_check_event_auth: move event validation earlier (#10988)

There's little point in doing a fancy state reconciliation dance if the event
itself is invalid.

Likewise, there's no point checking it again in `_check_for_soft_fail`.
This commit is contained in:
Richard van der Hoff 2021-10-05 12:50:07 +01:00 committed by GitHub
parent 6f6e956338
commit cb88ed912b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 4 deletions

1
changelog.d/10988.misc Normal file
View File

@ -0,0 +1 @@
Clean up some of the federation event authentication code for clarity.

View File

@ -1250,9 +1250,18 @@ class FederationEventHandler:
# This method should only be used for non-outliers # This method should only be used for non-outliers
assert not event.internal_metadata.outlier assert not event.internal_metadata.outlier
# first of all, check that the event itself is valid.
room_version = await self._store.get_room_version_id(event.room_id) room_version = await self._store.get_room_version_id(event.room_id)
room_version_obj = KNOWN_ROOM_VERSIONS[room_version] room_version_obj = KNOWN_ROOM_VERSIONS[room_version]
try:
validate_event_for_room_version(room_version_obj, event)
except AuthError as e:
logger.warning("While validating received event %r: %s", event, e)
# TODO: use a different rejected reason here?
context.rejected = RejectedReason.AUTH_ERROR
return context
# calculate what the auth events *should* be, to use as a basis for auth. # calculate what the auth events *should* be, to use as a basis for auth.
prev_state_ids = await context.get_prev_state_ids() prev_state_ids = await context.get_prev_state_ids()
auth_events_ids = self._event_auth_handler.compute_auth_events( auth_events_ids = self._event_auth_handler.compute_auth_events(
@ -1286,7 +1295,6 @@ class FederationEventHandler:
auth_events_for_auth = calculated_auth_event_map auth_events_for_auth = calculated_auth_event_map
try: try:
validate_event_for_room_version(room_version_obj, event)
check_auth_rules_for_event(room_version_obj, event, auth_events_for_auth) check_auth_rules_for_event(room_version_obj, event, auth_events_for_auth)
except AuthError as e: except AuthError as e:
logger.warning("Failed auth resolution for %r because %s", event, e) logger.warning("Failed auth resolution for %r because %s", event, e)
@ -1399,9 +1407,6 @@ class FederationEventHandler:
} }
try: try:
# TODO: skip the call to validate_event_for_room_version? we should already
# have validated the event.
validate_event_for_room_version(room_version_obj, event)
check_auth_rules_for_event(room_version_obj, event, current_auth_events) check_auth_rules_for_event(room_version_obj, event, current_auth_events)
except AuthError as e: except AuthError as e:
logger.warning( logger.warning(