Strip "join_authorised_via_users_server" from join events which do not need it. (#10933)

This fixes a "Event not signed by authorising server" error when transition room member from join -> join, e.g. when updating a display name or avatar URL for restricted rooms.
2025-05-02 16:44:49 -04:00 · 2021-09-30 11:13:59 -04:00 · 2021-09-30 11:13:59 -04:00 · d1bf5f7c9d
commit d1bf5f7c9d
parent 7d84d2523a
11 changed files with 46 additions and 25 deletions
--- a/synapse/handlers/federation.py
+++ b/synapse/handlers/federation.py
@ -27,7 +27,12 @@ from unpaddedbase64 import decode_base64
 from twisted.internet import defer

 from synapse import event_auth
-from synapse.api.constants import EventTypes, Membership, RejectedReason
+from synapse.api.constants import (
+    EventContentFields,
+    EventTypes,
+    Membership,
+    RejectedReason,
+)
 from synapse.api.errors import (
    AuthError,
    CodeMessageException,
@ -716,7 +721,7 @@ class FederationHandler(BaseHandler):

                if include_auth_user_id:
                    event_content[
-                        "join_authorised_via_users_server"
+                        EventContentFields.AUTHORISING_USER
                    ] = await self._event_auth_handler.get_user_which_could_invite(
                        room_id,
                        state_ids,
--- a/synapse/handlers/room_member.py
+++ b/synapse/handlers/room_member.py
@ -573,6 +573,14 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
                errcode=Codes.BAD_JSON,
            )

+        # The event content should *not* include the authorising user as
+        # it won't be properly signed. Strip it out since it might come
+        # back from a client updating a display name / avatar.
+        #
+        # This only applies to restricted rooms, but there should be no reason
+        # for a client to include it. Unconditionally remove it.
+        content.pop(EventContentFields.AUTHORISING_USER, None)
+
        effective_membership_state = action
        if action in ["kick", "unban"]:
            effective_membership_state = "leave"
@ -939,7 +947,7 @@ class RoomMemberHandler(metaclass=abc.ABCMeta):
        # be included in the event content in order to efficiently validate
        # the event.
        content[
-            "join_authorised_via_users_server"
+            EventContentFields.AUTHORISING_USER
        ] = await self.event_auth_handler.get_user_which_could_invite(
            room_id,
            current_state_ids,