Enforce MSC2209: auth rules for notifications in power level event (#7502)

In a new room version, the "notifications" key of power level events are subject to restricted auth rules.

Enforce MSC2209: auth rules for notifications in power level event (#7502)
fef3ff5c · Patrick Cloke · GitHub · 56116445 · fef3ff5c · fef3ff5c
Unverified Commit fef3ff5c authored 4 years ago by Patrick Cloke Committed by GitHub 4 years ago
--- a/changelog.d/7502.feature
+++ b/changelog.d/7502.feature
+Add additional authentication checks for m.room.power_levels event per [MSC2209](https://github.com/matrix-org/matrix-doc/pull/2209).
--- a/synapse/api/room_versions.py
+++ b/synapse/api/room_versions.py
@@ -58,7 +58,11 @@ class RoomVersion(object):
    enforce_key_validity = attr.ib()  # bool
    # bool: before MSC2261/MSC2432, m.room.aliases had special auth rules and redaction rules
-    special_case_aliases_auth = attr.ib(type=bool, default=False)
+    special_case_aliases_auth = attr.ib(type=bool)
+    # bool: MSC2209: Check 'notifications' key while verifying
+    # m.room.power_levels auth rules.
+    limit_notifications_power_levels = attr.ib(type=bool)
 class RoomVersions(object):
@@ -69,6 +73,7 @@ class RoomVersions(object):
        StateResolutionVersions.V1,
        enforce_key_validity=False,
        special_case_aliases_auth=True,
+        limit_notifications_power_levels=False,
    )
    V2 = RoomVersion(
        "2",
@@ -77,6 +82,7 @@ class RoomVersions(object):
        StateResolutionVersions.V2,
        enforce_key_validity=False,
        special_case_aliases_auth=True,
+        limit_notifications_power_levels=False,
    )
    V3 = RoomVersion(
        "3",
@@ -85,6 +91,7 @@ class RoomVersions(object):
        StateResolutionVersions.V2,
        enforce_key_validity=False,
        special_case_aliases_auth=True,
+        limit_notifications_power_levels=False,
    )
    V4 = RoomVersion(
        "4",
@@ -93,6 +100,7 @@ class RoomVersions(object):
        StateResolutionVersions.V2,
        enforce_key_validity=False,
        special_case_aliases_auth=True,
+        limit_notifications_power_levels=False,
    )
    V5 = RoomVersion(
        "5",
@@ -101,6 +109,7 @@ class RoomVersions(object):
        StateResolutionVersions.V2,
        enforce_key_validity=True,
        special_case_aliases_auth=True,
+        limit_notifications_power_levels=False,
    )
    MSC2432_DEV = RoomVersion(
        "org.matrix.msc2432",
@@ -109,6 +118,16 @@ class RoomVersions(object):
        StateResolutionVersions.V2,
        enforce_key_validity=True,
        special_case_aliases_auth=False,
+        limit_notifications_power_levels=False,
+    )
+    MSC2209_DEV = RoomVersion(
+        "org.matrix.msc2209",
+        RoomDisposition.UNSTABLE,
+        EventFormatVersions.V3,
+        StateResolutionVersions.V2,
+        enforce_key_validity=True,
+        special_case_aliases_auth=True,
+        limit_notifications_power_levels=True,
    )
@@ -121,5 +140,6 @@ KNOWN_ROOM_VERSIONS = {
        RoomVersions.V4,
        RoomVersions.V5,
        RoomVersions.MSC2432_DEV,
+        RoomVersions.MSC2209_DEV,
    )
 }  # type: Dict[str, RoomVersion]
--- a/synapse/event_auth.py
+++ b/synapse/event_auth.py
@@ -181,7 +181,7 @@ def check(
    _can_send_event(event, auth_events)
    if event.type == EventTypes.PowerLevels:
-        _check_power_levels(event, auth_events)
+        _check_power_levels(room_version_obj, event, auth_events)
    if event.type == EventTypes.Redaction:
        check_redaction(room_version_obj, event, auth_events)
@@ -442,7 +442,7 @@ def check_redaction(room_version_obj: RoomVersion, event, auth_events):
    raise AuthError(403, "You don't have permission to redact events")
-def _check_power_levels(event, auth_events):
+def _check_power_levels(room_version_obj, event, auth_events):
    user_list = event.content.get("users", {})
    # Validate users
    for k, v in user_list.items():
@@ -484,6 +484,14 @@ def _check_power_levels(event, auth_events):
    for ev_id in set(list(old_list) + list(new_list)):
        levels_to_check.append((ev_id, "events"))
+    # MSC2209 specifies these checks should also be done for the "notifications"
+    # key.
+    if room_version_obj.limit_notifications_power_levels:
+        old_list = current_state.content.get("notifications", {})
+        new_list = event.content.get("notifications", {})
+        for ev_id in set(list(old_list) + list(new_list)):
+            levels_to_check.append((ev_id, "notifications"))
    old_state = current_state.content
    new_state = event.content

--- a/tests/test_event_auth.py
+++ b/tests/test_event_auth.py
@@ -165,6 +165,39 @@ class EventAuthTestCase(unittest.TestCase):
                do_sig_check=False,
            )
+    def test_msc2209(self):
+        """
+        Notifications power levels get checked due to MSC2209.
+        """
+        creator = "@creator:example.com"
+        pleb = "@joiner:example.com"
+        auth_events = {
+            ("m.room.create", ""): _create_event(creator),
+            ("m.room.member", creator): _join_event(creator),
+            ("m.room.power_levels", ""): _power_levels_event(
+                creator, {"state_default": "30", "users": {pleb: "30"}}
+            ),
+            ("m.room.member", pleb): _join_event(pleb),
+        }
+        # pleb should be able to modify the notifications power level.
+        event_auth.check(
+            RoomVersions.V1,
+            _power_levels_event(pleb, {"notifications": {"room": 100}}),
+            auth_events,
+            do_sig_check=False,
+        )
+        # But an MSC2209 room rejects this change.
+        with self.assertRaises(AuthError):
+            event_auth.check(
+                RoomVersions.MSC2209_DEV,
+                _power_levels_event(pleb, {"notifications": {"room": 100}}),
+                auth_events,
+                do_sig_check=False,
+            )
 # helpers for making events