Check *all* auth events for room id and rejection (#11009)
This fixes a bug where we would accept an event whose `auth_events` include rejected events, if the rejected event was shadowed by another `auth_event` with same `(type, state_key)`. The approach is to pass a list of auth events into `check_auth_rules_for_event` instead of a dict, which of course means updating the call sites. This is an extension of #10956.
Showing
- changelog.d/11009.bugfix 1 addition, 0 deletionschangelog.d/11009.bugfix
- synapse/event_auth.py 15 additions, 18 deletionssynapse/event_auth.py
- synapse/handlers/event_auth.py 1 addition, 2 deletionssynapse/handlers/event_auth.py
- synapse/handlers/federation.py 4 additions, 6 deletionssynapse/handlers/federation.py
- synapse/handlers/federation_event.py 8 additions, 8 deletionssynapse/handlers/federation_event.py
- synapse/state/v1.py 2 additions, 2 deletionssynapse/state/v1.py
- synapse/state/v2.py 1 addition, 1 deletionsynapse/state/v2.py
- tests/test_event_auth.py 90 additions, 48 deletionstests/test_event_auth.py
Loading
Please register or sign in to comment