OpenCloud
/
MatrixSynapse
mirror of https://github.com/matrix-org/synapse
1
0
Fork 0
Code Issues Releases Wiki Activity
MatrixSynapse/synapse/handlers
History
Sean Quah 4f4f27e57f
Mitigate a race where /make_join could 403 for restricted rooms (#15080) 
Previously, when creating a join event in /make_join, we would decide
whether to include additional fields to satisfy restricted room checks
based on the current state of the room. Then, when building the event,
we would capture the forward extremities of the room to use as prev
events.

This is subject to race conditions. For example, when leaving and
rejoining a room, the following sequence of events leads to a misleading
403 response:
1. /make_join reads the current state of the room and sees that the user
   is still in the room. It decides to omit the field required for
   restricted room joins.
2. The leave event is persisted and the room's forward extremities are
   updated.
3. /make_join builds the event, using the post-leave forward extremities.
   The event then fails the restricted room checks.

To mitigate the race, we move the read of the forward extremities closer
to the read of the current state. Ideally, we would compute the state
based off the chosen prev events, but that can involve state resolution,
which is expensive.

Signed-off-by: Sean Quah <seanq@matrix.org>
 		2023-02-17 09:40:32 +00:00
..
ui_auth Use mypy 1.0 (#15052) 2023-02-16 16:09:11 +00:00
__init__.py Remove redundant "coding: utf-8" lines (#9786) 2021-04-14 15:34:27 +01:00
account.py Optionally include account validity in MSC3720 account status responses (#12266) 2022-03-24 11:19:41 +01:00
account_data.py Avoid fetching unused account data in sync. (#14973) 2023-02-10 14:22:16 +00:00
account_validity.py Implement cancellation support/protection for module callbacks (#12568) 2022-05-09 12:31:14 +01:00
admin.py Add more user information to export-data command. (#14894) 2023-02-01 15:45:19 +00:00
appservice.py Improve logging and opentracing for to-device message handling (#14598) 2022-12-06 09:52:55 +00:00
auth.py Use mypy 1.0 (#15052) 2023-02-16 16:09:11 +00:00
cas.py Fix twisted trunk mypy errors (#14012) 2022-10-03 13:26:49 +00:00
deactivate_account.py Refactor arguments of `try_unbind_threepid(_with_id_server)` from dict to separate args (#15053) 2023-02-13 12:12:48 +00:00
device.py Faster joins: Refactor handling of servers in room (#14954) 2023-02-03 15:39:59 +00:00
devicemessage.py Batch up replication requests to request the resyncing of remote users's devices. (#14716) 2023-01-10 11:17:59 +00:00
directory.py Return read-only collections from `@cached` methods (#13755) 2023-02-10 23:29:00 +00:00
e2e_keys.py Refactor get_user_devices_from_cache to avoid mutating cached values. (#15040) 2023-02-10 08:09:47 -05:00
e2e_room_keys.py Remove redundant types from comments. (#14412) 2022-11-16 15:25:24 +00:00
event_auth.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
events.py Directly lookup local membership instead of getting all members in a room first (`get_users_in_room` mis-use) (#13608) 2022-08-24 14:13:12 -05:00
federation.py Mitigate a race where /make_join could 403 for restricted rooms (#15080) 2023-02-17 09:40:32 +00:00
federation_event.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
identity.py Refactor arguments of `try_unbind_threepid(_with_id_server)` from dict to separate args (#15053) 2023-02-13 12:12:48 +00:00
initial_sync.py Avoid fetching unused account data in sync. (#14973) 2023-02-10 14:22:16 +00:00
message.py Update the error code for duplicate annotation (#15075) 2023-02-15 11:47:57 +00:00
oidc.py Support RFC7636 PKCE in the OAuth 2.0 flow. (#14750) 2023-01-04 14:58:08 -05:00
pagination.py Use an enum for direction. (#14927) 2023-01-27 07:27:55 -05:00
password_policy.py Use direct references for some configuration variables (part 3) (#10885) 2021-09-23 07:13:34 -04:00
presence.py Fix a bug in the send_local_online_presence_to module API (#14880) 2023-01-25 21:34:37 +00:00
profile.py fix broken avatar checks when server_name contains a port (#13927) 2022-10-26 15:51:23 +01:00
push_rules.py Port the push rule classes to Rust. (#13768) 2022-09-20 12:10:31 +01:00
read_marker.py Refactor and convert `Linearizer` to async (#12357) 2022-04-05 15:43:52 +01:00
receipts.py Return read-only collections from `@cached` methods (#13755) 2023-02-10 23:29:00 +00:00
register.py Move `StateFilter` to `synapse.types` (#14668) 2022-12-12 16:19:30 +00:00
relations.py Use an enum for direction. (#14927) 2023-01-27 07:27:55 -05:00
room.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
room_batch.py Make `handle_new_client_event` throws `PartialStateConflictError` (#14665) 2022-12-15 16:04:23 +00:00
room_list.py Use stable prefixes for MSC3827: filtering of `/publicRooms` by room type (#13370) 2022-07-27 19:46:57 +01:00
room_member.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
room_member_worker.py Faster joins: don't stall when a user joins during a fast join (#14606) 2023-02-10 23:31:05 +00:00
room_summary.py Tweak comment on `_is_local_room_accessible` as part of room visibility in `/hierarchy` to clarify the condition for a room being visible. (#14834) 2023-02-13 16:30:58 +00:00
saml.py Remove redundant types from comments. (#14412) 2022-11-16 15:25:24 +00:00
search.py Use StrCollection in place of Collection[str] in (most) handlers code. (#14922) 2023-01-26 12:31:58 -05:00
send_email.py Discourage automatic replies to Synapse's emails (#13957) 2022-09-30 13:23:37 +00:00
set_password.py Add a type hint for `get_device_handler()` and fix incorrect types. (#14055) 2022-11-22 14:08:04 -05:00
sso.py Use StrCollection in place of Collection[str] in (most) handlers code. (#14922) 2023-01-26 12:31:58 -05:00
state_deltas.py Remove `HomeServer.get_datastore()` (#12031) 2022-02-23 11:04:02 +00:00
stats.py Implement MSC3827: Filtering of `/publicRooms` by room type (#13031) 2022-06-29 17:12:45 +00:00
sync.py Faster joins: Omit device list updates from partial state rooms in /sync (#15069) 2023-02-14 12:32:19 +00:00
typing.py Better return type for `get_all_entities_changed` (#14604) 2022-12-05 15:19:14 -05:00
user_directory.py Clarifications in user directory for users who share rooms tracking (#13966) 2022-09-30 14:40:18 -05:00