mirror of
https://git.anonymousland.org/anonymousland/synapse.git
synced 2024-10-01 11:49:51 -04:00
Fix messages from multiple senders in historical chunk (MSC2716) (#10276)
Fix messages from multiple senders in historical chunk. This also means that an app service does not need to define `?user_id` when using this endpoint. Follow-up to https://github.com/matrix-org/synapse/pull/9247 Part of MSC2716: https://github.com/matrix-org/matrix-doc/pull/2716
This commit is contained in:
parent
30b56f6925
commit
0d5b08ac7a
1
changelog.d/10276.bugfix
Normal file
1
changelog.d/10276.bugfix
Normal file
@ -0,0 +1 @@
|
|||||||
|
Fix historical batch send endpoint (MSC2716) rejecting batches with messages from multiple senders.
|
@ -240,6 +240,37 @@ class Auth:
|
|||||||
except KeyError:
|
except KeyError:
|
||||||
raise MissingClientTokenError()
|
raise MissingClientTokenError()
|
||||||
|
|
||||||
|
async def validate_appservice_can_control_user_id(
|
||||||
|
self, app_service: ApplicationService, user_id: str
|
||||||
|
):
|
||||||
|
"""Validates that the app service is allowed to control
|
||||||
|
the given user.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
app_service: The app service that controls the user
|
||||||
|
user_id: The author MXID that the app service is controlling
|
||||||
|
|
||||||
|
Raises:
|
||||||
|
AuthError: If the application service is not allowed to control the user
|
||||||
|
(user namespace regex does not match, wrong homeserver, etc)
|
||||||
|
or if the user has not been registered yet.
|
||||||
|
"""
|
||||||
|
|
||||||
|
# It's ok if the app service is trying to use the sender from their registration
|
||||||
|
if app_service.sender == user_id:
|
||||||
|
pass
|
||||||
|
# Check to make sure the app service is allowed to control the user
|
||||||
|
elif not app_service.is_interested_in_user(user_id):
|
||||||
|
raise AuthError(
|
||||||
|
403,
|
||||||
|
"Application service cannot masquerade as this user (%s)." % user_id,
|
||||||
|
)
|
||||||
|
# Check to make sure the user is already registered on the homeserver
|
||||||
|
elif not (await self.store.get_user_by_id(user_id)):
|
||||||
|
raise AuthError(
|
||||||
|
403, "Application service has not registered this user (%s)" % user_id
|
||||||
|
)
|
||||||
|
|
||||||
async def _get_appservice_user_id(
|
async def _get_appservice_user_id(
|
||||||
self, request: Request
|
self, request: Request
|
||||||
) -> Tuple[Optional[str], Optional[ApplicationService]]:
|
) -> Tuple[Optional[str], Optional[ApplicationService]]:
|
||||||
@ -261,13 +292,11 @@ class Auth:
|
|||||||
return app_service.sender, app_service
|
return app_service.sender, app_service
|
||||||
|
|
||||||
user_id = request.args[b"user_id"][0].decode("utf8")
|
user_id = request.args[b"user_id"][0].decode("utf8")
|
||||||
|
await self.validate_appservice_can_control_user_id(app_service, user_id)
|
||||||
|
|
||||||
if app_service.sender == user_id:
|
if app_service.sender == user_id:
|
||||||
return app_service.sender, app_service
|
return app_service.sender, app_service
|
||||||
|
|
||||||
if not app_service.is_interested_in_user(user_id):
|
|
||||||
raise AuthError(403, "Application service cannot masquerade as this user.")
|
|
||||||
if not (await self.store.get_user_by_id(user_id)):
|
|
||||||
raise AuthError(403, "Application service has not registered this user")
|
|
||||||
return user_id, app_service
|
return user_id, app_service
|
||||||
|
|
||||||
async def get_user_by_access_token(
|
async def get_user_by_access_token(
|
||||||
|
@ -29,6 +29,7 @@ from synapse.api.errors import (
|
|||||||
SynapseError,
|
SynapseError,
|
||||||
)
|
)
|
||||||
from synapse.api.filtering import Filter
|
from synapse.api.filtering import Filter
|
||||||
|
from synapse.appservice import ApplicationService
|
||||||
from synapse.events.utils import format_event_for_client_v2
|
from synapse.events.utils import format_event_for_client_v2
|
||||||
from synapse.http.servlet import (
|
from synapse.http.servlet import (
|
||||||
RestServlet,
|
RestServlet,
|
||||||
@ -47,11 +48,13 @@ from synapse.storage.state import StateFilter
|
|||||||
from synapse.streams.config import PaginationConfig
|
from synapse.streams.config import PaginationConfig
|
||||||
from synapse.types import (
|
from synapse.types import (
|
||||||
JsonDict,
|
JsonDict,
|
||||||
|
Requester,
|
||||||
RoomAlias,
|
RoomAlias,
|
||||||
RoomID,
|
RoomID,
|
||||||
StreamToken,
|
StreamToken,
|
||||||
ThirdPartyInstanceID,
|
ThirdPartyInstanceID,
|
||||||
UserID,
|
UserID,
|
||||||
|
create_requester,
|
||||||
)
|
)
|
||||||
from synapse.util import json_decoder
|
from synapse.util import json_decoder
|
||||||
from synapse.util.stringutils import parse_and_validate_server_name, random_string
|
from synapse.util.stringutils import parse_and_validate_server_name, random_string
|
||||||
@ -309,7 +312,7 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
self.room_member_handler = hs.get_room_member_handler()
|
self.room_member_handler = hs.get_room_member_handler()
|
||||||
self.auth = hs.get_auth()
|
self.auth = hs.get_auth()
|
||||||
|
|
||||||
async def inherit_depth_from_prev_ids(self, prev_event_ids) -> int:
|
async def _inherit_depth_from_prev_ids(self, prev_event_ids) -> int:
|
||||||
(
|
(
|
||||||
most_recent_prev_event_id,
|
most_recent_prev_event_id,
|
||||||
most_recent_prev_event_depth,
|
most_recent_prev_event_depth,
|
||||||
@ -378,6 +381,25 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
|
|
||||||
return insertion_event
|
return insertion_event
|
||||||
|
|
||||||
|
async def _create_requester_for_user_id_from_app_service(
|
||||||
|
self, user_id: str, app_service: ApplicationService
|
||||||
|
) -> Requester:
|
||||||
|
"""Creates a new requester for the given user_id
|
||||||
|
and validates that the app service is allowed to control
|
||||||
|
the given user.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
user_id: The author MXID that the app service is controlling
|
||||||
|
app_service: The app service that controls the user
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
Requester object
|
||||||
|
"""
|
||||||
|
|
||||||
|
await self.auth.validate_appservice_can_control_user_id(app_service, user_id)
|
||||||
|
|
||||||
|
return create_requester(user_id, app_service=app_service)
|
||||||
|
|
||||||
async def on_POST(self, request, room_id):
|
async def on_POST(self, request, room_id):
|
||||||
requester = await self.auth.get_user_by_req(request, allow_guest=False)
|
requester = await self.auth.get_user_by_req(request, allow_guest=False)
|
||||||
|
|
||||||
@ -443,7 +465,9 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
if event_dict["type"] == EventTypes.Member:
|
if event_dict["type"] == EventTypes.Member:
|
||||||
membership = event_dict["content"].get("membership", None)
|
membership = event_dict["content"].get("membership", None)
|
||||||
event_id, _ = await self.room_member_handler.update_membership(
|
event_id, _ = await self.room_member_handler.update_membership(
|
||||||
requester,
|
await self._create_requester_for_user_id_from_app_service(
|
||||||
|
state_event["sender"], requester.app_service
|
||||||
|
),
|
||||||
target=UserID.from_string(event_dict["state_key"]),
|
target=UserID.from_string(event_dict["state_key"]),
|
||||||
room_id=room_id,
|
room_id=room_id,
|
||||||
action=membership,
|
action=membership,
|
||||||
@ -463,7 +487,9 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
event,
|
event,
|
||||||
_,
|
_,
|
||||||
) = await self.event_creation_handler.create_and_send_nonmember_event(
|
) = await self.event_creation_handler.create_and_send_nonmember_event(
|
||||||
requester,
|
await self._create_requester_for_user_id_from_app_service(
|
||||||
|
state_event["sender"], requester.app_service
|
||||||
|
),
|
||||||
event_dict,
|
event_dict,
|
||||||
outlier=True,
|
outlier=True,
|
||||||
prev_event_ids=[fake_prev_event_id],
|
prev_event_ids=[fake_prev_event_id],
|
||||||
@ -479,7 +505,9 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
events_to_create = body["events"]
|
events_to_create = body["events"]
|
||||||
|
|
||||||
prev_event_ids = prev_events_from_query
|
prev_event_ids = prev_events_from_query
|
||||||
inherited_depth = await self.inherit_depth_from_prev_ids(prev_events_from_query)
|
inherited_depth = await self._inherit_depth_from_prev_ids(
|
||||||
|
prev_events_from_query
|
||||||
|
)
|
||||||
|
|
||||||
# Figure out which chunk to connect to. If they passed in
|
# Figure out which chunk to connect to. If they passed in
|
||||||
# chunk_id_from_query let's use it. The chunk ID passed in comes
|
# chunk_id_from_query let's use it. The chunk ID passed in comes
|
||||||
@ -509,7 +537,10 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
base_insertion_event,
|
base_insertion_event,
|
||||||
_,
|
_,
|
||||||
) = await self.event_creation_handler.create_and_send_nonmember_event(
|
) = await self.event_creation_handler.create_and_send_nonmember_event(
|
||||||
requester,
|
await self._create_requester_for_user_id_from_app_service(
|
||||||
|
base_insertion_event_dict["sender"],
|
||||||
|
requester.app_service,
|
||||||
|
),
|
||||||
base_insertion_event_dict,
|
base_insertion_event_dict,
|
||||||
prev_event_ids=base_insertion_event_dict.get("prev_events"),
|
prev_event_ids=base_insertion_event_dict.get("prev_events"),
|
||||||
auth_event_ids=auth_event_ids,
|
auth_event_ids=auth_event_ids,
|
||||||
@ -558,7 +589,9 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
}
|
}
|
||||||
|
|
||||||
event, context = await self.event_creation_handler.create_event(
|
event, context = await self.event_creation_handler.create_event(
|
||||||
requester,
|
await self._create_requester_for_user_id_from_app_service(
|
||||||
|
ev["sender"], requester.app_service
|
||||||
|
),
|
||||||
event_dict,
|
event_dict,
|
||||||
prev_event_ids=event_dict.get("prev_events"),
|
prev_event_ids=event_dict.get("prev_events"),
|
||||||
auth_event_ids=auth_event_ids,
|
auth_event_ids=auth_event_ids,
|
||||||
@ -588,7 +621,9 @@ class RoomBatchSendEventRestServlet(TransactionRestServlet):
|
|||||||
# where topological_ordering is just depth.
|
# where topological_ordering is just depth.
|
||||||
for (event, context) in reversed(events_to_persist):
|
for (event, context) in reversed(events_to_persist):
|
||||||
ev = await self.event_creation_handler.handle_new_client_event(
|
ev = await self.event_creation_handler.handle_new_client_event(
|
||||||
requester=requester,
|
await self._create_requester_for_user_id_from_app_service(
|
||||||
|
event["sender"], requester.app_service
|
||||||
|
),
|
||||||
event=event,
|
event=event,
|
||||||
context=context,
|
context=context,
|
||||||
)
|
)
|
||||||
|
Loading…
Reference in New Issue
Block a user