Only do restricted join rules signature checks for room versions 8/9. (#10927)

Otherwise the presence of a (bogus, unused) field could cause
auth checks to fail.
This commit is contained in:
Patrick Cloke 2021-09-28 08:44:19 -04:00 committed by GitHub
parent a8bbf08576
commit c3ccad7785
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions

1
changelog.d/10927.bugfix Normal file
View File

@ -0,0 +1 @@
Fix a bug introduced in Synapse v1.40.0 where the signature checks for room version 8/9 could be applied to earlier room versions in some situations.

View File

@ -113,7 +113,8 @@ def check(
raise AuthError(403, "Event not signed by sending server")
is_invite_via_allow_rule = (
event.type == EventTypes.Member
room_version_obj.msc3083_join_rules
and event.type == EventTypes.Member
and event.membership == Membership.JOIN
and "join_authorised_via_users_server" in event.content
)