Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Check for space membership during a remote join of a restricted room. #9763

Merged
merged 20 commits into from
Apr 14, 2021
Merged

Check for space membership during a remote join of a restricted room. #9763

merged 20 commits into from
Apr 14, 2021

Conversation

clokep
Copy link
Member

@clokep clokep commented Apr 7, 2021
edited
Loading

This depends on #9735 and #9800, but applies the same logic for remote joins. It only applies this logic during the /send_join aspect of the handshake (not the /make_join) since this seems to be where we apply other error checking logic. I think we need to do it regardless during /send_join so I'm not sure of the benefit of doing it in both places.

Fixes #9715

@clokep clokep linked an issue Apr 7, 2021 that may be closed by this pull request
Experimental support for checking space membership when a remote user joins a restricted room #9715
Closed
@clokep clokep mentioned this pull request Apr 7, 2021
Merged
@clokep
Copy link
Member Author

clokep commented Apr 7, 2021

See matrix-org/complement#99 for integration tests on this.

clokep
clokep commented Apr 7, 2021
View reviewed changes
synapse/handlers/federation.py
Comment on lines +1678 to +1686
# Check if the user is already in the room or invited to the room.
user_id = event.state_key
prev_member_event_id = prev_state_ids.get((EventTypes.Member, user_id), None)
newly_joined = True
is_invite = False
if prev_member_event_id:
prev_member_event = await self.store.get_event(prev_member_event_id)
newly_joined = prev_member_event.membership != Membership.JOIN
is_invite = prev_member_event.membership == Membership.INVITE
Copy link
Member Author

@clokep clokep Apr 7, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Much of this logic (and the if-statement below) is now duplicated between this and local joins in RoomMemberHandler._local_membership_update. I wonder if we should instead update can_join_without_invite to raise a SynapseError and try to push some of this logic in there?

The local join logic has a couple of interleaved bits though (it needs prev_member_event_id and newly_joined for something else and it seems gross to return those from this).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it would be the end of the world to have this logic in both _local_membership_update and can_join_without_invite, to save us from duplicating the if newly_joined and not is_invite condition. I don't think it matters too much though.

clokep
clokep commented Apr 7, 2021
View reviewed changes
synapse/handlers/federation.py Outdated Show resolved Hide resolved
@clokep clokep force-pushed the clokep/restricted-remote-joins branch from b37f1a8 to 94bdb01 Compare April 8, 2021 12:30
@clokep clokep changed the title Check for proper membership during a remote join. Check for space membership during a remote join of a restricted room. Apr 8, 2021
@clokep clokep requested a review from a team April 8, 2021 13:20
richvdh
richvdh reviewed Apr 8, 2021
View reviewed changes
synapse/handlers/federation.py Outdated Show resolved Hide resolved
synapse/handlers/federation.py Outdated Show resolved Hide resolved
synapse/handlers/federation.py
Comment on lines +1678 to +1686
# Check if the user is already in the room or invited to the room.
user_id = event.state_key
prev_member_event_id = prev_state_ids.get((EventTypes.Member, user_id), None)
newly_joined = True
is_invite = False
if prev_member_event_id:
prev_member_event = await self.store.get_event(prev_member_event_id)
newly_joined = prev_member_event.membership != Membership.JOIN
is_invite = prev_member_event.membership == Membership.INVITE
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it would be the end of the world to have this logic in both _local_membership_update and can_join_without_invite, to save us from duplicating the if newly_joined and not is_invite condition. I don't think it matters too much though.

synapse/handlers/federation.py Outdated Show resolved Hide resolved
synapse/handlers/federation.py Outdated Show resolved Hide resolved
@clokep clokep mentioned this pull request Apr 12, 2021
Merged
@clokep clokep merged commit cc51aaa into develop Apr 14, 2021
@clokep clokep deleted the clokep/restricted-remote-joins branch April 14, 2021 16:32
clokep added a commit that referenced this pull request Apr 14, 2021
@clokep
Revert "Check for space membership during a remote join of a restrict…
e8816c6 
…ed room. (#9763)"

This reverts commit cc51aaa.

The PR was prematurely merged and not yet approved.
@clokep
Copy link
Member Author

clokep commented Apr 14, 2021

Arg, I merged this instead of #9800 by mistake. I've manually reverted it in e8816c6.

@clokep clokep mentioned this pull request Apr 14, 2021
Merged
clokep added a commit that referenced this pull request Apr 14, 2021
@clokep
Check for space membership during a remote join of a restricted room. (
bd901fe 
…#9763)

When receiving a /send_join request for a room with join rules set to 'restricted',
check if the user is a member of the spaces defined in the 'allow' key of the join
rules.

This only applies to an experimental room version, as defined in MSC3083.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@richvdh richvdh richvdh left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Experimental support for checking space membership when a remote user joins a restricted room
2 participants
@clokep @richvdh