events with rejected_auth_events must be rejected

[richvdh]

This might be kinda obvious, but didn't seem to be spelt out anywhere.

Preview: https://pr1137--matrix-spec-previews.netlify.app

[turt2live]

is this really a check on the auth_events or is it a check on the event being inspected?

[turt2live]

multiplied by however many times it shows up in this PR

[richvdh]

I don't understand the question. It's a check on the m.room.create event which is referred to in the auth_events of the event being inspected.

[turt2live]

shouldn't the server be using the m.room.create event from the room rather than auth_events though? It feels more understandable to move this point back up a level rather than nest it unmodified into the auth_events checks.

[richvdh]

possibly, but that seems to be a change to its meaning. Currently we have:

3. If event does not have a m.room.create in its auth_events, reject.
4. If the create event...

It's not entirely clear which create event it is talking about in 4, but given the context from 3, surely it's the one from the auth_events.

This is all related to #1136.

[richvdh]

hrrrm, actually, looking at the source to Synapse, it does appear to apply the test to the create event in the room state, so I guess that's an argument that we should make that explicit.

[richvdh]

Ok, I've updated this to make it apply to the room state, rather than the auth events.

[turt2live]

lgtm either way, but would feel better about having which state explicit.

[turt2live]

we might want to clarify which room state (at or before the event in question?), though hopefully for the create event it doesn't matter.

[turt2live]

applies to other snippets too

[richvdh]

well, it's the same state that all the other auth rules refer to. Per https://spec.matrix.org/v1.3/server-server-api/#checks-performed-on-receipt-of-a-pdu, we actually check them at three different states.

I agree all this could be clarified, but I don't think it's the job of this PR.