This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
e2e: ensure we have both master and self-signing key #8455
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TheJJ
force-pushed
the
federation-fetch-crossigning-keypair
branch
2 times, most recently
from
ce77914
to
e038e9e
Compare
|
Ah, I should explain more why I think this patch helps: I'm not sure if this is the correct solution to the problem, but you'll have to guide me there :) |
TheJJ
force-pushed
the
federation-fetch-crossigning-keypair
branch
from
e038e9e
to
88f38a3
Compare
|
All checks are passing now, please advice if this key syncing method is correct, or if I should fix it another way! |
|
Looks reasonable. Regarding #8455 (comment) I would guess that it's because if we have neither key, then we assume that the user doesn't have cross-signing set up at all. But it may be worthwhile to check anyways. |
TheJJ
force-pushed
the
federation-fetch-crossigning-keypair
branch
from
88f38a3
to
9cbcb6c
Compare
|
Ok, it will now always handle a user as "not cached" when any of master or self-signing key is not cached. If no crossigningkeys are there by intention, federation will always be queried. Not sure if this is a good behavior? :) Apart from this patch, maybe we should investigate how my original problem arised, i.e. that only the master key is cached, but not the self-signing key. |
|
@TheJJ Looks like this is failing some tests, I suspect it is from this branch since it is related to device keys. |
TheJJ
force-pushed
the
federation-fetch-crossigning-keypair
branch
from
9cbcb6c
to
ba96f03
Compare
|
I don't think it's related since the test failure is about device display names, which I didn't touch. I've rebased the branch to current develop, let's see. |
it seems to be possible that only one of them ends up to be cached. when this was the case, the missing one was not fetched via federation, and clients then failed to validate cross-signed devices. Signed-off-by: Jonas Jelten <jj@sft.lol>
TheJJ
force-pushed
the
federation-fetch-crossigning-keypair
branch
from
ba96f03
to
e9097e5
Compare
|
Ok, you were right, my change broke the test. It works if I check for (has master key xor has self signing key). If we check for any of master/self signing key is missing, the test fails. I guess the test fails since all non-crossigning-devices tests will issue a federation request, which is unexpected. |
TheJJ
force-pushed
the
federation-fetch-crossigning-keypair
branch
2 times, most recently
from
820c80d
to
e3e5c23
Compare
|
Ok, I've updated the comment, and all tests are passing. |
|
anything else missing? |
|
I rebased because some unrelated tests were failling again. The changes after the review: diff --git a/synapse/handlers/e2e_keys.py b/synapse/handlers/e2e_keys.py
index 5d1e0d2d6..929752150 100644
--- a/synapse/handlers/e2e_keys.py
+++ b/synapse/handlers/e2e_keys.py
@@ -167,10 +167,12 @@ class E2eKeysHandler:
user_id in cross_signing_keys["self_signing_keys"]
)
- # check if only one of the cross-signing master and
- # self-signing key are cached.
- # for each user we want the master _and_ the self-signing key,
- # so we fetch those keys from federation
+ # check if we are missing only one of cross-signing master or
+ # self-signing key, but the other one is cached.
+ # as we need both, this will issue a federation request.
+ # if we don't have any of the keys, either the user doesn't have
+ # cross-signing set up, or the cached device list
+ # is not (yet) updated.
if cached_cross_master ^ cached_cross_selfsigning:
user_ids_not_in_cache.add(user_id) |
|
Unfortunately I have no way to confirm what you are telling me without a lot of git-fu. Could you undo the force-push and add the patch as a separate commit, please? Feel free to merge |
…rossigning-keypair
TheJJ
force-pushed
the
federation-fetch-crossigning-keypair
branch
from
e3e5c23
to
198e787
Compare
|
That's why I linked the commit hashes to the github ui, but ok well. Do we rebase to have clean patches after things are approved? |
you linked to a massive diff, https://github.com/matrix-org/synapse/compare/e9097e5..e3e5c23? Please don't rebase. We will squash the branch into a single commit when merging. |
|
yay! nice :) |
|
thank you :) |
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Nov 18, 2020
Synapse 1.23.0 (2020-11-18) =========================== This release changes the way structured logging is configured. See the [upgrade notes](UPGRADE.rst#upgrading-to-v1230) for details. **Note**: We are aware of a trivially exploitable denial of service vulnerability in versions of Synapse prior to 1.20.0. Complete details will be disclosed on Monday, November 23rd. If you have not upgraded recently, please do so. Bugfixes -------- - Fix a dependency versioning bug in the Dockerfile that prevented Synapse from starting. ([\#8767](matrix-org/synapse#8767)) Synapse 1.23.0rc1 (2020-11-13) ============================== Features -------- - Add a push rule that highlights when a jitsi conference is created in a room. ([\#8286](matrix-org/synapse#8286)) - Add an admin api to delete a single file or files that were not used for a defined time from server. Contributed by @dklimpel. ([\#8519](matrix-org/synapse#8519)) - Split admin API for reported events (`GET /_synapse/admin/v1/event_reports`) into detail and list endpoints. This is a breaking change to #8217 which was introduced in Synapse v1.21.0. Those who already use this API should check their scripts. Contributed by @dklimpel. ([\#8539](matrix-org/synapse#8539)) - Support generating structured logs via the standard logging configuration. ([\#8607](matrix-org/synapse#8607), [\#8685](matrix-org/synapse#8685)) - Add an admin API to allow server admins to list users' pushers. Contributed by @dklimpel. ([\#8610](matrix-org/synapse#8610), [\#8689](matrix-org/synapse#8689)) - Add an admin API `GET /_synapse/admin/v1/users/<user_id>/media` to get information about uploaded media. Contributed by @dklimpel. ([\#8647](matrix-org/synapse#8647)) - Add an admin API for local user media statistics. Contributed by @dklimpel. ([\#8700](matrix-org/synapse#8700)) - Add `displayname` to Shared-Secret Registration for admins. ([\#8722](matrix-org/synapse#8722)) Bugfixes -------- - Fix fetching of E2E cross signing keys over federation when only one of the master key and device signing key is cached already. ([\#8455](matrix-org/synapse#8455)) - Fix a bug where Synapse would blindly forward bad responses from federation to clients when retrieving profile information. ([\#8580](matrix-org/synapse#8580)) - Fix a bug where the account validity endpoint would silently fail if the user ID did not have an expiration time. It now returns a 400 error. ([\#8620](matrix-org/synapse#8620)) - Fix email notifications for invites without local state. ([\#8627](matrix-org/synapse#8627)) - Fix handling of invalid group IDs to return a 400 rather than log an exception and return a 500. ([\#8628](matrix-org/synapse#8628)) - Fix handling of User-Agent headers that are invalid UTF-8, which caused user agents of users to not get correctly recorded. ([\#8632](matrix-org/synapse#8632)) - Fix a bug in the `joined_rooms` admin API if the user has never joined any rooms. The bug was introduced, along with the API, in v1.21.0. ([\#8643](matrix-org/synapse#8643)) - Fix exception during handling multiple concurrent requests for remote media when using multiple media repositories. ([\#8682](matrix-org/synapse#8682)) - Fix bug that prevented Synapse from recovering after losing connection to the database. ([\#8726](matrix-org/synapse#8726)) - Fix bug where the `/_synapse/admin/v1/send_server_notice` API could send notices to non-notice rooms. ([\#8728](matrix-org/synapse#8728)) - Fix PostgreSQL port script fails when DB has no backfilled events. Broke in v1.21.0. ([\#8729](matrix-org/synapse#8729)) - Fix PostgreSQL port script to correctly handle foreign key constraints. Broke in v1.21.0. ([\#8730](matrix-org/synapse#8730)) - Fix PostgreSQL port script so that it can be run again after a failure. Broke in v1.21.0. ([\#8755](matrix-org/synapse#8755)) Improved Documentation ---------------------- - Instructions for Azure AD in the OpenID Connect documentation. Contributed by peterk. ([\#8582](matrix-org/synapse#8582)) - Improve the sample configuration for single sign-on providers. ([\#8635](matrix-org/synapse#8635)) - Fix the filepath of Dex's example config and the link to Dex's Getting Started guide in the OpenID Connect docs. ([\#8657](matrix-org/synapse#8657)) - Note support for Python 3.9. ([\#8665](matrix-org/synapse#8665)) - Minor updates to docs on running tests. ([\#8666](matrix-org/synapse#8666)) - Interlink prometheus/grafana documentation. ([\#8667](matrix-org/synapse#8667)) - Notes on SSO logins and media_repository worker. ([\#8701](matrix-org/synapse#8701)) - Document experimental support for running multiple event persisters. ([\#8706](matrix-org/synapse#8706)) - Add information regarding the various sources of, and expected contributions to, Synapse's documentation to `CONTRIBUTING.md`. ([\#8714](matrix-org/synapse#8714)) - Migrate documentation `docs/admin_api/event_reports` to markdown. ([\#8742](matrix-org/synapse#8742)) - Add some helpful hints to the README for new Synapse developers. Contributed by @chagai95. ([\#8746](matrix-org/synapse#8746)) Internal Changes ---------------- - Optimise `/createRoom` with multiple invited users. ([\#8559](matrix-org/synapse#8559)) - Implement and use an `@lru_cache` decorator. ([\#8595](matrix-org/synapse#8595)) - Don't instansiate Requester directly. ([\#8614](matrix-org/synapse#8614)) - Type hints for `RegistrationStore`. ([\#8615](matrix-org/synapse#8615)) - Change schema to support access tokens belonging to one user but granting access to another. ([\#8616](matrix-org/synapse#8616)) - Remove unused OPTIONS handlers. ([\#8621](matrix-org/synapse#8621)) - Run `mypy` as part of the lint.sh script. ([\#8633](matrix-org/synapse#8633)) - Correct Synapse's PyPI package name in the OpenID Connect installation instructions. ([\#8634](matrix-org/synapse#8634)) - Catch exceptions during initialization of `password_providers`. Contributed by Nicolai Søborg. ([\#8636](matrix-org/synapse#8636)) - Fix typos and spelling errors in the code. ([\#8639](matrix-org/synapse#8639)) - Reduce number of OpenTracing spans started. ([\#8640](matrix-org/synapse#8640), [\#8668](matrix-org/synapse#8668), [\#8670](matrix-org/synapse#8670)) - Add field `total` to device list in admin API. ([\#8644](matrix-org/synapse#8644)) - Add more type hints to the application services code. ([\#8655](matrix-org/synapse#8655), [\#8693](matrix-org/synapse#8693)) - Tell Black to format code for Python 3.5. ([\#8664](matrix-org/synapse#8664)) - Don't pull event from DB when handling replication traffic. ([\#8669](matrix-org/synapse#8669)) - Abstract some invite-related code in preparation for landing knocking. ([\#8671](matrix-org/synapse#8671), [\#8688](matrix-org/synapse#8688)) - Clarify representation of events in logfiles. ([\#8679](matrix-org/synapse#8679)) - Don't require `hiredis` package to be installed to run unit tests. ([\#8680](matrix-org/synapse#8680)) - Fix typing info on cache call signature to accept `on_invalidate`. ([\#8684](matrix-org/synapse#8684)) - Fail tests if they do not await coroutines. ([\#8690](matrix-org/synapse#8690)) - Improve start time by adding an index to `e2e_cross_signing_keys.stream_id`. ([\#8694](matrix-org/synapse#8694)) - Re-organize the structured logging code to separate the TCP transport handling from the JSON formatting. ([\#8697](matrix-org/synapse#8697)) - Use Python 3.8 in Docker images by default. ([\#8698](matrix-org/synapse#8698)) - Remove the "draft" status of the Room Details Admin API. ([\#8702](matrix-org/synapse#8702)) - Improve the error returned when a non-string displayname or avatar_url is used when updating a user's profile. ([\#8705](matrix-org/synapse#8705)) - Block attempts by clients to send server ACLs, or redactions of server ACLs, that would result in the local server being blocked from the room. ([\#8708](matrix-org/synapse#8708)) - Add metrics the allow the local sysadmin to track 3PID `/requestToken` requests. ([\#8712](matrix-org/synapse#8712)) - Consolidate duplicated lists of purged tables that are checked in tests. ([\#8713](matrix-org/synapse#8713)) - Add some `mdui:UIInfo` element examples for `saml2_config` in the homeserver config. ([\#8718](matrix-org/synapse#8718)) - Improve the error message returned when a remote server incorrectly sets the `Content-Type` header in response to a JSON request. ([\#8719](matrix-org/synapse#8719)) - Speed up repeated state resolutions on the same room by caching event ID to auth event ID lookups. ([\#8752](matrix-org/synapse#8752)) Synapse 1.22.1 (2020-10-30) =========================== Bugfixes -------- - Fix a bug where an appservice may not be forwarded events for a room it was recently invited to. Broke in v1.22.0. ([\#8676](matrix-org/synapse#8676)) - Fix `Object of type frozendict is not JSON serializable` exceptions when using third-party event rules. Broke in v1.22.0. ([\#8678](matrix-org/synapse#8678))
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
it seems to be possible that only one of them ends up to be cached.
when this was the case, the missing one was not fetched via federation,
and clients then failed to validate cross-signed devices.