Be less panicky about auth event signatures in case they are not fatal after all

This commit is contained in:
Neil Alexander 2022-01-31 12:40:31 +00:00
parent 97a3b6bd00
commit a72f687b95
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944

View file

@ -169,7 +169,7 @@ func (r *Inputer) processRoomEvent(
authEvents := gomatrixserverlib.NewAuthEvents(nil) authEvents := gomatrixserverlib.NewAuthEvents(nil)
knownEvents := map[string]*types.Event{} knownEvents := map[string]*types.Event{}
if err = r.fetchAuthEvents(ctx, logger, headered, &authEvents, knownEvents, serverRes.ServerNames); err != nil { if err = r.fetchAuthEvents(ctx, logger, headered, &authEvents, knownEvents, serverRes.ServerNames); err != nil {
return fmt.Errorf("r.checkForMissingAuthEvents: %w", err) return fmt.Errorf("r.fetchAuthEvents: %w", err)
} }
// Check if the event is allowed by its auth events. If it isn't then // Check if the event is allowed by its auth events. If it isn't then
@ -415,12 +415,11 @@ func (r *Inputer) fetchAuthEvents(
continue continue
} }
// Check the signatures of the event. // Check the signatures of the event. If this fails then we'll simply
// TODO: It really makes sense for the federation API to be doing this, // skip it, because gomatrixserverlib.Allowed() will notice a problem
// because then it can attempt another server if one serves up an event // if a critical event is missing anyway.
// with an invalid signature. For now this will do.
if err := authEvent.VerifyEventSignatures(ctx, r.FSAPI.KeyRing()); err != nil { if err := authEvent.VerifyEventSignatures(ctx, r.FSAPI.KeyRing()); err != nil {
return fmt.Errorf("event.VerifyEventSignatures: %w", err) continue
} }
// In order to store the new auth event, we need to know its auth chain // In order to store the new auth event, we need to know its auth chain