/createRoom has a very confusing failure mode when the invite option is used on a Synapse that has third party synapse modules, bridges or bots that are appending events unrelated to the client making the request
#17230
Comments
Gnuxie
changed the title
/createRoom has a very confusing failure mode when the invite option is used in conjunction with bridges or bots. /createRoom has a very confusing failure mode when the invite option is used in conjunction with synapse modules, bridges or bots.
Gnuxie
changed the title
/createRoom has a very confusing failure mode when the invite option is used in conjunction with synapse modules, bridges or bots. /createRoom has a very confusing failure mode when the invite option is used on a Synapse that has third party synapse modules, bridges or bots that are appending events unrelated to the client making the request
|
Seems like another problem that essentially boils down to
This is peculiar; if you could convince them to provide logs that would be interesting indeed. Wild speculation: Don't suppose it might be a case where Aside from that, the problem with modules is itself unfortunate. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
We were offering support to a system admin setup up a Draupnir instance, and when they tried to use Draupnir's
list createcommand (which in turn calls/createRoom), their Synapse tripped up on this event authorization code and returned the following response to Draupnir.POST /_matrix/client/v3/createRoom: 403 Forbidden -- {"errcode":"M_FORBIDDEN","error":"@invited_moderator:example.com is already in the room."}This is because Draupnir sets the
inviteoption for/createRoomto["@invited_moderator:example.com"], however for some reason that we have not been able to work out (because/createRoomfailing during event authorization is particularly unhelpful) Synapse believed@invited_moderator:example.comto already be present within the room. While the system admin believes there are no bots, synapse modules, or appservices which would inject their membership into the newly created room, we cannot provide that guarantee. You should ask yourself whether it would be possible for a Synapse module, bridge or bot to inject membership events into a room before Synapse has even responded to the/createRoomrequest that is supposed to create the room. And you should then ask yourself whether it is safe or sound for a synapse module to inject events into a room before Synapse has finished processing the/createRoomrequest. Specifically because this causes the request to fail for the innocent client, rather than the clobbering performed by the synapse module or appservice to fail -- the wrong party is getting hit for playing around unsafely.I maintain that the system admin was oblivious to any synapse modules, bots, or appservices that could be causing this issue.
Steps to reproduce
These steps that could reproduce the failure mode, this is not how the failure mode was experienced, and I have not tested them and am not going to do without some persuasion.
@bob:example.com@bob:example.cominto the membership of each newly created room uponm.room.create@alice:example.com, call/createRoomwith@bob:example.comin theinviteoption.Homeserver
unknown
Synapse Version
v1.98.0
Installation Method
I don't know
Database
unknown
Workers
Single process
Platform
unknown - the version provided is accurate though.
Configuration
No response
Relevant log output
Anything else that would be useful to know?
No response
The text was updated successfully, but these errors were encountered: