Skip to content
This repository was archived by the owner on Apr 11, 2025. It is now read-only.

Commit 52884ab

Browse files
girlbossceogirlbossceo
committed
don't validate or add signature if room is not v8 or above or not using restricted joins
should resolve matrix-org/matrix-spec#1708 on for conduwuit until spec clarifies. Signed-off-by: strawberry <strawberry@puppygock.gay>
1 parent 5c4b8ad commit 52884ab

File tree

1 file changed

+70
-44
lines changed

1 file changed

+70
-44
lines changed

src/api/client_server/membership.rs

Lines changed: 70 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -559,7 +559,7 @@ async fn join_room_by_id_helper(
559559
third_party_invite: None,
560560
blurhash: services().users.blurhash(sender_user)?,
561561
reason,
562-
join_authorized_via_users_server,
562+
join_authorized_via_users_server: join_authorized_via_users_server.clone(),
563563
})
564564
.expect("event is valid, we just created it"),
565565
);
@@ -594,7 +594,7 @@ async fn join_room_by_id_helper(
594594
// It has enough fields to be called a proper event now
595595
let mut join_event = join_event_stub;
596596

597-
info!("Asking {remote_server} for send_join");
597+
info!("Asking {remote_server} for send_join in room {room_id}");
598598
let send_join_response = services()
599599
.sending
600600
.send_federation_request(
@@ -610,51 +610,77 @@ async fn join_room_by_id_helper(
610610

611611
info!("send_join finished");
612612

613-
if let Some(signed_raw) = &send_join_response.room_state.event {
614-
info!("There is a signed event. This room is probably using restricted joins. Adding signature to our event");
615-
let (signed_event_id, signed_value) =
616-
match gen_event_id_canonical_json(signed_raw, &room_version_id) {
617-
Ok(t) => t,
618-
Err(_) => {
619-
// Event could not be converted to canonical json
620-
return Err(Error::BadRequest(
621-
ErrorKind::InvalidParam,
622-
"Could not convert event to canonical json.",
623-
));
624-
}
625-
};
626-
627-
if signed_event_id != event_id {
628-
return Err(Error::BadRequest(
629-
ErrorKind::InvalidParam,
630-
"Server sent event with wrong event id",
631-
));
632-
}
613+
if join_authorized_via_users_server.is_some() {
614+
match &room_version_id {
615+
RoomVersionId::V1
616+
| RoomVersionId::V2
617+
| RoomVersionId::V3
618+
| RoomVersionId::V4
619+
| RoomVersionId::V5
620+
| RoomVersionId::V6
621+
| RoomVersionId::V7 => {
622+
warn!("Found `join_authorised_via_users_server` but room {} is version {}. Ignoring.", room_id, &room_version_id);
623+
}
624+
// only room versions 8 and above using `join_authorized_via_users_server` (restricted joins) need to validate and send signatures
625+
RoomVersionId::V8 | RoomVersionId::V9 | RoomVersionId::V10 | RoomVersionId::V11 => {
626+
if let Some(signed_raw) = &send_join_response.room_state.event {
627+
info!("There is a signed event. This room is probably using restricted joins. Adding signature to our event");
628+
let (signed_event_id, signed_value) =
629+
match gen_event_id_canonical_json(signed_raw, &room_version_id) {
630+
Ok(t) => t,
631+
Err(_) => {
632+
// Event could not be converted to canonical json
633+
return Err(Error::BadRequest(
634+
ErrorKind::InvalidParam,
635+
"Could not convert event to canonical json.",
636+
));
637+
}
638+
};
639+
640+
if signed_event_id != event_id {
641+
return Err(Error::BadRequest(
642+
ErrorKind::InvalidParam,
643+
"Server sent event with wrong event id",
644+
));
645+
}
633646

634-
match signed_value["signatures"]
635-
.as_object()
636-
.ok_or(Error::BadRequest(
637-
ErrorKind::InvalidParam,
638-
"Server sent invalid signatures type",
639-
))
640-
.and_then(|e| {
641-
e.get(remote_server.as_str()).ok_or(Error::BadRequest(
642-
ErrorKind::InvalidParam,
643-
"Server did not send its signature",
644-
))
645-
}) {
646-
Ok(signature) => {
647-
join_event
648-
.get_mut("signatures")
649-
.expect("we created a valid pdu")
650-
.as_object_mut()
651-
.expect("we created a valid pdu")
652-
.insert(remote_server.to_string(), signature.clone());
647+
match signed_value["signatures"]
648+
.as_object()
649+
.ok_or(Error::BadRequest(
650+
ErrorKind::InvalidParam,
651+
"Server sent invalid signatures type",
652+
))
653+
.and_then(|e| {
654+
e.get(remote_server.as_str()).ok_or(Error::BadRequest(
655+
ErrorKind::InvalidParam,
656+
"Server did not send its signature",
657+
))
658+
}) {
659+
Ok(signature) => {
660+
join_event
661+
.get_mut("signatures")
662+
.expect("we created a valid pdu")
663+
.as_object_mut()
664+
.expect("we created a valid pdu")
665+
.insert(remote_server.to_string(), signature.clone());
666+
}
667+
Err(e) => {
668+
warn!(
669+
"Server {remote_server} sent invalid signature in sendjoin signatures for event {signed_value:?}: {e:?}",
670+
);
671+
}
672+
}
673+
}
653674
}
654-
Err(e) => {
675+
_ => {
655676
warn!(
656-
"Server {remote_server} sent invalid signature in sendjoin signatures for event {signed_value:?}: {e:?}",
657-
);
677+
"Unexpected or unsupported room version {} for room {}",
678+
&room_version_id, room_id
679+
);
680+
return Err(Error::BadRequest(
681+
ErrorKind::BadJson,
682+
"Unexpected or unsupported room version found",
683+
));
658684
}
659685
}
660686
}

0 commit comments

Comments
 (0)