From 02d36c27b35c2d07efae8a012d4bb5f2ebec09bd Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Mon, 27 Sep 2021 11:28:56 -0400
Subject: [PATCH 1/3] Only do signature checks for room versions 8/9.

---
 synapse/event_auth.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index fc50a0e71a7d..a27aacbd9143 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -113,6 +113,7 @@ def check(
                 raise AuthError(403, "Event not signed by sending server")
 
         is_invite_via_allow_rule = (
+            room_version_obj.msc3083_join_rules and
             event.type == EventTypes.Member
             and event.membership == Membership.JOIN
             and "join_authorised_via_users_server" in event.content

From 7527dc96e499e0d7334756b1793ac89b6e047732 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Mon, 27 Sep 2021 11:36:44 -0400
Subject: [PATCH 2/3] Newsfragment

---
 changelog.d/10927.bugfix | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/10927.bugfix

diff --git a/changelog.d/10927.bugfix b/changelog.d/10927.bugfix
new file mode 100644
index 000000000000..fd24288c5499
--- /dev/null
+++ b/changelog.d/10927.bugfix
@@ -0,0 +1 @@
+Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8/9 could be applied to earlier room versions in some situations.

From dc2d1eae14ff980b10301e0c05ff6d654ef4b0d7 Mon Sep 17 00:00:00 2001
From: Patrick Cloke <patrickc@matrix.org>
Date: Mon, 27 Sep 2021 11:50:07 -0400
Subject: [PATCH 3/3] Lint

---
 synapse/event_auth.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/synapse/event_auth.py b/synapse/event_auth.py
index a27aacbd9143..5d7c6fa858fb 100644
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -113,8 +113,8 @@ def check(
                 raise AuthError(403, "Event not signed by sending server")
 
         is_invite_via_allow_rule = (
-            room_version_obj.msc3083_join_rules and
-            event.type == EventTypes.Member
+            room_version_obj.msc3083_join_rules
+            and event.type == EventTypes.Member
             and event.membership == Membership.JOIN
             and "join_authorised_via_users_server" in event.content
         )