Matrix-Mirrors/forked-synapse
1
0
Fork 0
mirror of https://mau.dev/maunium/synapse.git synced 2024-07-01 00:42:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
4f4f27e57f
forked-synapse/synapse/handlers
History
Sean Quah 4f4f27e57f
Mitigate a race where /make_join could 403 for restricted rooms (#15080) 
Previously, when creating a join event in /make_join, we would decide
whether to include additional fields to satisfy restricted room checks
based on the current state of the room. Then, when building the event,
we would capture the forward extremities of the room to use as prev
events.

This is subject to race conditions. For example, when leaving and
rejoining a room, the following sequence of events leads to a misleading
403 response:
1. /make_join reads the current state of the room and sees that the user
   is still in the room. It decides to omit the field required for
   restricted room joins.
2. The leave event is persisted and the room's forward extremities are
   updated.
3. /make_join builds the event, using the post-leave forward extremities.
   The event then fails the restricted room checks.

To mitigate the race, we move the read of the forward extremities closer
to the read of the current state. Ideally, we would compute the state
based off the chosen prev events, but that can involve state resolution,
which is expensive.

Signed-off-by: Sean Quah <seanq@matrix.org>
2023-02-17 09:40:32 +00:00
..
ui_auth Use mypy 1.0 (#15052) 2023-02-16 16:09:11 +00:00
__init__.py
account_data.py Avoid fetching unused account data in sync. (#14973) 2023-02-10 14:22:16 +00:00
account_validity.py
account.py
admin.py Add more user information to export-data command. (#14894) 2023-02-01 15:45:19 +00:00
appservice.py Improve logging and opentracing for to-device message handling (#14598) 2022-12-06 09:52:55 +00:00
auth.py Use mypy 1.0 (#15052) 2023-02-16 16:09:11 +00:00
cas.py
deactivate_account.py Refactor arguments of try_unbind_threepid(_with_id_server) from dict to separate args (#15053) 2023-02-13 12:12:48 +00:00
device.py Faster joins: Refactor handling of servers in room (#14954) 2023-02-03 15:39:59 +00:00
devicemessage.py Batch up replication requests to request the resyncing of remote users's devices. (#14716) 2023-01-10 11:17:59 +00:00
directory.py Return read-only collections from @cached methods (#13755) 2023-02-10 23:29:00 +00:00
e2e_keys.py Refactor get_user_devices_from_cache to avoid mutating cached values. (#15040) 2023-02-10 08:09:47 -05:00
e2e_room_keys.py Remove redundant types from comments. (#14412) 2022-11-16 15:25:24 +00:00
event_auth.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
events.py
federation_event.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
federation.py Mitigate a race where /make_join could 403 for restricted rooms (#15080) 2023-02-17 09:40:32 +00:00
identity.py Refactor arguments of try_unbind_threepid(_with_id_server) from dict to separate args (#15053) 2023-02-13 12:12:48 +00:00
initial_sync.py Avoid fetching unused account data in sync. (#14973) 2023-02-10 14:22:16 +00:00
message.py Update the error code for duplicate annotation (#15075) 2023-02-15 11:47:57 +00:00
oidc.py Support RFC7636 PKCE in the OAuth 2.0 flow. (#14750) 2023-01-04 14:58:08 -05:00
pagination.py Use an enum for direction. (#14927) 2023-01-27 07:27:55 -05:00
password_policy.py
presence.py Fix a bug in the send_local_online_presence_to module API (#14880) 2023-01-25 21:34:37 +00:00
profile.py
push_rules.py
read_marker.py
receipts.py Return read-only collections from @cached methods (#13755) 2023-02-10 23:29:00 +00:00
register.py Move StateFilter to synapse.types (#14668) 2022-12-12 16:19:30 +00:00
relations.py Use an enum for direction. (#14927) 2023-01-27 07:27:55 -05:00
room_batch.py Make handle_new_client_event throws PartialStateConflictError (#14665) 2022-12-15 16:04:23 +00:00
room_list.py
room_member_worker.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
room_member.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
room_summary.py Tweak comment on _is_local_room_accessible as part of room visibility in /hierarchy to clarify the condition for a room being visible. (#14834) 2023-02-13 16:30:58 +00:00
room.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
saml.py Remove redundant types from comments. (#14412) 2022-11-16 15:25:24 +00:00
search.py Use StrCollection in place of Collection[str] in (most) handlers code. (#14922) 2023-01-26 12:31:58 -05:00
send_email.py
set_password.py Add a type hint for get_device_handler() and fix incorrect types. (#14055) 2022-11-22 14:08:04 -05:00
sso.py Use StrCollection in place of Collection[str] in (most) handlers code. (#14922) 2023-01-26 12:31:58 -05:00
state_deltas.py
stats.py
sync.py Faster joins: Omit device list updates from partial state rooms in /sync (#15069) 2023-02-14 12:32:19 +00:00
typing.py Better return type for get_all_entities_changed (#14604) 2022-12-05 15:19:14 -05:00
user_directory.py