Strip "join_authorised_via_users_server" from join events which do not need it. (#10933)

This fixes a "Event not signed by authorising server" error when transition room member from join -> join, e.g. when updating a display name or avatar URL for restricted rooms.
2025-05-03 12:04:53 -04:00 · 2021-09-30 11:13:59 -04:00 · 2021-09-30 11:13:59 -04:00 · d1bf5f7c9d
commit d1bf5f7c9d
parent 7d84d2523a
11 changed files with 46 additions and 25 deletions
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@ -102,11 +102,11 @@ def validate_event_for_room_version(
        room_version_obj.msc3083_join_rules
        and event.type == EventTypes.Member
        and event.membership == Membership.JOIN
-        and "join_authorised_via_users_server" in event.content
+        and EventContentFields.AUTHORISING_USER in event.content
    )
    if is_invite_via_allow_rule:
        authoriser_domain = get_domain_from_id(
-            event.content["join_authorised_via_users_server"]
+            event.content[EventContentFields.AUTHORISING_USER]
        )
        if not event.signatures.get(authoriser_domain):
            raise AuthError(403, "Event not signed by authorising server")
@ -413,7 +413,9 @@ def _is_membership_change_allowed(
            # Note that if the caller is in the room or invited, then they do
            # not need to meet the allow rules.
            if not caller_in_room and not caller_invited:
-                authorising_user = event.content.get("join_authorised_via_users_server")
+                authorising_user = event.content.get(
+                    EventContentFields.AUTHORISING_USER
+                )

                if authorising_user is None:
                    raise AuthError(403, "Join event is missing authorising user.")
@ -868,10 +870,10 @@ def auth_types_for_event(
                auth_types.add(key)

        if room_version.msc3083_join_rules and membership == Membership.JOIN:
-            if "join_authorised_via_users_server" in event.content:
+            if EventContentFields.AUTHORISING_USER in event.content:
                key = (
                    EventTypes.Member,
-                    event.content["join_authorised_via_users_server"],
+                    event.content[EventContentFields.AUTHORISING_USER],
                )
                auth_types.add(key)