Own knock or invite event in knock_state or invite_state in /sync is not stripped #14919
Comments
matrixbot
changed the title
MadLittleMods
added a commit
that referenced
this issue
Jun 17, 2024
Make sure we don't run into #14919 (matrix-org/synapse#14919)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue has been migrated from #14919.
Description
https://github.com/matrix-org/synapse/blob/19c0e55ef7742d67cff1cb6fb7c3e862b86ea788/synapse/rest/client/sync.py#L345 does not strip the invite event it is pulling the invite_state from. The same thing happens for knocking.
This is then sent to clients via /sync. According to the spec all events in invite/knock_state should be stripped. There are benefits to the client having access to the timestamp of the invite however, so some might be relying on this, but strictly speaking this is a spec violation and looks like a bug.
Spec: https://spec.matrix.org/v1.5/client-server-api/#get_matrixclientv3sync
Steps to reproduce
Homeserver
neko.dev
Synapse Version
1.74
Installation Method
Other (please mention below)
Database
postgres, single
Workers
Multiple workers
Platform
Gentoo
Configuration
Can be reproduced on various configurations
Relevant log output
Anything else that would be useful to know?
No response
The text was updated successfully, but these errors were encountered: