Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add m.federate into the auth rules #1103

Merged
merged 4 commits into from
Jun 14, 2022
Merged

Add m.federate into the auth rules #1103

merged 4 commits into from
Jun 14, 2022

Conversation

neilalexander
Copy link
Contributor

@neilalexander neilalexander commented May 31, 2022
edited by github-actions bot
Loading

This is apparently something that we've been doing since the beginning of time in both Synapse and Dendrite and somehow it never made it into the spec.

There's a discussion point here though, as Synapse and Dendrite are doing very slightly different things. Synapse compares the event sender domain to the domain part of the room_id in the create event, whereas Dendrite compares to the domain part of the sender in the create event.

Happy to take advice on whether we think it's better to spec sender vs sender (on the basis that the domain should never have been different to the one in the room ID anyway) or whether we want to spec sender vs room_id (on the basis of being exactly what Synapse does).

Preview: https://pr1103--matrix-spec-previews.netlify.app

@neilalexander neilalexander requested a review from a team as a code owner May 31, 2022 08:43
@turt2live turt2live self-requested a review May 31, 2022 14:16
turt2live
turt2live approved these changes May 31, 2022
View reviewed changes
Copy link
Member

@turt2live turt2live left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally lgtm.

I don't think we need to worry too much about sender vs room_id or vs sender of the create event because the auth rules also state:

  1. If type is m.room.create:
    1. [...]
    2. If the domain of the room_id does not match the domain of the sender, reject.

effectively: if you compare to either, you're covered by another rule. For the spec though, let's do what Synapse does as it further implies that an unfederated room is "on" the given server, rather than being implied through other auth rules.

changelogs/room_versions/newsfragments/1103.clarification Outdated
@@ -0,0 +1 @@
Auth rules: Clarify behaviour around the `m.federate` field in `m.room.create` events.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Auth rules: Clarify behaviour around the `m.federate` field in `m.room.create` events.
For all room versions: Add `m.federate` to the authorization rules, as originally intended.

changelogs/room_versions/newsfragments/1103.clarification Outdated
@@ -0,0 +1 @@
Auth rules: Clarify behaviour around the `m.federate` field in `m.room.create` events.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this PR will also need adapting for v10 if we expect it to be included in Matrix 1.3 (otherwise it'll still need adapting, but with less urgency)

richvdh
richvdh requested changes Jun 14, 2022
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm but please add it to https://github.com/matrix-org/matrix-spec/blob/main/content/rooms/v10.md too (sorry!)

@neilalexander
Copy link
Contributor Author

@richvdh Done!

richvdh
richvdh approved these changes Jun 14, 2022
View reviewed changes
Copy link
Member

@richvdh richvdh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks!

@richvdh richvdh merged commit 1a994f6 into matrix-org:main Jun 14, 2022
richvdh
richvdh reviewed Jun 15, 2022
View reviewed changes
content/rooms/fragments/v1-auth-rules.md
Comment on lines +37 to +39
4. If the create event content has the field `m.federate` set to `false`
and the sender domain of the event does not match the sender domain of
the create event, reject.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

belatedly, a thought occurs to me: this is unclear about which create event we are talking about here. Do we mean the create event in the auth events (as mentioned on the line above), or the create event in the state at that point in the DAG (which is what the rest of the auth rules use).

I mean, if the two are different, we have a problem too, but we should really be explicit here.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see also #1048

This was referenced Jun 17, 2022
Closed
Closed
Merged
@S7evinK S7evinK mentioned this pull request Sep 29, 2023
Open
16 tasks
@matrixbot matrixbot mentioned this pull request Nov 1, 2024
Open
16 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richvdh richvdh richvdh approved these changes

@turt2live turt2live turt2live approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@neilalexander @turt2live @richvdh