Return stripped m.space.child events via the space summary. (#10760)

The full event content cannot be trusted from this API (as no auth chain, etc.) is processed over federation. Returning the full event content was a bug as MSC2946 specifies that only the stripped state should be returned. This also avoids calculating aggregations / annotations which go unused.
2021-09-07 08:43:54 -04:00 · 2021-09-07 08:43:54 -04:00 · a23f3abb9b
parent f30c9745ab
commit a23f3abb9b
2 changed files with 13 additions and 14 deletions
--- a/changelog.d/10760.bugfix
+++ b/changelog.d/10760.bugfix
@ -0,0 +1 @@
+Only return the stripped state events for the `m.space.child` events in a room for the spaces summary from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946).
--- a/synapse/handlers/room_summary.py
+++ b/synapse/handlers/room_summary.py
@ -37,7 +37,6 @@ from synapse.api.errors import (
    UnsupportedRoomVersionError,
 )
 from synapse.events import EventBase
-from synapse.events.utils import format_event_for_client_v2
 from synapse.types import JsonDict
 from synapse.util.caches.response_cache import ResponseCache

@ -89,7 +88,6 @@ class RoomSummaryHandler:
    _PAGINATION_SESSION_VALIDITY_PERIOD_MS = 5 * 60 * 1000

    def __init__(self, hs: "HomeServer"):
-        self._clock = hs.get_clock()
        self._event_auth_handler = hs.get_event_auth_handler()
        self._store = hs.get_datastore()
        self._event_serializer = hs.get_event_client_serializer()
@ -648,18 +646,18 @@ class RoomSummaryHandler:
        if max_children is None or max_children > MAX_ROOMS_PER_SPACE:
            max_children = MAX_ROOMS_PER_SPACE

-        now = self._clock.time_msec()
-        events_result: List[JsonDict] = []
-        for edge_event in itertools.islice(child_events, max_children):
-            events_result.append(
-                await self._event_serializer.serialize_event(
-                    edge_event,
-                    time_now=now,
-                    event_format=format_event_for_client_v2,
-                )
-            )
-
-        return _RoomEntry(room_id, room_entry, events_result)
+        stripped_events: List[JsonDict] = [
+            {
+                "type": e.type,
+                "state_key": e.state_key,
+                "content": e.content,
+                "room_id": e.room_id,
+                "sender": e.sender,
+                "origin_server_ts": e.origin_server_ts,
+            }
+            for e in itertools.islice(child_events, max_children)
+        ]
+        return _RoomEntry(room_id, room_entry, stripped_events)

    async def _summarize_remote_room(
        self,
				`@ -0,0 +1 @@`
				Only return the stripped state events for the `m.space.child` events in a room for the spaces summary from [MSC2946](https://github.com/matrix-org/matrix-doc/pull/2946).