Split event_auth.check into two parts (#10940)

Broadly, the existing `event_auth.check` function has two parts: * a validation section: checks that the event isn't too big, that it has the rught signatures, etc. This bit is independent of the rest of the state in the room, and so need only be done once for each event. * an auth section: ensures that the event is allowed, given the rest of the state in the room. This gets done multiple times, against various sets of room state, because it forms part of the state res algorithm. Currently, this is implemented with `do_sig_check` and `do_size_check` parameters, but I think that makes everything hard to follow. Instead, we split the function in two and call each part separately where it is needed.
2025-05-08 11:04:56 -04:00 · 2021-09-29 18:59:15 +01:00 · 2021-09-29 18:59:15 +01:00 · 428174f902
commit 428174f902
parent a19aa8b162
10 changed files with 177 additions and 172 deletions
--- a/synapse/handlers/federation_event.py
+++ b/synapse/handlers/federation_event.py
@ -29,7 +29,6 @@ from typing import (

 from prometheus_client import Counter

-from synapse import event_auth
 from synapse.api.constants import (
    EventContentFields,
    EventTypes,
@ -47,7 +46,11 @@ from synapse.api.errors import (
    SynapseError,
 )
 from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
-from synapse.event_auth import auth_types_for_event
+from synapse.event_auth import (
+    auth_types_for_event,
+    check_auth_rules_for_event,
+    validate_event_for_room_version,
+)
 from synapse.events import EventBase
 from synapse.events.snapshot import EventContext
 from synapse.federation.federation_client import InvalidResponseError
@ -1207,7 +1210,8 @@ class FederationEventHandler:

                context = EventContext.for_outlier()
                try:
-                    event_auth.check(room_version_obj, event, auth_events=auth)
+                    validate_event_for_room_version(room_version_obj, event)
+                    check_auth_rules_for_event(room_version_obj, event, auth)
                except AuthError as e:
                    logger.warning("Rejecting %r because %s", event, e)
                    context.rejected = RejectedReason.AUTH_ERROR
@ -1282,7 +1286,8 @@ class FederationEventHandler:
            auth_events_for_auth = calculated_auth_event_map

        try:
-            event_auth.check(room_version_obj, event, auth_events=auth_events_for_auth)
+            validate_event_for_room_version(room_version_obj, event)
+            check_auth_rules_for_event(room_version_obj, event, auth_events_for_auth)
        except AuthError as e:
            logger.warning("Failed auth resolution for %r because %s", event, e)
            context.rejected = RejectedReason.AUTH_ERROR
@ -1394,7 +1399,10 @@ class FederationEventHandler:
        }

        try:
-            event_auth.check(room_version_obj, event, auth_events=current_auth_events)
+            # TODO: skip the call to validate_event_for_room_version? we should already
+            #    have validated the event.
+            validate_event_for_room_version(room_version_obj, event)
+            check_auth_rules_for_event(room_version_obj, event, current_auth_events)
        except AuthError as e:
            logger.warning(
                "Soft-failing %r (from %s) because %s",