Refine SenderID/UserID usage

clientapi/routing/redaction.go

@@ -76,7 +76,7 @@ func SendRedaction(
 	// "Users may redact their own events, and any user with a power level greater than or equal
 	// to the redact power level of the room may redact events there"
 	// https://matrix.org/docs/spec/client_server/r0.6.1#put-matrix-client-r0-rooms-roomid-redact-eventid-txnid
-	allowedToRedact := ev.SenderID() == device.UserID
+	allowedToRedact := ev.SenderID() == device.UserID // TODO: Should replace device.UserID with device...PerRoomKey
 	if !allowedToRedact {
 		plEvent := roomserverAPI.GetStateEvent(req.Context(), rsAPI, roomID, gomatrixserverlib.StateKeyTuple{
 			EventType: spec.MRoomPowerLevels,

federationapi/internal/perform.go

@@ -509,10 +509,15 @@ func (r *FederationInternalAPI) SendInvite(
 	event gomatrixserverlib.PDU,
 	strippedState []gomatrixserverlib.InviteStrippedState,
 ) (gomatrixserverlib.PDU, error) {
-	_, origin, err := r.cfg.Matrix.SplitLocalID('@', event.SenderID())
+	inviter, err := event.UserID()
 	if err != nil {
 		return nil, err
 	}
+	// For portable accounts, we need to verify the inviter domain is still associated with this server.
+	// The userID of the inviter may have changed to another server in which case we cannot send the invite.
+	if !r.cfg.Matrix.IsLocalServerName(inviter.Domain()) {
+		return nil, fmt.Errorf("the invite must be from a local user")
+	}
 
 	if event.StateKey() == nil {
 		return nil, errors.New("invite must be a state event")
@@ -542,7 +547,7 @@ func (r *FederationInternalAPI) SendInvite(
 		return nil, fmt.Errorf("gomatrixserverlib.NewInviteV2Request: %w", err)
 	}
 
-	inviteRes, err := r.federation.SendInviteV2(ctx, origin, destination, inviteReq)
+	inviteRes, err := r.federation.SendInviteV2(ctx, inviter.Domain(), destination, inviteReq)
 	if err != nil {
 		return nil, fmt.Errorf("r.federation.SendInviteV2: failed to send invite: %w", err)
 	}

federationapi/routing/leave.go

@@ -223,13 +223,13 @@ func SendLeave(
 	// Check that the sender belongs to the server that is sending us
 	// the request. By this point we've already asserted that the sender
 	// and the state key are equal so we don't need to check both.
-	var serverName spec.ServerName
+	sender, err := event.UserID()
-	if _, serverName, err = gomatrixserverlib.SplitID('@', event.SenderID()); err != nil {
+	if err != nil {
 		return util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: spec.Forbidden("The sender of the join is invalid"),
 		}
-	} else if serverName != request.Origin() {
+	} else if sender.Domain() != request.Origin() {
 		return util.JSONResponse{
 			Code: http.StatusForbidden,
 			JSON: spec.Forbidden("The sender does not match the server that originated the request"),
@@ -291,7 +291,7 @@ func SendLeave(
 		}
 	}
 	verifyRequests := []gomatrixserverlib.VerifyJSONRequest{{
-		ServerName:             serverName,
+		ServerName:             sender.Domain(),
 		Message:                redacted,
 		AtTS:                   event.OriginServerTS(),
 		StrictValidityChecking: true,