Skip to content

Commit

Permalink
_check_event_auth: move event validation earlier (matrix-org#10988)
Browse files Browse the repository at this point in the history
There's little point in doing a fancy state reconciliation dance if the event
itself is invalid.

Likewise, there's no point checking it again in `_check_for_soft_fail`.
  • Loading branch information
richvdh authored Oct 5, 2021
1 parent 6f6e956 commit cb88ed9
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 4 deletions.
1 change: 1 addition & 0 deletions changelog.d/10988.misc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Clean up some of the federation event authentication code for clarity.
13 changes: 9 additions & 4 deletions synapse/handlers/federation_event.py
Original file line number Diff line number Diff line change
Expand Up @@ -1250,9 +1250,18 @@ async def _check_event_auth(
# This method should only be used for non-outliers
assert not event.internal_metadata.outlier

# first of all, check that the event itself is valid.
room_version = await self._store.get_room_version_id(event.room_id)
room_version_obj = KNOWN_ROOM_VERSIONS[room_version]

try:
validate_event_for_room_version(room_version_obj, event)
except AuthError as e:
logger.warning("While validating received event %r: %s", event, e)
# TODO: use a different rejected reason here?
context.rejected = RejectedReason.AUTH_ERROR
return context

# calculate what the auth events *should* be, to use as a basis for auth.
prev_state_ids = await context.get_prev_state_ids()
auth_events_ids = self._event_auth_handler.compute_auth_events(
Expand Down Expand Up @@ -1286,7 +1295,6 @@ async def _check_event_auth(
auth_events_for_auth = calculated_auth_event_map

try:
validate_event_for_room_version(room_version_obj, event)
check_auth_rules_for_event(room_version_obj, event, auth_events_for_auth)
except AuthError as e:
logger.warning("Failed auth resolution for %r because %s", event, e)
Expand Down Expand Up @@ -1399,9 +1407,6 @@ async def _check_for_soft_fail(
}

try:
# TODO: skip the call to validate_event_for_room_version? we should already
# have validated the event.
validate_event_for_room_version(room_version_obj, event)
check_auth_rules_for_event(room_version_obj, event, current_auth_events)
except AuthError as e:
logger.warning(
Expand Down

0 comments on commit cb88ed9

Please sign in to comment.