Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify when an event is returned from /send_join. #1840

Merged
merged 3 commits into from
Jun 11, 2024
Merged

Clarify when an event is returned from /send_join. #1840

merged 3 commits into from
Jun 11, 2024

Conversation

clokep
Copy link
Contributor

@clokep clokep commented Jun 5, 2024
edited by github-actions bot
Loading

@clokep clokep marked this pull request as ready for review June 5, 2024 00:16
@clokep clokep requested a review from a team as a code owner June 5, 2024 00:16
@clokep clokep requested a review from richvdh June 5, 2024 00:17
@clokep clokep mentioned this pull request Jun 5, 2024
Closed
Kladki
Kladki reviewed Jun 5, 2024
View reviewed changes
data/api/server-server/joins-v2.yaml Outdated
field. The signed copy of the membership event sent to other servers by the resident server,
including the resident server's signature.
The signed copy of the membership event sent to other servers by the resident server.
Required if the event is signed by the resident server.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So as the sender of the /send_join request, should we still ensure that the signed event is present when performing a restricted join, as it must be signed in this case?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by present? Present when you get the room state?

As the joining server I think the important things to do are:

  1. Verify the signatures as with any event.
  2. Ensure this copy of the event is persisted locally and not the copy that was used to make the /send_join call.

I'd have to double check what synapse does to see if there's anything else though.

Copy link
Contributor

@Kladki Kladki Jun 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean by present?

The signed event being returned in the event field of the response.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The signature needs to be checked (as is in the auth rules), Synapse does this @ https://github.com/matrix-org/synapse/blob/23740eaa3da94fbe2e25180376961979fc4e8cd3/synapse/federation/federation_base.py#L238-L259.

I'm still unsure if that's your question or not though.

@richvdh richvdh mentioned this pull request Jun 5, 2024
Merged
3 tasks
richvdh
richvdh requested changes Jun 5, 2024
View reviewed changes
data/api/server-server/joins-v2.yaml Outdated
field. The signed copy of the membership event sent to other servers by the resident server,
including the resident server's signature.
The signed copy of the membership event sent to other servers by the resident server.
Required if the event is signed by the resident server.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hrm. I think we need to clarify this a bit more. It just begs the question, "so when should the event be signed by the resident server".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would linking back to restricted joins be enough?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I took another attempt at this, let me know what you think.

@clokep clokep requested a review from richvdh June 10, 2024 14:47
richvdh
richvdh approved these changes Jun 11, 2024
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@clokep clokep merged commit a7a7ead into matrix-org:main Jun 11, 2024
12 checks passed
@clokep clokep deleted the clokep/send-join-event branch June 11, 2024 17:02
@zecakeh zecakeh mentioned this pull request Jun 20, 2024
Open
53 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kladki Kladki Kladki left review comments

@richvdh richvdh richvdh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clarify that join events only need to be signed by resident servers if using join_authorised_via_users_server
3 participants
@clokep @richvdh @Kladki