Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge pull request #1136 from matrix-org/erikj/fix_signed_3pid
Browse files Browse the repository at this point in the history
Allow invites via 3pid to bypass sender sig check
  • Loading branch information
erikjohnston authored Sep 22, 2016
2 parents 81964ae + f960205 commit 667fcd5
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 12 deletions.
30 changes: 25 additions & 5 deletions synapse/api/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ def check_from_context(self, event, context, do_sig_check=True):
auth_events = {
(e.type, e.state_key): e for e in auth_events.values()
}
self.check(event, auth_events=auth_events, do_sig_check=False)
self.check(event, auth_events=auth_events, do_sig_check=do_sig_check)

def check(self, event, auth_events, do_sig_check=True):
""" Checks if this event is correctly authed.
Expand All @@ -91,11 +91,28 @@ def check(self, event, auth_events, do_sig_check=True):
if not hasattr(event, "room_id"):
raise AuthError(500, "Event has no room_id: %s" % event)

sender_domain = get_domain_from_id(event.sender)
if do_sig_check:
sender_domain = get_domain_from_id(event.sender)
event_id_domain = get_domain_from_id(event.event_id)

is_invite_via_3pid = (
event.type == EventTypes.Member
and event.membership == Membership.INVITE
and "third_party_invite" in event.content
)

# Check the sender's domain has signed the event
if do_sig_check and not event.signatures.get(sender_domain):
raise AuthError(403, "Event not signed by sending server")
# Check the sender's domain has signed the event
if not event.signatures.get(sender_domain):
# We allow invites via 3pid to have a sender from a different
# HS, as the sender must match the sender of the original
# 3pid invite. This is checked further down with the
# other dedicated membership checks.
if not is_invite_via_3pid:
raise AuthError(403, "Event not signed by sender's server")

# Check the event_id's domain has signed the event
if not event.signatures.get(event_id_domain):
raise AuthError(403, "Event not signed by sending server")

if auth_events is None:
# Oh, we don't know what the state of the room was, so we
Expand Down Expand Up @@ -491,6 +508,9 @@ def _verify_third_party_invite(self, event, auth_events):
if not invite_event:
return False

if invite_event.sender != event.sender:
return False

if event.user_id != invite_event.user_id:
return False

Expand Down
15 changes: 9 additions & 6 deletions synapse/handlers/federation.py
Original file line number Diff line number Diff line change
Expand Up @@ -1922,15 +1922,18 @@ def add_display_name_to_third_party_invite(self, event_dict, event, context):
original_invite = yield self.store.get_event(
original_invite_id, allow_none=True
)
if not original_invite:
if original_invite:
display_name = original_invite.content["display_name"]
event_dict["content"]["third_party_invite"]["display_name"] = display_name
else:
logger.info(
"Could not find invite event for third_party_invite - "
"discarding: %s" % (event_dict,)
"Could not find invite event for third_party_invite: %r",
event_dict
)
return
# We don't discard here as this is not the appropriate place to do
# auth checks. If we need the invite and don't have it then the
# auth check code will explode appropriately.

display_name = original_invite.content["display_name"]
event_dict["content"]["third_party_invite"]["display_name"] = display_name
builder = self.event_builder_factory.new(event_dict)
EventValidator().validate_new(builder)
message_handler = self.hs.get_handlers().message_handler
Expand Down
2 changes: 1 addition & 1 deletion synapse/types.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ def get_domain_from_id(string):
try:
return string.split(":", 1)[1]
except IndexError:
raise SynapseError(400, "Invalid ID: %r", string)
raise SynapseError(400, "Invalid ID: %r" % (string,))


class DomainSpecificString(
Expand Down

0 comments on commit 667fcd5

Please sign in to comment.