6 +58,15 @@ func processRoomEvent(db RoomEventDatabase, ow OutputRoomEventWriter, input api.
// Parse and validate the event JSON // Parse and validate the event JSON
event := input.Event event := input.Event
if err := checkThirdPartyKeys(input.Event); err != nil {
// At least one of the key could not be validated. The specification
// says that it should not cause a rejection of the event.
// https://matrix.org/docs/spec/client_server/r0.2.0.html#id58
// There is no direct way to warn the users that the member's
// membership is questionable, so log the error as a warning.
logrus.Warn(err)
}
// Check that the event passes authentication checks and work out the numeric IDs for the auth events. // Check that the event passes authentication checks and work out the numeric IDs for the auth events.
authEventNIDs, err := checkAuthEvents(db, event, input.AuthEventIDs) authEventNIDs, err := checkAuthEvents(db, event, input.AuthEventIDs)
if err != nil { if err != nil {

64
src/github.com/matrix-org/dendrite/roomserver/input/thirdpartyinvites.go Normal file
View file

@ -0,0 +1,64 @@
// Copyright 2017 Vector Creations Ltd
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package input
import (
"encoding/json"
"errors"
"fmt"
"net/http"
"github.com/matrix-org/dendrite/common"
"github.com/matrix-org/gomatrixserverlib"
)
// checkThirdPartyKeys checks the validity of all the public keys in a given
// m.room.third_party_invite event.
// Returns with an error if a key could not be verified.
func checkThirdPartyKeys(event gomatrixserverlib.Event) error {
if event.Type() == "m.room.third_party_invite" {
var content common.ThirdPartyInviteContent
if err := json.Unmarshal(event.Content(), &content); err != nil {
return err
}
for _, key := range content.PublicKeys {
url := fmt.Sprintf("%s?public_key=%s", key.KeyValidityURL, key.PublicKey)
resp, err := http.Get(url)
if err != nil {
return err
}
if resp.StatusCode != http.StatusOK {
errMsg := fmt.Sprintf("Could not verify the validity of key %s at %s", key.PublicKey, key.KeyValidityURL)
return errors.New(errMsg)
}
var validity struct {
Valid bool `json:"valid"`
}
if err := json.NewDecoder(resp.Body).Decode(&validity); err != nil {
return err
}
if !validity.Valid {
errMsg := fmt.Sprintf("Invalid key %s according to %s", key.PublicKey, key.KeyValidityURL)
return errors.New(errMsg)
}
}
}
return nil
}