Strip "join_authorised_via_users_server" from join events which do not need it. (#10933)

This fixes a "Event not signed by authorising server" error when transition room member from join -> join, e.g. when updating a display name or avatar URL for restricted rooms.
2025-05-02 12:16:09 -04:00 · 2021-09-30 11:13:59 -04:00 · 2021-09-30 11:13:59 -04:00 · d1bf5f7c9d
commit d1bf5f7c9d
parent 7d84d2523a
11 changed files with 46 additions and 25 deletions
--- a/synapse/federation/federation_server.py
+++ b/synapse/federation/federation_server.py
@ -34,7 +34,7 @@ from twisted.internet import defer
 from twisted.internet.abstract import isIPAddress
 from twisted.python import failure

-from synapse.api.constants import EduTypes, EventTypes, Membership
+from synapse.api.constants import EduTypes, EventContentFields, EventTypes, Membership
 from synapse.api.errors import (
    AuthError,
    Codes,
@ -765,11 +765,11 @@ class FederationServer(FederationBase):
        if (
            room_version.msc3083_join_rules
            and event.membership == Membership.JOIN
-            and "join_authorised_via_users_server" in event.content
+            and EventContentFields.AUTHORISING_USER in event.content
        ):
            # We can only authorise our own users.
            authorising_server = get_domain_from_id(
-                event.content["join_authorised_via_users_server"]
+                event.content[EventContentFields.AUTHORISING_USER]
            )
            if authorising_server != self.server_name:
                raise SynapseError(